What are the best IT Pro Tools for automation – and why?
Each month here in the @TechnetUk #ITPro office there is a mad scramble (bunfight / race / polite debate) to bid for the best blog topics for the month. Each quarter has a theme, this quarter it is ‘the right tools for the job’. I was lucky enough to see the email early and our editor Charlotte accepted my bids for my post last week on Windows Server Technical Preview and for this one on automation tools.
As you might imagine this was a pretty popular one to bid for especially as all IT Pros will always try and find the quickest most efficient way to carry out their allotted tasks while it is yet day, all so that they can carry on with important things like Wolfenstein (the original of course) and even a quick toe-dipping into the world of Xbox One.
Anyone who has ever read any of my posts would be forgiven for thinking automation, well that’s going to be another exposition on the glories of PowerShell and why we need to learn it or learn golf… and in part you may be correct but I decided to read the title in full and this gave me the opportunity to go further than a single tool. PowerShell could be described as the framework for a whole bunch of excellent tools (or modules) but in this post I will be treating it as one tool and will be including it as it is simply the number one productivity and automation tool available in the world of Microsoft Server operating systems and business platforms such as Exchange, SharePoint, Office 365 etc.
What else is available to an IT Pro as an automation tool, I had to think long and hard about this as I haven’t really used much else on a day to day basis for quite some time, to automate routine tasks.
What does the landscape look like in the world of automation?
What does an IT Pro want to automate?
Well the roles of an IT Pro, even though they are changing and being a little blurred by the new DevOps school of thinking, are many and varied, from a network specialist who really doesn’t want to do all the IP Planning, management and administration manually (or by spreadsheet) to the deployment specialist who absolutely doesn’t want to wander round a building and install images, agents and other software on client and or server machines when everyone else has gone home.
But let us start with the traditional view of an IT pro – the server administrator and yes PowerShell. I am not going to offer up the whole of PowerShell as that is something I do on a regular basis. I am going to talk about DSC, or more formally titled PowerShell Desired State Configuration.
As I usually do I am going to quote the TechNet description of the feature and then dive a little deeper into it.
“DSC is a new management platform in Windows PowerShell that enables deploying and managing configuration data for software services and managing the environment in which these services run.
DSC provides a set of Windows PowerShell language extensions, new Windows PowerShell CmdLets, and resources that you can use to declaratively specify how you want your software environment to be configured. It also provides a means to maintain and manage existing configurations.”
Now that sounds all very well but it doesn’t tell me exactly what the feature does in layman’s terms, nor does it describe how to do it or really sell to me the impact that can have on my infrastructure and thereby the amount of time I will have released to carry out other important tasks.
So PowerShell DSC gives us the ability to define exactly what we want our server to look like in terms of roles and features installed, configuration and even right down to detailed single registry settings or environment variables.
The seasoned IT Pro may well say at this point, ‘So What?’ I can do that with Group Policy if I am in a Domain environment (and most It Pros work in such an environment). The answer would be yes, of course you can. But Group Policy has default refresh rate of 90 minutes with a randomized offset of 0 to 30 minutes to prevent all machines hogging the network at the same time. The seasoned IT pro will also tell you that up to 120 minutes is a very long time indeed in the world of Server configuration.
DSC uses a set of built in resources (which are growing all the time) to control a range of features, functions and roles in an entirely automated manner. DSC also allows the IT Pro to create custom resources. At this point I should add that as with all things PowerShell, the community tends to share and a large number of custom resources are already available for free.
The descriptions of the original built in resources can be found here.
In a default install, the built in resources are those as shown below.
I should also add here that this is not basic level scripting or PowerShell and this post is not aimed at teaching you the skills required to script or to understand complex PowerShell commands. I will list out several script blocks to show what is involved. TechNet again provides a great tutorial on custom DSC resources here. In that tutorial the reader is shown how to create a custom resource that will either create, configure or delete a website on a particular server.
All this can be run on a schedule to ensure that the Desired State is maintained across your entire server estate. It can also be pushed or pulled whichever you prefer. There is also a great deal more DSC goodness coming with PowerShell 5.0 in Windows Server vNext.
There are also some good TechNet Virtual Labs for DSC and other PowerShell features. Check them out here. (33 of them covering PowerShell, DSC, Azure PowerShell, Automation etc.)
