I found myself curious if I could get my entire lab environment to build itself from scratch in a 100% automated fashion including deploying and configuring Active Directory.
All of the cmdlets to perform these tasks already exist in PowerShell and are trivial to perform individually. But what happens if you want to combine them together? In order to do that, you have to be able to manage restarts and be able to continue your script where it left off. That turns out to be a non-trivial problem for traditional PowerShell scripts. As I was researching how I might accomplish this, I stumbled across something called “Desired State Configuration” or DSC. I’ve heard it talked about constantly over the last year or two and all of the major PowerShell bloggers have stated that it is the concept to learn after you’ve got the basics of PowerShell down. I’ve never had a reason to look into it though… until now.
The first thing I did was start watching the Microsoft JumpStart series on DSC. I just assumed it would be a module’s length but to my shock and surprise, Microsoft created an entire course on just DSC and that course is 2 full days – equal to that of the JumpStart for PowerShell itself! The next thing that jumped out at me is that at the beginning of the video series, one of the hosts and inventor of PowerShell, Jeffrey Snover said:
“DSC is not just a priority at Microsoft, it is THE priority at Microsoft.” That may sound like hyperbole coming from most people but remember that Jeffrey Snover is now the Technical Lead Architect for Windows Server. So even accepting he probably meant his team specifically, that’s still a big deal for those working in IT as most of our time is spent with the products he is responsible for.
With that backstory out of the way, what exactly is Desired State Configuration and why should you care? Here is what I’ve been able to piece together so far. DSC is a mechanism for you to define how a server or servers should be configured. Notice I did not say how specifically to configure them. This is the first thing that took me a while to wrap my head around. In DSC, you never define HOW to configure a server, only WHAT you want the final product to look like. Think of DSC more as a manager than a programmer.
The way this is accomplished is Microsoft (and others) create something called “resources” which are effectively large, complex PowerShell modules that are written by professional programmers that contain all of the logic and error handling and dependency management that is almost always missing from amateur scripts. You then use a special subset syntax of PowerShell to declare what you want and PowerShell will go out and do it for you.