This is me every single time I sit down to use Pester…
Hehe…
While I do enjoy using Pester for operational validation, what do you do with the ones that fail? Most of the time you’re the one doing the validation in the chain of process and everything goes right! Because you’re that good… π Hehe…Β I’ve been recently asked to update some users where some attributes didn’t get populated during a migration… Are you thinking what I’m thinking? π
The first thing I did was export the attributes they needed, easy enough. Next was to change the necessary attributes to the correct value. The ones that differ will fail (Of course they will Urv, not a total retard here… get on with it… )
Here’s where having proper descriptions can go a long way.
This is what a Test ErrorRecord looks like when you capture the results:
At first I thought of using regex on the ErrorRecord. Some of theΒ attributes aren’t set which gave me some issues, so I decided to breadcrumb the name. First do a split on the colon ‘:’ grab the last part and do a split again using ‘/’ to get the attribute name and value. Don’t forget to trim() π
There were some other Attributes that weren’t part of the default parameter set of the Set-ADUser cmdlet. To change those attributes you need to use the DisplayName and the Replace Operator. For the attributes “not set” that need to be cleared, use the Clear operator. Just don’t use both the parameter and the DisplayName! I had EmailAddress and mail in the CSV file, one passed and the other failed… I got rid of mail…
Ok here’s the code to get things done:
First get failed Pester tests.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This will give me a csv file with the following Columns, SamAccountName, Property & Expected (Value).
The set failed Pester tests will either set or clear the attribute depending on it’s value. If it’s $null it will be cleared.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Here are some screenshots to give you an idea what to expect.
Before Test
After Test
Ideally you’d only have a few failed tests. I wouldn’t use this to reset entire User attributes. Moving and/or renaming an object isn’t supported… yet! π
So there you have it, taking failed Pester tests values and setting them accordingly!
I recently had the pleasure of presenting at PSConf.asiaΒ in Singapore. This was my very first conference as a speaker! As a first time speaker a great way to get started.
Jaap Brasser approached me at PSConf.EuΒ about doing a session (or two) at PSConf.asia. At first I was hesitant…Β me, a speaker… Hmmm… I need to think about… Let me get back to you on that… Jaap was clever enough to appease my ego, now how could I say no?
I decided to get out of my comfort zone and said yes, much to Jaap’s delight! Alright! Another PSConf, this time in Singapore, how cool is that!
So after I said yes I did some googling… Let’s see Singapore… Wait what? 12 Hours??? Oh boy… Flying isn’t really my favorite passtime…
Hehe… Fortunately I had night flights so…
Singapore has my kinda weather, tropical! I came well prepared. Poor Rob Sewell was melting in Singapore. Transportation is awesome in Singapore. From and to the conference was about 1 SGD.
The organizers did an awesome job! Great location! I met up with old acquaintances and made some new ones!
Rick Taylor won a book on Windows PowerShell for Developers by Doug Finke! Rick was like: “Wait I know this guy!” So I said we need to take a pic featuring Doug’s book! :-). Max Trinidad is a great guy! Been in IT for some time and has loads and loads of skills and it definitely shows!
The keynote is always the highlight of the Conference. Angel Calvo delivered the keynote like a boss! How can I do the key note justice? It’s all about Digital Transformation.
Digital Transformation
This is something we all need to consider. It’s not a question of if but when and how. If you’re content with where you’re at right now then you will be obsolete in the near future. What I really appreciated, was the fact that Angel acknowledged that this change can be overwhelming, but it isn’t an all-or-nothing situation. Start where you can, with what you can and take it from there. This digital transformation may take you places you never thought possible. I spoke to Amanda DeblerΒ , her transformation has her working more with kurbernetes, how cool is that?
