Module

7
Automation in Windows Server 2016

Module Agenda
The automation landscape
PowerShell investments
Delivering PowerShell code faster
PowerShell Web Access and

Workflows
PowerShell DSC

The automation
landscape.

Automation

Windows Server, System Center, Azure

Partner
s
O
IS
E
Vs
Mana Auto
Ms mati
geme

Microsoft

Syste
m
Cent
Servi
ce er
Mana
gem
ent
Auto
mati
on

Orch
estra
tor

Azure
Azur
e
Auto
mati
on

Azur
e
DSC

nt
Prod
ucts

on
Prod
ucts

Windows Server
PowerShell

PowerShell
Workflow

Just Enough
Admin

Desired State
Configuration

PowerShell
Investments.

The story of PowerShell is

the story of sustained
investment

PowerShell Progression
Version
Monad Manifesto

Server
Server 2000

Key Feature
Vision and
prototype

PowerShell Progression
Version
Monad Manifesto

Server
Server 2000

PowerShell 1.0

Server 2008

Key Feature
Vision and
prototype
.Net Cmdlets*

* .Net Cmdlets, Interactive shell, language, object pipeline & utilities,

namespaces, debugger, security, adaptive type system, Help

PowerShell Progression
Version
Monad Manifesto

Server
Server 2000

PowerShell 1.0
PowerShell 2.0

Server 2008
Server 2008 R2

Key Feature
Vision and
prototype
.Net Cmdlets
Remoting*

* Remoting, Script cmdlets, comment-based help, modules, transactions,

data language, splatting, try-catch, block comments, script I18N,
background jobs, eventing, PowerShell_ISE, Out-Gridview

PowerShell Progression
Version
Monad Manifesto

Server
Server 2000

PowerShell 1.0
PowerShell 2.0
PowerShell 3.0

Server 2008
Server 2008 R2
Server 2012

Key Feature
Vision and
prototype
.Net Cmdlets
Remoting
Coverage*

* Coverage, CDXML, workflow, updateable Help, singleton/collections fix, deleg

constrained & simplified language, module autoloading, DLR & AST,
web and JSON support, scheduled/WMI/workflow jobs, robust remoting,
RunAs and constrained runspaces, PSWeb services, POWA, snippets,
intelliSense, Show-Comand, WINPE, Explorer Integration

PowerShell Progression
Version
Monad Manifesto

Server
Server 2000

PowerShell
PowerShell
PowerShell
PowerShell

Server
Server
Server
Server

1.0
2.0
3.0
4.0

2008
2008 R2
2012
2012 R2

Key Feature
Vision and
prototype
.Net Cmdlets
Remoting
Coverage
Desired State
Config*

DSC, Save-Help, Where() & Foreach() methods, workflow debugging,

lots of fixes and incremental improvements

PowerShell Progression
Version
Monad Manifesto

Server
Server 2000

PowerShell
PowerShell
PowerShell
PowerShell

Server
Server
Server
Server

1.0
2.0
3.0
4.0

PowerShell 5.0

2008
2008 R2
2012
2012 R2

Server 2016

Key Feature
Vision and
prototype
.Net Cmdlets
Remoting
Coverage
Desired State
Config
DevOps*

* DSC++, package manager, Azure extension agent, script analyzer, classes, u

security++, information stream, CMS, parse by example, Pester, PSReadline,
remote debugging/file copy/script editing, network switches, OData

PowerShell 5.0 Additions

Scripting Security & ProtectionNew Modules
Ubiquitous and comprehensive transcription
Deep script block logging
Protected event logging
PowerShell Information stream
Cryptographic message cmdlets
Secure code generation APIs
Constrained PowerShell endpoints (JIT/JEA)

New Utility Cmdlets

PSReadLine (tab completion++)

NetworkSwitchManager (network switches)
PnpDevice (devices and drivers)
Pester (unit test framework)
ODataUtils (generate cmdlets from OData)