I shall save some deeper DSC diving for other posts as this was NOT meant to be a PowerShell love in.
So what other tools can I use to automate IT pro tasks.
I have already alluded to the IP planning and deployment / management tasks that need automating and easing. Well I have posted many times about the super effective IP Address Management feature in Windows Server 2012 and 2012 R2. Suffice it to say that if you read this blog regularly you are already sufficiently acquainted with its principles to realize its value. Of course Windows PowerShell 4.0 also added these PowerShell CmdLets to enable automating your IPAM deployment and management.
TechNet Virtual Labs also do a rather good job of highlighting this feature in this LAB. I ought also to mention here that the Microsoft Virtual Academy has a number of courses covering IPAM and PowerShell for Active Directory that includes DSC.
The Final set of automation tools (I wanted to pick Azure Automation using PowerShell but I promised I wasn’t going to use all PowerShell today) that I am going to select today are those that enable the deployment of Operating System images. I was spoilt for choice, since I could have picked System Center 2012 R2, Hyper-V, or many other useful tools.
I have chosen some tools that are cost free once you have licensed a server operating system (Server 2012 or 2012 R2).
The mix of tools are Windows Deployment Services (WDS) and the Microsoft Deployment Toolkit (MDT) 2013. But before I discuss those, I would like to mention the Microsoft Assessment and Planning (MAP) Toolkit.
“The Microsoft Assessment and Planning (MAP) Toolkit is an agentless inventory, assessment, and reporting tool that can securely assess IT environments for various platform migrations—including Windows 8.1, Windows 7, Office 2013, Office 2010, Office 365, Windows Server 2012 and Windows 2012 R2, SQL Server 2014, Hyper-V, Microsoft Private Cloud Fast Track, and Windows Azure.”
This is a must have tool for anyone planning to do anything to their network or clients / servers. Another free tool. Available here. All the above mentioned tools are part of the Microsoft Solution Accelerator Programme which seems to expand every time I look at this page. The MDT Team blog also has masses of useful information.
So why have I chosen this set of tools? WDS allows me to deploy operating systems across the network to all my clients in a Light Touch manner (LTI) this means that I would have to have some interaction with the client. Currently the preferred Zero Touch solution uses System Center 2012 R2, but this can be a costly option.
To assist you in using this free service Microsoft have provided the MDT and also the Windows Assessment and Deployment Kit (ADK). This kit is a hefty installation and provides a raft of useful tools. See the screenshot below, if you select all as I have here, the result is over 6GB of installation.
There are a number of TechNet Virtual Labs for the MDT, although most are focused on the integration with System Center Configuration Manager, for larger enterprises. There is one for creating images using the MDT though.
In short the tools allow you to create images or capture them from reference PC’s then store them until required for deployment to new / refreshed PC’s in your network. Why am I considering this automation? Well the use of an image in the new(ish) Windows Image Format (WIM) allows you to update, service and add / remove features, drivers and programs from the image at any time. It can also be used to deploy VHD and VHDX files to allow client PC’s to boot from VHD too. All this would take a long time configuring at each machine that you want to deploy.
As with most tools that save you time in the long run the deployment and configuration of this suite of tools is not a small task and it will involve a degree of learning the principles and processes, which can be confusing, there are capture images, install images boot images, reference images as well as thin thick and hybrid types of images. Enough images for you?
Oh and I am sure it won’t surprise you to find out that MDT uses PowerShell to carry out all its tasks, as I have said ‘ad nauseum’ PowerShell is the future.
I don’t have enough space this time to do a run through of MDT / ADK for developing and deploying images with WDS, but they are freely available on the internet and I will do a YouTube one when I get time. It may flow better that way.
But all new tools take time, whether they be PowerShell, Azure Automation or any other new feature. That is why learning and certification is still such a good thing to be involved with. All of the products and features I have talked about today appear in Microsoft Official Curriculum Courses and in Microsoft Certification Exams too.
With the landscape changing so often, it is wise to invest in your career by learning and certifying so that your employer or your prospective employer can have some benchmark to judge you by.
Use the MVA and the other training avenues wisely. For all things training and Certification you can use the many resources available to you at
Watch this space for more on PowerShell DSC, Windows Server Technical Preview top five features and more.