ADDomainControllerProperties: New resource proposal

[JakeDean3631]

Description

Resource to set and manipulate properties specific to Domain Controllers

Proposed properties

ContentFreshness - This would get, set, and test the MaxOfflineTimeInDays setting on Domain Controllers against the specified value.

Special considerations or limitations

I am a PFE for a DoD customer with special requirements for DCs to be offline for over the 30-day default threshold. This resource will allow MaxOfflineTimeInDays to be manipulated and reported via DSC.

Below is the current script resource being used for this:

Script ADContentFreshness
            {
                GetScript  = {
                    $localContentFreshness = (Get-CimInstance -Namespace ROOT/microsoftdfs -Query 'Select MaxOfflineTimeInDays from DfsrMachineConfig').MaxOfflineTimeInDays
                    return @{ Result = $localContentFreshness }
                }
                SetScript  = {
                    $contentFreshness = $using:ContentFreshness
                    $null = Set-CimInstance -Namespace ROOT/microsoftdfs -Query 'Select MaxOfflineTimeInDays from DfsrMachineConfig' -Property @{MaxOfflineTimeInDays = $contentFreshness }
                }
                TestScript = {
                    $contentFreshness = $using:ContentFreshness
                    $localContentFreshness = (Get-CimInstance -Namespace ROOT/microsoftdfs -Query 'Select MaxOfflineTimeInDays from DfsrMachineConfig').MaxOfflineTimeInDays

                    if ($localContentFreshness = $contentFreshness)
                    {
                        return $true
                    }
                    else
                    {
                        return $false
                    }
                }

[devopsjesus]

@johlju @nyanhp @rchristman89 I couldn't find a great place for Domain Controller properties set after initial install. Where do you think settings for installed DCs should go? I was thinking a new resource that will configure settings applicable to the local DC.

[devopsjesus]

Related issue: #302

[JakeDean3631]

To add to @devopsjesus point - ContentFreshness is just one setting that we need the capability to configure for our customer currently, but we can add additional post-promotion settings into this resource as needed as well.

[johlju]

I suggest adding these kind of properties to the xADDomainController resource. Once the domain controller is installed by the Set-TargetResource it will initiate a reboot. One the next run it will run Test-TargetResource, see that the node is a domain controller but other properties are not in desired state, and run Set-TargetResource to configure those properties.

So I don't see the benefit of adding another resource for this. Is there any benefits that I don't see? 🤔

[devopsjesus]

I think we were trying to keep the xADDomainController resource like it is to keep it from becoming overly complex. If we agree that it won't add too much complexity, I don't mind having these properties added to the existing xADDomainController resource.

[johlju]

It would be complex, but not sure it would become too much more complex. 🤔

But I would be okay to have xADDomainControllerProperties, but then I think we should move out the functionality that enforces the properties currently being enforced in the xADDomainController like SiteName and IsGLobalCatalog. The properties that can be set by the cmdlet Install-ADDSDomainController should then only be allowed in xADomainController, but never enforced? Essentially we should make xADDomainController to just promote and demote a domain controller?
The new resource xADDomainControllerProperties will enforce the properties.

[devopsjesus]

Essentially we should make xADDomainController to just promote and demote a domain controller?

Yes, this is what I was thinking, with the xADDomainControllerProperties resource containing all the post-deployment configuration properties and settings, similar to xActiveDirectoryProperties.

We'll go ahead and start planning to get that resource started unless there are any further hesitancies about splitting out a separate resource.

[johlju]

At least I'm good with this. 🙂 Looking forward to the PR. I label this issue as a breaking change since we are removing properties from another resource?

[johlju]

@devopsjesus Did you work on this issue?

[johlju]

I see another benefit of having a separate resource for properties not used by Install-ADDSDomainController, it is possible to add configuration to an existing resource and not provide the mandatory parameters required for ADDomainController, like SafeMode password.

Above I suggested moving out some properties, but those are actually used by Install-ADDSDomainController. So this is not a breaking change, we just need to add this new property to a new resource.

I can work on this.

[johlju]

@JakeDean3631 question, why do you suggest the property should be called ContentFreshness and not just MaxOfflineTimeInDays as the property it would set? 🤔 Looking for a description of the property that would make the user know what it is used for. Is content freshness a well know term for "MaxOfflineTimeInDays"?

[johlju]

I think I found something that explains the term
https://blogs.technet.microsoft.com/poshchap/2014/12/11/use-powershell-to-check-and-configure-dfsr-content-freshness/