Community & Development

PSScriptAnalyzer (scripting best practices)
PowerShellGet (find and install modules)

Compress-Archive / Expand-Archive
Convert-String / ConvertFrom-String

PowerShell Gallery (module repository)

PackageManagement (package manager)

NoNewLine on File and Content cmdlets

Symbolic link support

Side-by-side module versioning

Classes, lexical scoping, and 'using' keyword

Format-Hex
New-Guid
Clipboard cmdlets
New-TemporaryFile
Clear-RecycleBin
Get-ChildItem -Depth

Remote Management
Remote script debugging
Remote script editing in ISE
Host process attach and debug
File copy over PowerShell sessions
PowerShell remoting over VMBus

More info: https://technet.microsoft.com/library/hh857339.aspx

Delivering PowerShell
Code Faster.

Improved Authoring of
PowerShell ISE Improvements
PowerShell

Edit remote PS scripts & files in local ISE -> Enter-PSSession then
running PSEdit <path and file name on the remote
computer>.
This feature eases editing Windows PowerShell files that are stored
on the Server Core installation option of Windows Server, where
Windows PowerShell ISE cannot run.
The Start-Transcript cmdlet is now supported in Windows
PowerShell ISE.
You can now debug remote scripts in Windows PowerShell ISE.
A new menu command, Break All (Ctrl+B), breaks into the
debugger for both local and remotely-running scripts.

PoshCode

PowerShell Editing in Visual Studio

Better PowerShell Coding

PowerShell Script Analyzer
Practices

Static code checker for Windows PowerShell modules and scripts

Checks the quality of Windows PowerShell code by running a set of rules
Rules based on best practices identified by PowerShell Team and the
community
Generates DiagnosticResults (errors and warnings) to inform users about
potential code defects and suggests possible solutions for improvements

Pester

Framework for running Unit Tests to execute and validate PowerShell

commands

Remote Debugging

PowerShell Web
Access
and Workflows

PowerShell Web Access

Acts as a Windows PowerShell gateway, providing a web-

based Windows PowerShell console that is targeted at a

remote computer
Run Windows PowerShell commands
and scripts from a Windows
PowerShell console in
a web browser
No local Windows PowerShell
No remote management software
No browser plug-in on the client device

Broad support for popular browsers.

Built for tablets and mobile devices.
Robust Session Connectivity
Users can run scripts, lose connectivity, reconnect and session still running

03
PowerShell
Workflow

Windows
PowerShell
Workflow

A set of longrunning
activities (in
sequence or in
parallel) that
perform
complex
management
tasks, such as
multi-machine
application
provisioning.

Authored
using
a Windows
PowerShell
script or the
Visual Studio
Workflow
Designer
(XAML).

Workflows
survive
system
interruption
s (reboots,
network
problems):
suspend-job/
resume-job,
persist state
and metadata.

PowerShell Workflow
Join-Domain through Workflow
workflow Join-Domain
{
param(
[Parameter(Mandatory)]
[string]$DomainName,
[Parameter(Mandatory)]
[PSCredential]$DomainCredential
)
Get-CimInstance -ClassName win32_computersystem
Add-Computer -Credential $DomainCredential -DomainName $DomainName -LocalCredential $PSCredential
Restart-Computer -Force -Wait
Get-CimInstance -ClassName win32_computersystem
}
# Usage
Join-Domain -PSComputerName <list of machines> -PSCredential <local admin credential> -DomainName
<domain name> -DomainCredential <credential that can join machine to domain>

PowerShell DSC.

