PowerShell DSC Journey – Day 20

When I left off yesterday I was trying to actually run a Configuration to create a Hardware Profile, and quickly realized that I was going to need a Credential parameter in order to do this, because not just anyone can connect to a Virtual Machine Manager server. So today’s post is going to be about adding a Credential property to my Configuration.

I am going to be referencing the Active Directory resource for this because I know that uses a credential parameter to authenticate to Active Directory. First thing first, let’s create a new DSC Resource Property.

$Credential = New-xDscResourceProperty -Name Credential -Type PSCredential -Attribute Required -Description "Valid credential for connecting to VMM Server"

Then I will need to update my resource with this new Property.

PS C:\Scripts> Update-xDscResource -Name cSCVMM_Hardware -Property $Credential,$DVDDrive,$VMNetwork,$CPUCount,$Ensure,$Name,$VMMServer -Force -Verbose
VERBOSE: Successfully found a property with the attribute Key.
VERBOSE: All of the properties had unique names.
VERBOSE: Testing the schema.mof file.
VERBOSE: The path to the schema file has been verified.
VERBOSE: The schema file has passed mofcomp's syntax check.
VERBOSE: Testing the schema file's compliance to Desired State Configuration's contracts.
VERBOSE: Perform operation 'Get CimClass' with following parameters, ''namespaceName' = root\microsoft\windows\DesiredStateConfiguration,'className' = tmp859B'.
VERBOSE: Operation 'Get CimClass' complete.
VERBOSE: Testing the .psm1 file.
VERBOSE: Loading module from path 'C:\Program Files\WindowsPowerShell\Modules\cSCVMM\DSCResources\cSCVMM_Hardware\cSCVMM_Hardware.psm1'.
VERBOSE: Importing function 'Get-u5nqc0u5.hl4TargetResource'.
VERBOSE: Importing function 'Set-u5nqc0u5.hl4TargetResource'.
VERBOSE: Importing function 'Test-u5nqc0u5.hl4TargetResource'.
VERBOSE: The schema.mof and .psm1 files were both indivually correct.
VERBOSE: Result of testing Get-TargetResource for it's mandatory properties: True.
VERBOSE: Result of testing Set-TargetResource for no read properties: True.
VERBOSE: Result of testing Get-TargetResource for no read properties: True.
VERBOSE: The generated resource was tested and found acceptable.

And here is what my schema.mof file looks like:

[ClassVersion("1.0.0.0"), FriendlyName("")]
class cSCVMM_Hardware : OMI_BaseResource
{
	[Required, EmbeddedInstance("MSFT_Credential"), Description("Valid credential for connecting to VMM Server")] String Credential;
	[Write, Description("Should DVD Drive be created")] Boolean DVDDrive;
	[Write, Description("Name of VM Network to connect to")] String VMNetwork;
	[Write, Description("Number of CPUs")] Uint64 CPUCount;
	[Write, ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
	[Key, Description("Name of the hardware profile")] String Name;
	[Required, Description("Name of VMM Server")] String VMMServer;
};

And this is a snippet of the Get-TargetResource function show the additional property as well.

function Get-TargetResource
{
	[CmdletBinding()]
	[OutputType([System.Collections.Hashtable])]
	param
	(
		[parameter(Mandatory = $true)]
		[System.Management.Automation.PSCredential]
		$Credential,

Now, that’s all well and good, but how do I go about testing this in Get-TargetResource? Let’s take a look at what the Active Directory resource does. It looks like it is using the Credential property when testing other properties, so I will do the same. I believe I only need to add this where other commands need to authenticate to the VMMServer, and I should probably test to make sure the credential is valid. Get-SCHardwareProfile doesn’t require a credential, only the VMMServer name, so I don’t think I need to do anything there. I did add this to the Get-TargetResource function.

#Check to see if Credential and VMMServer is valid
$ResourceVMMServer = Get-SCVMMServer -ComputerName $VMMServer -Credential $Credential

And I suppose I should test this now to see what breaks. This test prompted me for the credential and completed successfully.

PS C:\Scripts> Get-TargetResource -Name "DSCWEB Hardware Profile" -VMMServer MY-VMM-SERVER1 -Verbose
cmdlet Get-TargetResource at command pipeline position 1
Supply values for the following parameters:
VERBOSE: VMMServer is MY-VMM-SERVER1
VERBOSE: Hardware Profile Name is DSCWEB Hardware Profile
VERBOSE: Loading module from path 'C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\virtualmachinemanager.R2Aliases.ps1'.
VERBOSE: Loading module from path 'C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\VirtualMachineManagerLibraryClientCleanup.ps1'.
VERBOSE: Loading module from path 'C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\psModules\virtualmachinemanager\..\..\virtualmachinemanager.R2AdvFunc.psm1'.
VERBOSE: Loading module from path 'C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\psModules\virtualmachinemanager\..\..\Microsoft.SystemCenter.VirtualMachineManager.dll'.
VERBOSE: The Hardware Profile was found
VERBOSE: The Resource Hardware Profile is DSCWEB Hardware Profile

Name                           Value                                                                                                                                                                                
----                           -----                                                                                                                                                                                
VMNetwork                                                                                                                                                                                                           
Name                           DSCWEB Hardware Profile                                                                                                                                                              
DVDDrive                       True                                                                                                                                                                                 
Ensure                         Present                                                                                                                                                                              
CPUCount                       1                                                                                                                                                                                    
VMMServer                      MY-VMM-SERVER1

Just to be safe I tried the same test but added a -Credential (Get-Credential) command and everything worked fine.

