mirror of
https://github.com/StackExchange/dnscontrol.git
synced 2024-09-20 14:56:20 +08:00
_providers/activedir.md: First draft of AD docs.
This commit is contained in:
Tom Limoncelli
parent
89a2784f35
commit
839d50d433
62
docs/_providers/activedir.md
Normal file
62
docs/_providers/activedir.md
Normal file
|
|
@ -0,0 +1,62 @@
|
||||||
|
---
|
||||||
|
name: ActiveDirectory_PS
|
||||||
|
layout: default
|
||||||
|
jsId: ACTIVEDIRECTORY_PS
|
||||||
|
---
|
||||||
|
# ActiveDirectory_PS Provider
|
||||||
|
|
||||||
|
This provider updates an Microsoft ActiceDirectory server DNS server. It interacts
|
||||||
|
with AD via PowerShell commands that are generated and executed on the local machine.
|
||||||
|
This means that DNSControl must be run on a Windows host.
|
||||||
|
This driver automatically deactivates itself when run on non-Windows systems.
|
||||||
|
|
||||||
|
# Running on Non-Windows systems
|
||||||
|
|
||||||
|
For debugging and testing on non-Windows systems,
|
||||||
|
the `-fakeps` flag can be used, which will activate the driver and
|
||||||
|
simulate PowersShell as follows:
|
||||||
|
|
||||||
|
* Zone Input: Normally when DNSControl needs to know the contents
|
||||||
|
of an existing DNS zone, it generates a PowerShell command to gather
|
||||||
|
such information and saves a copy in a file called `adzonedump.ZONE.json`
|
||||||
|
(where "ZONE" is replaced with the zone name). When `-fakeps` is enabled,
|
||||||
|
the PowerShell command is not run, but the `adzonedump.ZONE.json` file is
|
||||||
|
read. You can generate this file on a Windows system.
|
||||||
|
* Zone Changes: Normally when DNSControl needs to change DNS records, it
|
||||||
|
executes PowerShell commands as required. When `-fakeps` is enabled, these
|
||||||
|
commands are simply logged to a file `dns_update_commands.ps1`.
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
|
||||||
|
The `ActiveDirectory_PS` provider reads an `ADServer` setting from
|
||||||
|
`creds.json` to know the name of the ActiceDirectory DNS Server to
|
||||||
|
update. creds.json:
|
||||||
|
|
||||||
|
{% highlight javascript %}
|
||||||
|
{
|
||||||
|
"activedir": {
|
||||||
|
"ADServer": "ny-dc01"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
{% endhighlight %}
|
||||||
|
|
||||||
|
Here is a simple dns configuration. dnsconfig.js:
|
||||||
|
|
||||||
|
{% highlight javascript %}
|
||||||
|
var REG_NONE = NewRegistrar('none', 'NONE')
|
||||||
|
var DSP_ACTIVEDIRECTORY_DS = NewDnsProvider("activedir", "ACTIVEDIRECTORY_PS");
|
||||||
|
|
||||||
|
D('ds.stackexchange.com', REG_NONE, DnsProvider(DSP_ACTIVEDIRECTORY_DS),
|
||||||
|
A("api","172.30.20.100")
|
||||||
|
)
|
||||||
|
{% endhighlight %}
|
||||||
|
|
||||||
|
To generate a `adzonedump.ZONE.json` file, run `dnscontrol push`
|
||||||
|
on a Windows system then copy the appropriate file to the system
|
||||||
|
you'll use for `-fakeps`.
|
||||||
|
|
||||||
|
The `adzonedump.ZONE.json` files should be UTF-16LE encoded. If you
|
||||||
|
hand-craft such a file on a non-Windows system, you may need to
|
||||||
|
convert it from UTF-8 to UTF-16LE using:
|
||||||
|
|
||||||
|
iconv -f UTF8 -t UTF-16LE <adzonedump.FOO.json.utf0 > adzonedump.FOO.json
|
||||||
Loading…
Reference in a new issue