PowerShell Desired State Configuration

Simplifies configuration
Prevents configuration

drift
Flexible deployment
options
Enables continuous
deployment
Modules available from
PS Gallery

PowerShell DSC
But what can it do for me?
Install or remove server roles and features
Manage registry settings
Manage files and directories
Start, stop, and manage processes and services
Manage local groups and user accounts
Install and manage packages such as .msi and .exe
Manage environment variables
Run Windows PowerShell scripts
Fix a configuration that has drifted away from the desired state
Discover the actual configuration state on a given node

DSC Leverage
Traditional
Scripts
Depende
ncy
Resolutio
Int
n
en
r
t
o
r
r
E
& g
g
i n dlin
g
Log Han
Reboo
t
R
e
silienc
Rep
y
ea t
abl
eA
uto
ma
tion
Technology
Specific

Configuration

Intent

DSC Engine
Dependency Resolution
Logging & Error
Handling
Reboot Resiliency
Repeatable Automation
Resources
Technology Specific

DSC Decouples
Configuration

Intent

DSC Engine
Dependency
Resolution
Logging & Error
Handling
Reboot Resiliency
Repeatable
Resources Automation
Technology Specific

Intent
WHAT : Structural Configuration
Stays same irrespective of the
environment
WHERE : Environmental Configuration
Changes as system goes through
different env.
Dev Test Production
Make It So
HOW : DSC Resources
Do the heavy lifting in an idempotent
way

DSC Architecture Overview

Authoring Phase:
DSC configuration is created through
PowerShell or by third party languages and
tools
Output from the Authoring Phase is one or
more MOF (Management Object Format) files,
the format which is consumable by DSC

DSC Architecture Overview

Staging Phase:
MOF files are staged
Pull Server is an IIS
Web Server with OData
interface
Target system contacts
Pull server to retrieve
config
With Push model, DSC
data is pushed to
target system

DSC Architecture Overview

Make it So phase
Apply the configuration
DSC data either pulled or pushed to
local configuration store
Contains current, previous and desired
state configuration
Changes then implemented

Example DSC Configuration

Configuration ContosoWebsite
{
param ($MachineName)
Node $MachineName
{
#Install the IIS Role
WindowsFeature IIS
{
Ensure = Present
Name = Web-Server
}
#Install ASP.NET 4.5
WindowsFeature ASP
{
Ensure = Present
Name = Web-Asp-Net45
}
}
}

Use Node to specify target

systems, so a specific node
could have a specific
configuration
Example DSC Provider
WindowsFeature

Example DSC Configuration

#Create consumable MOF file
ContosoWebsite MachineName MyServer
#Apply the MOF - Path can be local or UNC
Start-DscConfiguration Path .\ContosoWebsite Wait Verbose
#Identify configuration drift - will return true or false
Test-DscConfiguration CimSession $session

Whats new with DSC?

Define Windows PowerShell Desired State

Configuration (DSC) resources by using classes

Neither a MOF file nor a DSCResource subfolder in the module folder is required
Gives additional flexibility

Centralized DSC Error Reporting

Not only logged in event log, but sent to central location for further analysis
Send errors for any server in the environment
Sent to a Report Server and stored in a database works with push/pull configurations

PSDscRunAsCredential

Run resource under a specified set of credentials

Just Enough Administration

New delegation security feature, leverages DSC and Windows PowerShell constrained runspaces
to help secure enterprises from data loss or compromise by employees, whether
intentional or unintentional

Further detail:
https://technet.microsoft.com/library/hh857339.aspx#BKMK_newDSC

Whats new with DSC?

New cmdlets added to the
PSDesiredStateConfiguration module:

Get-DscConfigurationStatus - high-level information about configuration status from a

target node. You can obtain the status of the last, or of all configurations.
Compare-DscConfiguration - compares a specified configuration with the actual state of
one or more target nodes.
Publish-DscConfiguration - copies a configuration MOF file to a target node, but does not
apply the configuration. The configuration is applied during the next consistency pass, or
when you run the Update-DscConfiguration cmdlet.
Test-DscConfiguration - verify that a resulting configuration matches the desired
configuration, returning either True if the configuration matches the desired configuration, or
False if the actual configuration does not match the desired configuration.
Update-DscConfiguration forces a configuration to be processed. If the Local
Configuration Manager is in pull mode, the cmdlet gets the configuration from the pull server
before applying it.

Demo.
DSC

 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be
interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.