Transitioning to Geneva Framework and Server

This week, I’m getting the opportunity to play catch-up and get my feet wet with Geneva. So far, it’s awesome because there is so much material already out! As soon as all my pre-reqs are installed, integration with VS 2008 immediately worked {Per DL “huh, a Beta product working” =-)}! Yep, the option to “Create a new STS project in the current solution” is pretty slick. Developers can begin building an application immediately without having to wait for the IT guy; therefore keeping everything within VS until time to deploy a build.

If you’ve already played with the federation stuff, I suggest watching Channel 9’s interview with Donovan Follette on making the shift from ADFS v1 to Geneva and Jan Alexander on the claims transformation language in Geneva Server Beta 2. Both address all the important things you need to know to get started such as the new concepts Geneva introduces and how they relate to the old concepts used in ADFS v1.

Check it out, the links to Channel 9 are above!

AD PowerShell Cmdlets & AD WebServices

New features coming out for Windows Server 2008 R2 that I’m really interested in are the AD PowerShell Cmdlets and AD WebServices. This evening, I happened to stubble on PG’s blog, “Active Directory PowerShell Blog” which provided some valuable info on what’s coming soon! Of course, the first thing I did after reading a the first few posts is begin my download of R2 so I can begin playing with them myself. So much to learn, so little time…

Let me summarize what’s new:

Basically, the AD PsH cmdlets will immediately support 4 categories (Account, Topology, DS Object, Providers) for AD administration. Here is a link which breaks down the actual cmdlets. Just with what you see, you can bet there is a lot of opportunity for extensibility (or as they refer to it, “Advanced Functions!”

The next thing is the AD WebServices, which support both ADAM and AD upon installation.

• Active Directory Web Services Overview
• AD WebService Data Model

Here is the link to their blog:

Active Directory PowerShell Blog

Using PowerShell and S.DS.AD to create Sites and Service objects

System.DirectoryServices.ActiveDirectory (S.DS.AD) is a .NET namespace available for performing common tasks related to Active Directory Domain Services. S.DS.AD differs from S.DS in that it is a pure .NET interface which allows us to extend deeper into DS development. See S.DS.AD Scenarios here.

With PowerShell (PSH), we can leverage the classes in this namespace for common manual tasks that can be scripted. For example, in a migration scenario, managing AD sites and services can be time consuming to set up. Here are some functions I wrote which allow you to automate these process using PSH.

To do bulk creations of site objects, you would store your configuration in a CSV file and use them as parameters to each PSH function.

Say we need to 1. Create Sites, 2. Create Subnets, 3. Create SiteLinks, and 4. Configure our SiteLinks. Using Excel, you can create 4 CSV source files for each task, then use the Import-CSV and ForEach-Object cmdlets to call each function for each record.

For example:

Import-Csv C:\importFile.csv ForEach-Object {Create-Site $_.SiteName} Import-Csv C:\importSubnets.txt ForEach-Object {Create-SubNet $_.SubNet $_.SiteName} Import-Csv C:\importSiteLinks.txt ForEach-Object {Create-SiteLink $_.SiteLinkName $_.Site $_.Cost $_.Interval}

Here are the PSH functions:

Creating AD Sites

Function Create-Site{Param ($siteName) $forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() $type = [System.DirectoryServices.ActiveDirectory.DirectoryContextType]"forest" $contextType = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext($type,$forest) $site = New-Object System.DirectoryServices.ActiveDirectory.ActiveDirectorySite($contextType,$siteName) $site.Options = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySiteOptions]::GroupMembershipCachingEnabled $site.Save() Write-Host "Creating site object $siteName..." }

Creating AD Subnets

Function Create-SubNet{Param($subNetName,$siteName) $forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() $type = [System.DirectoryServices.ActiveDirectory.DirectoryContextType]"forest" $contextType = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext($type,$forest) $site = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::FindByName($contextType, $siteName) $subnet = New-Object System.DirectoryServices.ActiveDirectory.ActiveDirectorySubnet($contextType,$subNetName,$site) $subnet.Save() Write-Host "Creating subnet object $subNetName..." }

Creating AD SiteLinks

Function Create-SiteLink{Param($siteLinkName,$siteName,$siteCost,$repInterval) $forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() $type = [System.DirectoryServices.ActiveDirectory.DirectoryContextType]"forest" $contextType = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext($type,$forest) $trans = [System.DirectoryServices.ActiveDirectory.ActiveDirectoryTransportType]::Rpc $site = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::FindByName($contextType,$siteName) $link = New-Object System.DirectoryServices.ActiveDirectory.ActiveDirectorySiteLink($contextType,$siteLinkName,$trans) $link.Cost = $siteCost $link.ReplicationInterval = $repInterval $d = $link.Sites.Add($site) $link.Save() Write-Host "Creating siteLink object $siteLinkName..." }

Adding Sites to a SiteLink

Function Add-SitetoSiteLink{Param($siteName,$siteLinkName) $forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() $type = [System.DirectoryServices.ActiveDirectory.DirectoryContextType]"forest" $contextType = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext($type,$forest) $site = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::FindByName($contextType,$siteName) $link = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySiteLink]::FindByName($contextTye,$siteLinkName) $link.Sites.Add($site) $link.Save() }

Installing ADAM on Vista SP1

To date, Microsoft still hasn’t released an ADAM build for Vista. We’ve since had to hack our way to get ADAM installed; however, the release of Vista SP1 presented a new set of obstacles. Basically what you’ll see is an “Entry Point Not Found” error which references the VSSAPI.DLL. In order to overcome this, you just copy the older version of the VSSAPI.DLL into the ADAM directory on your Vista machine (Thanks siudyda.com for the post).

Here are the steps to get ADAM installed on an Vista SP1 build:

1. Install ADAM on a non-Vista machine.
2. Copy the %WINDIR%\ADAM folder from your non-Vista machine to the same location on your Vista machine.
3. Create a new registry key HKLM\Software\Microsoft\Windows\CurrentVersion\ADAM_Shared. Under this key, create a new Multi-String value named “SharedFolders”.
4. Run the adaminstall.exe from the %WINDIR%\ADAM directory. Do not import any LDIF files. Note: if you experience the error mentioned above, just copy the older version of VSSAPI.DLL into your ADAM directory.
5. Complete the wizard and you should have a fully functional ADAM instance. All you need to do is import the LDIF files you want to design your schema.