Azure is about adding value to your business
If you’re still under the impression that Azure is just for offloading servers to the cloud, you’re sorely mistaken. We got some excellent demos by Micheal Greene andΒ Ravi Kiran Chintalapudi on Azure Management Services. Azure is about delivering value to your business. And what has value? Data! Lots and lots of it! Having your servers, application, services just to name a few in Azure, will give you the chance to transform metric and monitoring data into added value for your business. As an OPS guy I always thought of monitoring as a necessary evil. Ravi showed us how to manipulate Azure data that is at your deposition and make it valuable! That one server that isn’t patched adequately or that server that’s missing a configuration, the data is there, it’s up to you to turn that into valuable information.
ChatOps
Michael Greene’s demo on ChatOps blew my mind!
I’ve seen chatbots in action but this will take things to the next level! Here are a few links Michael shared to give you an idea where they’re heading:
When Jeffrey Snover said that PowerShell is finished, I died a little inside. Fortunately I was better prepared this time around when Angel said the same π . PowerShell has gained critical mass. Moving forward, PowerShell Core is where all attention will be placed. Steve Lee had some interesting charts and number he pulled from GitHub (It’s all about data). Mark Kraus is the nr 1 contributor on GitHub! Michael Greene’s go-to PowerShell version is Core! Joey even had a demo on cross-platform administration starting a session on a Windows and Linux. Unfortunately Joey forget about the Timezone difference, so his servers were down.
Keynote conclusion
Pretty much sums it up, no need to reiterate… π
Networking event
Conferences are a great wayΒ to interact with the Microsoft Team and delegates. It was awesome meeting Michael Greene and Steve lee in the flesh! I decided on a different approach when it came to mingling. I wanted to connect on a personal level. I can always reach out when I’m working on something. So here I am sitting in an Irish pub in Singapore knocking over a few with Michael, Amanda, Jason and Max! I asked MichaelΒ what his thoughts were on running Windows for Workgroup 3.11 in Azure… Hypothetically that is :-P. What followed was a lively discussion! Jason had some real great stories to tell! Max told us about his first job in IT back in ’78 when debugging was literally ‘debugging’. Amanda was like: “I wasn’t even born yet…”
Benjamin had Joey finish his demo in the pub. Joey’s demo didn’t go through because of timezone difference (His Azure Servers shutdown automatically after-hours), but Benjamin wasn’t haven’t that. Joey complied and did the demo in the pub, with all attending cheering him on like proper hooligans! For outsiders we may as well have been watching a football game.
I even have my own fan club!
Suresh follows my blog and was pretty excited to meet me! Lil’ ol’ me! Suresh made the 12 hour flight worth it! I enjoy meeting my PowerShell heroes in the flesh, I just never considered myself special… Thanks for the support!!! Appreciate it!
Slides & Code
Before I forget here’s the GitHubΒ link to all my presentation slides and code. So Fabian Dibot was at my Infrastructure session and I almost didn’t recognize him! Both him and Mathias JessenΒ had fun sending twitter messages during my session π . Tip: make sure you disable browser notification before starting you presentation… I know, a rookie mistake, you caught me guys… π
Bartek Bielawski was at my Dependencies session! That was a big honor for me! Bartek is the guy you go to when you’re really stuck! While doing my session I was trying to get a read on Bartek’s facial expression. At some point I could see him scanning the code… was that a smile? Ah! no comment whew! I couldn’t wait to ask him for feedback. Getting a compliment from Bartek on presentation preparationΒ & code definitely gave me a confidence boost! IMHO I enjoyed presenting this session the most. I did this as a flash session at one of our DuPSUG gatherings. I took a different route using AzureAD instead of plain ol’ AD and came across some fun stuff. AD and AzureAD have different parametersets π
I’m really glad I did the PSConf.asia sessions. Milton GohΒ was hinting on a surprise next year? π If I’m fortunate to be asked next year, I won’t hesitate!
Thanks for a wonderful experience PSConf.asia! I can’t wait to see where your Digital Transformation takes you!
2016 was all about operation validation for me. I did a series on Active Directory snapshot, reportΒ and validationΒ that was well received by the community! Classes will definitely make the user experience more pleasant! I decided to refactor the code to a class π Got a lot of ground to cover so let’s dive in!
