So where I work at I we are in the process of completely rebuilding our Windows forest. Why you may ask, well that's another story lets just say we have quite a few people come and go over the years and very little documentation of who did what and why through our Windows AD infrastructure. Anyways one of my main tasks is the organizing of our current Group Policies, and then figuring out what gets migrated where. So I went looking at our policies and found that there so many policies doing so many different things (something we sort of already knew), and found that we had over 149 group policies in current domain. In the new domain we really want to simplify everything and implement a change management so that we can easily see what we have at all times. So that said ideally we would have only 5-10 policies in the new forest. So I am taking on the challenge of trying o figure the best way to figure out what we have, what's need and where to put it. Needless to say while it started of being pretty simple I soon started to notice that the task was mundane and really pretty complex. I tried to think of the best way of documenting what we had so that we could figure out what to keep and what to through away, and the idea I came up with was how about a wiki. We already have Active Administrator from ScriptLogic, which is great product but really for I was trying to do it didn't really help. Next came the trusty old GPMC, which is also a great product (especially for being free), but it too didn't really have what I was looking for. It did however a great COM library which I could tap into to pull information about our policies, like the GenerateReportToFile method.
Enter the Wiki
Well I now have a way to get my information out of AD, now I just need a way managing what I had. Now I just needed some sort of wiki site manager, I decided to go with Dokuwiki, which I had previously installed for another documenting project I had. I really loved how simple it was to install and maintain and thought that it was a great fit since there was tagging, discussion, and blogging modules which is really what I wanted (another plus was the easy LDAP integration for the user login). So I exported all of the group policies in HTML format and started to input the information into the Wiki, but I quickly found out the process of exporting each one and then stripping out all the unnecessary info to then import into the wiki seemed to get crazy. So I decided to try to automate the process with a vbscript which parsed each of the HTM files, but quickly realized that this solution was getting crazy because the information in each of the files weren't in the same place. I really wished Microsoft exported the information in XHTML format, but I guess that would be too much to ask. So I then decided instead export each of the policies into an XML format instead, where it would be easier to then parse out the necessary information from each of the policies. The XML files ended up have a tremendous out of namespace information included each of the files which made it almost impossible to parse anything out of (at least when using XPath queries which is all I know when it comes to XML). Luckily my good old friend Steve helped my out by showing me that I could remove this namespace stuff and then the XPath queries would work. I quickly wrote a vbscript function that opened each of the XML files and then rewrote them stripping out all of the namespace information. Next I worked on a script which ran all of the XPath queries to export all of the necessary information into the dokuwiki syntax, where I could then easily then copy and paste all of the info into the wiki. once all posted I had a website which was completely searchable, taggable, and each policy had a discussion area where could easily discuss it ultimate demise in the new forest.
Enter another beta project
So while the end result that I have is pretty good, it definitely has room for improvement. The tagging feature in Dokuwiki is pretty ugly, and I really don't like the wiki sytax requirement. So I think I am going to have end up creating my own wiki website which makes the process much cleaner and more refined. The proof of concept is complete, now I just have to create my own website using my own custom language for my purpose (sounds easy hugh, yeah right). I will probably end upi writing the code with a mix ruby and vbscript, but ultimatley I want the end result to be site which automatically gets updated each time a policy is changed. and I wantto add the ability to subscribe to certain policies so that can be notified each time a policy is changed, what was changed, and who changed it, and what was changed. Since it will be a wiki it will definetly have revision control where I can easily see its history and the ability to rollback to any point in time its history. What do you guys think?
I found this comparison website for GPMC and Active Adminisrator for anyone interested see here: http://www.amtsoftware.com/Active-Administrator/docs/GPMC-vs-Active-Administrator
Ultimately I want the end project to have most of the features found in Active Admin but with a more web 2.0 look and feel.
Friday, October 17, 2008
Subscribe to:
Posts (Atom)