This command will look for any script in the current directory named *.tests.ps1 and execute them. This is the Pester script and you should execute it by changing to the directory that it’s in and then running invoke-pester. Having generated a Gold configuration and (optionally) a current configuration XML file you now execute: ‘1’, but do so by running ‘invoke-pester’ If one is not found by (or provided to) Pester, it will try to run Get-ADConfig.ps1 for you to generate one on the fly.Ģ. Store this in the same location as the Pester script and it will be used as the comparative config (or specify the path of a config explicitly via the ADFile param per the above). You can run Get-ADConfig.ps1 again manually at a later date to generate a snapshot of the Active Directory configuration for comparison. $ADGoldFile = $(Get-ChildItem ("ADGoldConfig-*.xml") | Select name -last 1).name – When you later use the Pester script, If you don’t specify a path to this file as a parameter it by default looks for the latest version in the directory it is run: You should do this one time initially at a point where you are satisfied that the configuration of AD is correct, then store that file as ADGoldConfig-.xml to be used for future comparisons. ![]() You need to download and execute Get-ADConfig.ps1 within your domain with suitable rights to create an XML file of your current Active Directory configuration. He then realised this could be leveraged to perform Pester tests against a later capture of the configuration to determine if any drift had occurred.Īfter you have downloaded the scripts from Git or PSGallery, perform the following: Irwin’s script was a follow up to his earlier post which captures your Active Directory configuration and stores it as an XML file. Testing and validating your Active Directory Prior to that you can download it from Github and install it as a module. – If you have Windows Management Framework 5 installed (or are running Windows 10) you may already have Pester (or you can easily install it with Install-Module Pester). If you’re not familiar with Pester check out the wiki to help you get started. This was my second outing with Pester (previously I authored a Pester script for my Hipchat module which did some basic functionality tests) and it’s a fantastic framework for building both unit tests of your scripts to ensure they are functioning correctly as well as performing operational testing. Install-Module ADAudit (to grab the code to view it before installing you can use Save-Module ADAudit instead). ![]() Or get it from the Powershell Gallery via: You can find my version of this tool here: Afterwards I extended the script to add some additional health checks of Active Directory and this post explains how the resultant combination of our work can be used to validate your Active Directory. Irwin Strachan published a Pester script for Operational Testing of Active Directory back in April which I was keen to try out.
0 Comments
Leave a Reply. |