Here’s a screenshot of the ADInfrastructure (was what popped in my mind at the time) class properties and methods:
The focus will be on Active Directory’s forest, domain, sites, sitelinks, subnets and domaincontrollers.
These are the methods I’ve worked out so far (work in progress):
GetCurrentConfig() will populate the necessary propertiesΒ using the right activedirectory cmdlets
ImportADSnapshot() will import a saved XML file to ADSnapshot property.
ExportADSnapshot() saves the class object as a XML file. This will generate a new XML file using the current $exportDate value
RunValidation() deserves it own section… π
RunValidation()
This is where the the operation validation will take place. This was a bit of a challenge getting the method right, but I think it worked out just fine… I should explain…
In my first attempt I ran the validation directly from the method. You can invoke the Describe block just like a function. That wasn’t the challenge, have a look at the It block
The test is hard coded to use $this as source and $this.ADSnapshot as target. I blogged about some possible validation gotchasΒ a while back. To remedy this, I decided to use a scriptblock. You can also provide parameters to a scriptblock . In this case I provided ($Source, $Target) as parameters. This will make interchanging Β input easier of which I’ll explain the advantages later on.
Ok so the scriptblock was a good idea. One of the things I wanted to do was save the validation results. That’s where I ran into something interesting. The input has to beΒ a *.tests.ps1 file(s). I tried using the scriptblock as input but that didn’t work. I visited the github page to see if scriptblock is supported as a feature, it isn’t. In order to save the results I would first have to save the test to a file. The scriptblock made that part a lot easier. As a workaround, this isn’t an issue.The file is generate every time RunValidation is executed, an inconvenience at most. Β A scriptblock feature Β would make for a cleaner approach.
Quick side step: There’s a poll on twitterΒ for anyone interested in casting a vote π Only 5 more days left…
The test results are saved in ValidationResults. That’s RunValidation in a nutshell.
It’s quite a bit of code, so I’ll post that at the end of the blog. Here’s what you can expect if you try it out. First up, a simple verification of the current configuration against a saved snapshot
#region Verify Current Configuration against a snapshot
$snapShotDate = '12012017'
$ADInfra = [ADInfrastructure]::New()
$ADInfra.GetCurrentConfig()
$ADInfra.snapshotDate = $snapShotDate
$ADInfra.ExportADSnapshot()
$ADInfra.ImportADSnapshot()
$ADInfra.ADSnapshot
$ADInfra.RunValidation($ADInfra,$ADInfra.ADSnapshot,@('Forest','Domain'))
$ADInfra.RunValidation($ADInfra.ADSnapshot,$ADInfra,@('Forest','Domain'))
$ADInfra.ActionHistory | Select-Object -Property TimeGenerated,Tags,MessageData
#endregion
Before you get startetd, you need to instantiate the class. GetCurrentConfig() will save the information to the properties. ExportADSnapshot() will create a ADSnapshot-($exportDate).xml file. ImportADSnapshot will import any existing snapshot file of a given $snapshotDate formatted as ‘ddMMyyyy’.
Because I’m verifying the current configuration with a snapshot without any changes all the tests will pass.
No surprises.
For the next example, I wanted to validate against a manual configuration. This is where the scriptblock really made a difference. I added a non-existent DC to Β $ADVerifyConfig for testing purposes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The class is instantiated differently this time. The values are added externally. If you run GetCurrentConfig() at any point, it will rewrite the default values. Here are the results of the snapshot vs manual source first.
Ah! DC-DSC-02 doesn’t exist in the snapshot so it will fail! There are always two sides to consider. RunValidation() makesΒ it easier to test and verify both sides…
Bonus round
ActionHistory
I recently discovered the Information stream in PowerShell v5. I decided to make use of Write-Information to log activities as I go along. This makes for easier troubleshooting of actions and/or sequences of methods being executed, couldn’t hurt… π
ValidationResults
Saving the validation test result enables you to process the results in different ways.
You can even send a high-level overview to SlackΒ (It’s on my to-do list).
