mirror of
https://github.com/StackExchange/dnscontrol.git
synced 2024-05-11 05:55:12 +00:00
Remove ACTIVEDIRECTORY_PS (#1680)
This commit is contained in:
Tom Limoncelli
GitHub
@@ -1,72 +0,0 @@
|
||||
---
|
||||
name: ActiveDirectory_PS
|
||||
layout: default
|
||||
jsId: ACTIVEDIRECTORY_PS
|
||||
title: ActiveDirectory_PS Provider
|
||||
---
|
||||
|
||||
# WARNING:
|
||||
|
||||
WARNING: This provider is deprecated and will eventually be removed.
|
||||
Please switch to MSDNS. It is more modern and reliable. The
|
||||
`creds.json` fields changed names; otherwise it should be an
|
||||
uneventful upgrade.
|
||||
|
||||
# ActiveDirectory_PS Provider
|
||||
This provider updates an Microsoft Active Directory server DNS server. It interacts with AD via PowerShell commands that are generated and executed on the local machine. This means that DNSControl must be run on a Windows host. This driver automatically deactivates itself when run on non-Windows systems.
|
||||
|
||||
# Running on Non-Windows systems
|
||||
For debugging and testing on non-Windows systems, a "fake PowerShell" mode can be used, which will activate the driver and simulate PowerShell as follows:
|
||||
|
||||
- **Zone Input**: Normally when DNSControl needs to know the contents of an existing DNS zone, it generates a PowerShell command to gather such information and saves a copy in a file called `adzonedump.ZONE.json` (where "ZONE" is replaced with the zone name). When "fake PowerShell" mode is enabled, the PowerShell command is not run, but the `adzonedump.ZONE.json` file is read. You must generate this file ahead of time (often on a different machine, one that runs PowerShell).
|
||||
- **Zone Changes**: Normally when DNSControl needs to change DNS records, it executes PowerShell commands as required. When "fake PowerShell" mode is enabled, these commands are simply logged to a file `dns_update_commands.ps1` and the system assumes they executed.
|
||||
|
||||
To activate this mode, set `"fakeps":"true"` inside your credentials file for the provider.
|
||||
|
||||
## Configuration
|
||||
|
||||
The `ActiveDirectory_PS` provider reads an `ADServer` setting from `creds.json` to know the name of the ActiveDirectory DNS Server to update.
|
||||
|
||||
```js
|
||||
{
|
||||
"activedir": {
|
||||
"TYPE": "ACTIVEDIRECTORY_PS",
|
||||
"ADServer": "ny-dc01"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
|
||||
If you want to modify the "fake powershell" mode details, you can set them in the credentials file:
|
||||
|
||||
```js
|
||||
{
|
||||
"activedir": {
|
||||
"TYPE": "ACTIVEDIRECTORY_PS",
|
||||
"ADServer": "ny-dc01",
|
||||
"fakeps": "true",
|
||||
"pslog": "powershell.log",
|
||||
"psout": "commandsToRun.ps1"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
|
||||
An example DNS configuration:
|
||||
|
||||
```js
|
||||
var REG_NONE = NewRegistrar("none", "NONE")
|
||||
var DSP_ACTIVEDIRECTORY = NewDnsProvider("activedir", "ACTIVEDIRECTORY_PS");
|
||||
|
||||
D("example.tld", REG_NONE, DnsProvider(DSP_ACTIVEDIRECTORY),
|
||||
A("test", "1.2.3.4")
|
||||
)
|
||||
```
|
||||
|
||||
To generate a `adzonedump.ZONE.json` file, run `dnscontrol preview` on a Windows system then copy the appropriate file to the system you'll use in "fake powershell" mode.
|
||||
|
||||
The `adzonedump.ZONE.json` files should be UTF-16LE encoded. If you hand-craft such a file on a non-Windows system, you may need to convert it from UTF-8 to UTF-16LE using:
|
||||
|
||||
iconv -f UTF8 -t UTF-16LE <adzonedump.FOO.json.utf0 > adzonedump.FOO.json
|
||||
|
||||
If you check these files into Git, you should mark them as "binary" in `.gitattributes`.
|
||||
@@ -16,8 +16,6 @@ non-Windows systems.
|
||||
DNSControl will use `New-PSSession` to execute the commands remotely if
|
||||
`computername` is set in `creds.json` (see below).
|
||||
|
||||
This provider will replace `ACTIVEDIRECTORY_PS` which is deprecated.
|
||||
|
||||
# Caveats
|
||||
|
||||
* Two systems updating a zone is never a good idea. If Windows Dynamic
|
||||
@@ -65,37 +63,3 @@ D("example.tld", REG_NONE, DnsProvider(DSP_MSDNS),
|
||||
A("test", "1.2.3.4")
|
||||
)
|
||||
```
|
||||
|
||||
|
||||
# Converting from `ACTIVEDIRECTORY_PS`
|
||||
|
||||
If you were using the `ACTIVEDIRECTORY_PS` provider and are switching to `MSDNS`, make the following changes:
|
||||
|
||||
1. In `dnsconfig.js`, change `ACTIVEDIRECTORY_PS` to `MSDNS` in any `NewDnsProvider()` calls.
|
||||
|
||||
2. In `creds.json`: Since unused fields are quietly ignored, it is
|
||||
safe to list both the old and new options:
|
||||
a. Add a field "dnsserver" with the DNS server's name. (OPTIONAL if dnscontrol is run on the DNS server.)
|
||||
b. If the PowerShell commands need to be run on a different host using a `PSSession`, add `pssession: "remoteserver",` where `remoteserver` is the name of the server where the PowerShell commands should run.
|
||||
c. The MSDNS provider will quietly ignore `fakeps`, `pslog` and `psout`. Feel free to leave them in `creds.json` until you are sure you aren't going back to the old provider.
|
||||
|
||||
During the transition your `creds.json` file might look like:
|
||||
|
||||
```json
|
||||
{
|
||||
"msdns": {
|
||||
"ADServer": "ny-dc01", << Delete these after you have
|
||||
"fakeps": "true", << verified that MSDNS works
|
||||
"pslog": "log.txt", << properly.
|
||||
"psout": "out.txt",
|
||||
"dnsserver": "ny-dc01",
|
||||
"pssession": "mywindowshost"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
3. Run `dnscontrol preview` to make sure the provider works as expected.
|
||||
|
||||
4. If for any reason you need to revert, simply change `dnsconfig.js` to refer to `ACTIVEDIRECTORY_PS` again (or use `git` commands). If you are reverting because you found a bug, please [file an issue](https://github.com/StackExchange/dnscontrol/issues/new).
|
||||
|
||||
5. Once you are confident in the new provider, remove `ADServer`, `fakeps`, `pslog`, `psout` from `creds.json`.
|
||||
|
||||
Reference in New Issue
Block a user