Convert a PowerShell script to a DSC configuration

As an organization automates more infrastructure components with PowerShell, it may soon decide to take that next step and begin to move some of that PowerShell code to Desired State Configuration (DSC) scripts.

DSC is a configuration management platform Microsoft developed to manage objects declaratively rather than procedurally. The two approaches are similar as they both use PowerShell code, but DSC scripts behave differently, and you must write them in a specific way.

One challenge some organizations face is having lots of PowerShell scripts and converting them to DSC scripts. There are many ways to do this depending on the situation, but you can follow a few steps to ensure this process goes smoothly.

First, it's important you recognize the "object classes" in play. I've purposefully put "object classes" in quotes here because I'm not referring to classes in code but rather the components your script is manipulating. For example, if you have a PowerShell script that attempts to look for a Windows feature and, if not found, install it, you're working with one "object class": a Windows feature. If on the other hand, a script is manipulating one or more Windows services, you've got another "object class": a Windows service. It's important to break these down because you'll find that these logical components comprise DSC resources.

Let's say I've got a PowerShell script that reads a bunch of computer names from a text file and adds them to Active Directory. It might look something like this:

In the script above, I'm primarily working with two kinds of "object classes" here. The first "class" is a file and the second is an Active Directory user. Each component then has properties associated with it. For the file, I'm assuming this is a text file, it has a particular location, and it has some pre-defined content—in this case, one computer name per line.

When looking at the Active Directory computer "class," I'm only using a single attribute of it, which is the name. I explicitly point out these aspects because you'll need to know them when building DSC scripts.

With this knowledge, I'll now see if a DSC resource already exists for each component I'm working with. The first step is to see if one already exists with the built-in resources that come with Windows. To do this, I can use the Get-DscResource command, and since I don't know what the name is offhand, I'll just search for any resource that has the name File in it.

You can see that one already exists called File. Digging in a little further, I know which attributes I can set by using the Syntax parameter.

The File DSC resource appears to be exactly what I'm looking for. Next, I'll try to find a DSC resource for Active Directory computers. I enumerated all built-in DSC resources with Get-DscResource and couldn't find any. If no built-in resources exist, the next best option is to search the PowerShell Gallery with the Find-DscResource command. To search for this DSC resource, I'll first look for all resources that contain the string 'ActiveDirectory.' I can do this with the Filter parameter.

However, this command did not return anything. At this time, the filtering ability with Find-DscResource sometimes does not provide the most accurate results. If you run into this, try the Find-Module command. Sometimes you'll be able to discover modules that include DSC resources that way.

Once you've discovered all the modules you'll be using for your DSC script, get them all on your local system to generate the Managed Object Format (MOF) files. Since the File resource already exists, I'll just need to download and install the xActiveDirectory module.

Next, I can begin creating the DSC scripts by looking at my existing PowerShell script and matching up each attribute that's changed or read on each "object class." I then match up those with the corresponding DSC resource configuration.

Convert PowerShell script to a DSC configuration

Convert PowerShell script to a DSC configuration

If you follow this process with each of your PowerShell scripts, you'll be able to build more complex DSC configurations as time goes on iteratively.

Join the 4sysops PowerShell group!

Your question was not answered? Ask in the forum!

3+
avataravatar
0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account