Whew! I think I’ve covered all the essentials… Ok as promised the code:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Quick rundown, first we’ll import the saved object and used that to get a snapshot of the current group members. Then it’s time to vaildate who has been added or revoked.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In this case I wanted to generate different Describe blocks. This makes for a better distributionΒ in the HTML report.
Here’s the code to generate the HTML report using reportunit.exe
#region
$exportDate = Get-Date -Format ddMMyyyy
#endregion
#region Main
$pesterGroupMembers = Invoke-Pester .\ps1\dsa\ADGroupMembers* -OutputFile .\export\dsa\ADGroupMembers.NUnit.xml -OutputFormat NUnitXml -PassThru
#run reportunit against ADgroupMembers.NUnit.xml and display result in browser
& .\tools\ReportUnit\reportunit.exe .\export\dsa\ADGroupMembers.NUnit.xml
Invoke-Item .\export\dsa\ADGroupMembers.NUnit.html
#Export Pester results to xml
$pesterGroupMembers | Export-Clixml .\export\dsa\PesterResults-GroupMembers-$($exportDate).xml -Encoding UTF8
#endregion
Making sure a user is a member can be tricky at times especially when the members list is a few hundred.
As always, snapshots are your friend! When I exported the groups the first time I did it without validating if they existed. I recently ran into a situation where AD Objects were being deleted and recreated using the same SamAccountName! So having a little more information than just the SamAccountName can help when troubleshooting now and in the future.
When my project manager asked for logs and I handed him the HTML generated report of the group members… You should have seen the glee on his face!
So there you have it, verfying group membership using Pester!
In migration mode! It’s been awhileΒ since I’ve done post-configuration of File Servers. I needed to recreate a DFSn structure in our Datacenter. A great opportunity to try out the new dfsn en smb cmdlets! π
The SMB & DFSn cmdlet work with CIMSessions. Β Before I can create the DFS structure I need to create the shares… Here’s an impression of what the csv file looks like:
Server ShareName Path FullAccess ChangeAccess ReadAccess
AZR-FS-01 FS_ARC001$ E:\FS_ARC001 NT AUTHORITY\Authenticated Users
AZR-FS-01 FS_ARC002$ E:\FS_ARC002 NT AUTHORITY\Authenticated Users
AZR-FS-01 FS_ARC003$ E:\FS_ARC003 NT AUTHORITY\Authenticated Users
AZR-FS-01 FS_ARC004$ E:\FS_ARC004 NT AUTHORITY\Authenticated Users
AZR-FS-01 FS_ARC005$ E:\FS_ARC005 NT AUTHORITY\Authenticated Users
AZR-FS-01 FS_ARC006$ E:\FS_ARC006 NT AUTHORITY\Authenticated Users
I’ll be using the servername to retain the cimsession amongst other things. Instead of giving everyone FullAccess to the share, we’re giving ‘Authenticates users’ FullAccess. To complete the list I’ve added Change- and ReadAccess as well even though I won’t be using them.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Here’s a quick rundown of the script.Β I’ve created quite a few checkpoints. First, see if the share exists then verify if the paths are identical. You never know if the share already exists and is pointing to another folder, I’ve learned that from past migration. If it doesn’t exist create it!
The reason for this setup is that I want to be able to re-run this script in the future. Without the check we’d end up with quite some errors… Incidentally, this is how I did my validation pre Pester… π
Ok now for the fun part!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This time I didn’t make use of snapshots and went straight to the source! Using the csv file I can verify that the shares have been create using the right path and that ‘Authenticated Users’ have Full access.
Looking at the creation script you might wonder why bother with an OV script (Operation Validation)? As chance would have it, one of the File Server’s Β volume needed to be recreated. Which meant shares had to be recreated (and validated…) Now I wasn’t part of the recreation process, but I could validate that the shares were available as intended once the recreation took place! π It’s all about having peace of mind… I just ran the test before posting this blog, everything is as it should be… π
As excited as I get whenever I see all purple (or is it magenta? π ) and green on my test results, how do you report your results?Β I saw this great article on reporting against Pester resultsΒ by Dirk Bremen. I did see a screenshot of this somewhere on twitter but it didn’t register at that time. So having this article was great! You should definitely read his blog!
