DSC design help needed

This topic contains 1 reply, has 2 voices, and was last updated by  Don Jones 1 year, 5 months ago.

  • Author
  • #37533



    I'm new to DSC and trying to figure out how can I implement it to mimic server settings we currently do through GPO. While I understand how to do that for single machine with single huge MOF file, I can not understand how to do that for hundreds of machines it's eventually will be rolled out to. Namely what confuses me is how to retain similar hierarchical structure which GPO has which worked very well for us.
    In nutshell I want
    1. One encompassing DSC which will cover all machines in my environment (kind of GPO bound on Domain Level
    2. Two or there level deep hierarchical configuration for servers separated into "OU" type leaves.

    My plan is to create one big DSC config which applies to all servers via PULL and configure it's as a first partial config.
    Create separate partial config for first branch level and configure it's as second partial config through PULL.
    Create third partial config for leaf level of computers. All servers on third level will share the same GUID.
    Is it going to work? How do I configure pull server that all servers regardless of GUID will receive first partial config and second partial config? Do I have to create exact copy GUID.mof for each branchy?

  • #37534

    Don Jones

    Thing is, DSC doesn't really yet come with any tooling that makes this model easy. There's no database a la Active Directory. So while you can do what you're asking, it's going to require YOU to come up with a way of tracking and assigning everything.

    I think you're going to be very disappointed with partial configurations. They look great, but it's very easy to get them to explode and crash when they hit the client, because only the LCM is doing any kind of validation on them. There's no central merging-and-validation logic, and DSC isn't as simple as "last in wins" like GPO.

    And DSC doesn't have a "first or second" partial concept. It retrieves ALL the partials and combines them into one MOF, and then executes that MOF. There's no precedence.

    If you're CAREFUL, then what you're talking about – a partial everyone gets, a partial some people get, and a third partial that is maybe per-computer, then yes, you can do this. Setting up the code to produce it all may be time-consuming, but overall you CAN, technically, do this.

    But you don't use GUIDs in v5 for partials, you use ConfigurationNames. For each Pull server, you specify the Configuration Names (essentially, MOF filenames) you want that node to pull from that Pull server. So whether servers share a GUID or not isn't important.

    You'd just tell everyone to pull "AllServers.mof," and then whatever other MOFs you want them to pull. You don't need a MOF-per-server.

You must be logged in to reply to this topic.