Why do I need Powershell Desired State Configuration ?
Benefits of Desired State Configuration
Powershell Desired State Configuration (DSC) is a platform that provides :
- Declarative and idempotent (repeatable) deployment,
- Configuration conformance.
- Configuration versioning.
The powershell DSC platform enables you to ensure that the components of your data center have the correct configuration, which avoids errors and prevents costly deployment failures.
By treating configurations as part of application code, and not as separate configuration structures in Group Policies anymore, Powershell DSC enables continuous deployment, and configuration stability from development to production. The Powershell DSC configuration should be updated as a part of the application, ensuring that the knowledge needed to deploy the application is always up-to-date and ready to be used.
For IT managers
For system administrators
Powershell DSC decrease the complexity of scripting in Windows, making the code sustainable on thelong term by a lower skilled team. It also increase the speed of iteration and enables easier quality control of the deployments.
Powershell DSC vs Powershell scripting
Powershell DSC configurations separate intent, or “what I want to do”, from execution, or “how I want to do it." This means that the logic of execution is contained within the resources. Users do not have to know how to implement or deploy a feature when a Powershell DSC resource for that feature is available. This allows the user to focus on the structure of their deployment to comply with business needs rather than on scripting.
First example - Active Directory user creation
Powershell scripting
$Name = "jsmith"
$Password = “AccountPassword”
$User = Get-ADUser -Filter {sAMAccountName -eq $Name}
If ($User -eq $Null) {
New-ADUser -Name “Phil Gibbins” `
-GivenName Phil -Surname Gibbins `
-SamAccountName $Name
-AccountPassword (Read-Host -AsSecureString $Password) `
-PassThru | Enable-ADAccount
}
Else {
"User already exists"
}
Powershell Desired State Configuration
$Name = "jsmith"
$Password = “AccountPassword”
xADUser FirstUser
{
DomainName = "contoso.com"
UserName = $Name
Password = $Password
Ensure = "Present"
}
DSC module idempotency removes the need of the check before creating the account. The code is easier to understand and focuses on desired final state
Second example - File share configuration
Powershell scripting
$shareExists = $false
$smbShare = Get-SmbShare -Name $Name -ErrorAction SilentlyContinue
if($smbShare -ne $null)
{
Write-Verbose -Message "Share with name $Name exists"
$shareExists = $true
}
if ($shareExists -eq $false)
{
Write-Verbose "Creating share $Name to ensure it is Present"
New-SmbShare @psboundparameters
}
else
{
# Need to call either Set-SmbShare or *ShareAccess cmdlets
if ($psboundparameters.ContainsKey("ChangeAccess"))
{
#...etc, etc, etc
}
}
This script is more complex, with plenty of logic and error handling. The script is more complex because you are no longer stating what you want done, but how to do it.
Powershell DSC
# A configuration is a special kind of PowerShell function
Configuration Sample_Share
{
Import-DscResource -Module xSmbShare
# Nodes are the endpoint we wish to configure.
Node $NodeName
{
# Next, specify one or more resource blocks
# Resources are simply PowerShell modules that
# implement the logic of "how" to execute a task
xSmbShare MySMBShare
{
Ensure = "Present"
Name = "MyShare"
Path = "C:\Demo\Temp"
ReadAccess = "Alice"
FullAccess = "Bob"
Description = "This is an updated description for this share"
}
}
}
#Run the function to compile the configuration
Sample_Share
#Pass the configuration to the nodes we defined and configure them
Start-DscConfiguration Sample_Share
Powershell DSC allows you to say what you want done, and the underlying logic is abstracted away. This script is cleanly formatted and straightforward to read. The logic paths and error handling are still present in the resource implementation, but invisible to the script author.
Powerhell DSC ressources
Built-in Powershell DSC ressource
Windows PowerShell Desired State Configuration (DSC) comes with a set of built-in configuration resource :
Archive Resource
Environment Resource
File Resource
Group Resource
Log Resource
Package Resource
Registry Resource
Script Resource
Service Resource
User Resource
WindowsFeature Resource
WindowsProcess Resource
Powershell gallery
Powershell gallery also provides Microsoft and third party DSC modules for download. The following modules are supported by Microsoft and frequently updated :
xActiveDirectory
xAdcsDeployment
xAzure
xAzurePack
xBitlocker
xCertificate
xChrome
xComputerManagement
xCredSSP
xDFS
xDSCResourceDesigner
xDatabase
xDefender
xDhcpServer
xDismFeature
xDnsServer
xDscDiagnostics
xExchange
xFailOverCluster
xFirefox
xHyper-V
xInternetExplorerHomePage
xJea
xMySql
xNetworking
xPSDesiredStateConfiguration
xPendingReboot
xPhp
xPowerShellExecutionPolicy
xRemoteDesktopAdmin
xRemoteDesktopSessionHost
xRobocopy
xSCDPM
xSCOM
xSCSMA
xSCSPF
xSCSR
xSCVMM
SQLServerDSC
xSafeHarbor
xSharePoint
xSmbShare
xSqlPs
xStorage
xSystemSecurity
xTimeZone
xWebAdministration
xWebDeploy
xWinEventLog
xWindowsEventForwarding
xWindowsRestore
xWindowsUpdate
xWordPress
These modules are open-source released by Microsoft on GitHub (https://github.com/PowerShell/DscResources). Support from development teams is available on GitHub using “Issues tab” for the module on which you are experiencing problems. Contributions to enhance DSC modules is wramly welcomed by the team.