When I saved the Active Directory operational readiness, I realized that on screen it looked great, but as a report it was kinda flat. So I went back and looked at the code, I had only on Describe!
I decided to categorize the test by functionality and give the test appropriate Tags. Giving the tests tags helps target a specific test, no need to run the whole test to get a specific test π
Save the output to a XML file. I saw Flynn Bundy use the -PassThru switch to save the results as an object.
I also exported the results to XML just for good measure. You can always refer to past results if necessary…
Here’s a screenshot with theΒ Forest operational test expanded:
Nice!
A little Slack notification on the side please!
Flynn also used Slack to send a notification. As luck would have it @pscookiemonster has a Slack Module aptly named, wait for it… PSSlack! Warren’s take on Slack is definitely worth reading if you’re considering using Slack as Β a way to communicate with team members.Β I’m quite notorious for stalking my colleagues with unsolicited notification/reports. Slack is a great way to communicate without feeling pushy about it. Information is there, feel free to read it or don’t, your call.
I’m using the summary count of the Pester results for notification purposes.
Quick tip on the token: Jaap Brasser has a blog about saving credentials safely. Your Slack token should be treated as careful as a password. I saved the token as a password using the Slack team name as the username for reference.Β This makes retrieving the token simple.
Here’s what the notification looks like in Slack
Warren’s module is one to watch!
Ok here the code all put together:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Shout-out to you guys for your contribution to the PowerShell community! Keep it up! This is going to make Pester reporting and notifications way easier and not to mention cool! π
Back from the PSConfEu 2016 in Hannover! It was awesome!!! It was great meeting so many in person! I highly recommend attending a conference if ever given the chance! Tobias did a great job organizing PSConfEU 2016!
The presentations were top notch! Two presentations I definitely wanted to follow were June Blenders’ Real world Pester TDD tests & Ravikanth Chaganti Operations Validation Framework. I enjoyed Ravikanth’s approach: a simplistic and a comprehensive test. June’s presentationΒ was insightful! There were definitely a few aha moments for me! SoΒ I decided to re-evaluate what I had learned so far now that I’ve seen how it should be done! π .
Simplistic tests
Think of simplistic testsΒ as kicking the tires. Here’s where the obvious tests go:
Are the sets aligned?
Did the object count meet your expectation?
Things of that nature. Here are some tests to help you understand some gotchaΒ moments.
Validating the count seems pretty straight forward right? Well, not always… I’ll explain…
When the sets to validate are identical validation is pretty straight forward. This is the best case scenario. I did one validation with and without Group-Object (I’ll explain later on).
Simplistic Indentical sets
By using Group-Object I can get the “real” count of a set. Group-Object will gauge the uniqueness of the set, but I also found a test where that might not always be useful… So my next test was to omit an entry from the Verify set
Simplistic missing an entry in Verify
The test failed as it should. Now for some fun, let’s add a double entry to the Verify set.
This is an odd test, it could be a typo. Imagine having a list where double entries aren’t that obvious, this should catch it. Now ideally you’d use your source code that you used during deployment. I’m assuming you did automate your process eh? π Without the Group-Object the count is identical. With Group-Object you only have one entry! This could explain an exception happened during deployment… Accidents will happen…
The last test is a fun one: different sets.
Different sets
Surprise! Both validation count test passed, but the sets are totally different!
Bonus Test!
Different set with a double entry
This one almost got away. While doing the comprehensive test, it dawned on me that I should be testing both counts, with and without Group-Object. I updated the screenshot accordingly.