Here is a test where I submitted a completely bogus credential that has no permissions to anything.

PS C:\Scripts> Get-TargetResource -Name "DSCWEB Hardware Profile" -VMMServer MY-VMM-SERVER1 -Verbose
cmdlet Get-TargetResource at command pipeline position 1
Supply values for the following parameters:
VERBOSE: VMMServer is MY-VMM-SERVER1
VERBOSE: Hardware Profile Name is DSCWEB Hardware Profile
VERBOSE: Loading module from path 'C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\virtualmachinemanager.R2Aliases.ps1'.
VERBOSE: Loading module from path 'C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\VirtualMachineManagerLibraryClientCleanup.ps1'.
VERBOSE: Loading module from path 'C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\psModules\virtualmachinemanager\..\..\virtualmachinemanager.R2AdvFunc.psm1'.
VERBOSE: Loading module from path 'C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\psModules\virtualmachinemanager\..\..\Microsoft.SystemCenter.VirtualMachineManager.dll'.
Get-SCVMMServer : You cannot access VMM management server MY-VMM-SERVER1. (Error ID: 1604)
 
Contact the Virtual Machine Manager administrator to verify that your account is a member of a valid user role and then try the operation again.
At line:37 char:26
+ ... VMMServer = Get-SCVMMServer -ComputerName $VMMServer -Credential $Cre ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ReadError: (:) [Get-SCVMMServer], CarmineException
    + FullyQualifiedErrorId : 1604,Microsoft.SystemCenter.VirtualMachineManager.Cmdlets.ConnectServerCmdlet

Here is what I added to my Test-TargetResource Function.

    #Check to see if Credential and VMMServer is valid
    $ResourceVMMServer = Get-SCVMMServer -ComputerName $VMMServer -Credential $Credential
        If($ResourceVMMServer)
        {
            Return $true
        }
        Else
        {
            Return $false
        }

So let’s test this out. I am astounded this is actually working properly. With valid credential:

PS C:\Scripts> Test-TargetResource -Name "DSCWEB Hardware Profile" -VMMServer MY-VMM-SERVER1 -Ensure Present -Verbose
cmdlet Test-TargetResource at command pipeline position 1
Supply values for the following parameters:
VERBOSE: VMMServer is MY-VMM-SERVER1
VERBOSE: Hardware Profile Name is DSCWEB Hardware Profile
VERBOSE: Loading module from path 'C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\virtualmachinemanager.R2Aliases.ps1'.
VERBOSE: Loading module from path 'C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\VirtualMachineManagerLibraryClientCleanup.ps1'.
VERBOSE: Loading module from path 'C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\psModules\virtualmachinemanager\..\..\virtualmachinemanager.R2AdvFunc.psm1'.
VERBOSE: Loading module from path 'C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\psModules\virtualmachinemanager\..\..\Microsoft.SystemCenter.VirtualMachineManager.dll'.
True

With non valid Credential:

PS C:\Scripts> Test-TargetResource -Name "DSCWEB Hardware Profile" -VMMServer SC-VMM01 -Ensure Present -Verbose
cmdlet Test-TargetResource at command pipeline position 1
Supply values for the following parameters:
VERBOSE: VMMServer is SC-VMM01
VERBOSE: Hardware Profile Name is DSCWEB Hardware Profile
VERBOSE: Loading module from path 'C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\virtualmachinemanager.R2Aliases.ps1'.
VERBOSE: Loading module from path 'C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\VirtualMachineManagerLibraryClientCleanup.ps1'.
VERBOSE: Loading module from path 'C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\psModules\virtualmachinemanager\..\..\virtualmachinemanager.R2AdvFunc.psm1'.
VERBOSE: Loading module from path 'C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\psModules\virtualmachinemanager\..\..\Microsoft.SystemCenter.VirtualMachineManager.dll'.
Get-SCVMMServer : You cannot access VMM management server SC-VMM01. (Error ID: 1604)
 
Contact the Virtual Machine Manager administrator to verify that your account is a member of a valid user role and then try the operation again.
At line:51 char:26
+ ... VMMServer = Get-SCVMMServer -ComputerName $VMMServer -Credential $Cre ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ReadError: (:) [Get-SCVMMServer], CarmineException
    + FullyQualifiedErrorId : 1604,Microsoft.SystemCenter.VirtualMachineManager.Cmdlets.ConnectServerCmdlet
False

I am running out of time today and feel like this is a great place to stop. I will move on to the Set-TargetResource function tomorrow!