Take away Simplistic test:
Don’t only rely theΒ count of a set. By using Group-Object you can gauge a set’s uniqueness. The bonus test showed that exceptions may happen. It’s totally valid as a starting point, that’s why it’s aΒ simplistic tests. Here’s the code for the Simplistic test for count validation:
$savedADConfig= @{
GlobalCatalogs = @(
'DC-DSC-01.pshirwin.local'
'DC-DSC-02.pshirwin.local'
)
}
$verifyADConfig= @{
GlobalCatalogs = @(
'DC-DSC-01.pshirwin.local'
'DC-DSC-02.pshirwin.local'
)
}
#region Example Operational validation Simplistic test
Describe 'Active Directory configuration operational readiness' {
Context 'Verifying GlobalCatalogs count without Group-Object'{
it 'Total GlobalCatalogs match' {
@($savedADConfig.GlobalCatalogs).Count |
Should be @($verifyADConfig.GlobalCatalogs).Count
}
}
Context 'Verifying GlobalCatalogs count with Group-Object'{
it 'Total GlobalCatalogs match' {
@($savedADConfig.GlobalCatalogs | Group-Object).Count |
Should be @($verifyADConfig.GlobalCatalogs | Group-Object).Count
}
}
}
#endregion
If you’d like to try out the simplistic tests just add/remove entries to the saved-/verifyADConfig sets. Now for the Comprehensive tests!
Comprehensive tests
Here’s where in-depth analysis goes. When I did the AD Operational Readiness test, I had a feeling I was missing something. I saw June using sort-object in one of her validations. That triggered me to re-valuate this test.
Comprehensive Identical sets
Depending on which set you used for your enumeration you could end up with different results. When the sets are identical, all goes well. Next test, omit an entry in Verify set.
Comprehensive missing an entry
Enumerating from the saved test caught the missing entry, enumerating from verify didn’t. Both found ‘DC-DSC-01.pshirwin.local’. The simplistic test caught this, that is why you need both! Next up: Double entry in Verify.
Comprehensive double entry in verify
Enumerating from the saved set caught the double entry. Enumerating from the verify set just enumerated the entry twice. If you’re visually inclined, you might miss this.
Hey all my tests results are green and purple! Yeah…
Last test: Different sets.
Different sets
At this point you’re comparing apple with oranges. This should fail.
Take away comprehensive tests:
The set you’re enumerating from matters! To cover validation, best bet is to do both! Here’s the code for the Comprehensive Test:
#region Example Operational validation Comprehensive test
$savedADConfig= @{
GlobalCatalogs = @(
'DC-DSC-01.pshirwin.local'
'DC-DSC-02.pshirwin.local'
)
}
$verifyADConfig= @{
GlobalCatalogs = @(
'DC-DSC-01.pshirwin.local'
'DC-DSC-02.pshirwin.local'
)
}
Describe 'Active Directory configuration operational readiness' {
Context 'Verifying GlobalCatalogs enumerating from saved configuration'{
$savedADConfig.GlobalCatalogs |
ForEach-Object{
it "Server $($_) is a GlobalCatalog"{
$verifyADConfig.GlobalCatalogs.Contains($_) |
Should be $true
}
}
}
Context 'Verifying GlobalCatalogs enumerating from verify configuration'{
$verifyADConfig.GlobalCatalogs |
ForEach-Object{
it "Server $($_) is a GlobalCatalog"{
$savedADConfig.GlobalCatalogs.Contains($_) |
Should be $true
}
}
}
}
#endregion
Validation is great, but you need to make sure your validating with the right set in the right order!
Summary
Create Simplistic & Comprehensive tests.
Simplistic tests should take care of the obvious.
Comprehensive tests is where in-depth analysis takes place.
Validate by enumerating from both sets!
Never trust a test that doesn’t fail π
I’m glad I visited both presentations! Now it’s time to update my Operational readiness tests accordingly! π
This is an odd test, it could be a typo. Imagine having a list where double entries aren’t that obvious, this should catch it. Now ideally you’d use your source code that you used during deployment. I’m assuming you did automate your process eh? π Without the Group-Object the count is identical. With Group-Object you only have one entry! This could explain an exception happened during deployment… Accidents will happen…
pshirwin 
