DNS Self-Service with Orchestrator

Standard

Monday morning, you’re sitting in the comfort of your cubical, playing Minecraft, building a giant pixelated reptile, determined and focused, when suddenly a new outlook toast with “New DNS record creation request” as the subject appears… You feel like:

Ain't nobody got time for time for that

You know the feeling, that woman is my role model !

Imagine if you could just reply the man with “Use the DNS self-service form, fiend” and continue with your masterpiece.

Fret not, old friend, that is exactly what we are going to do today !

We’ll be using Sharepoint as the form location, with System Center Orchestrator for orchestration, and some Powershell.

You may ask: Why Powershell if we are using Orchestrator? I mean, that defeats the purpose of orchestrator !

You are completely correct, but I didn’t find any IP (Integration Pack) for DNS ! Not even 3rd party ! Weird…

Another question you might ask (boy, that tongue of yours!): Why use Orchestrator at all if we have to write everything in Powershell ?
Well, that is because we want to piggyback on Orchestrator’s SharePoint IP and its built-in multi-threading capabilities, instead of building our on (you can run thousands of instances of the same runbook at the same time).

For Powershell execution I’m using the following IP:

http://blogs.technet.com/b/privatecloud/archive/2013/10/02/automation-orchestrator-integration-pack-for-powershell-script-execution-version-1-2.aspx

 

Enough chitchat!

 

The Sharepoint list will be something like this:

The “Action” drop-down list will contain 2 options: Create and Delete.
The “Zone Name” drop-down list will contain as many DNS zones as you want.

And the runbook will be something like this:

Activities Breakdown:

  • Monitor list items: It will keep monitoring the newly created SharePoint List for any new records added.
  • Test connection to the DNS Server: Will test is the DNS server that we will execute our PowerShell command on is reachable, it not, it will go to “Delete List Item” Activity
  • Execute the request:Will execute the PowerShell code that i will provide later
    • E-mail upon successful execution: Will send an E-mail to the requester, containing the activity log.
  • Delete List Item: Will delete the new record from the SharePoint List
    • E-mail upon dailed execution: Will send an E-mail to the requester, informing him that the creation has failed.

The “Execute the request” activity will contain 2 scripts, PS Script 01 and PS script 02: First one to execute the actual DNS changes, the second one to extract the E-mail address of the requester then feed it to the send E-mail activity next:

 

$dc = "yourDNSserver.constoso.com"
$ip = "{Subscribe published data from "Monitor List Items" activity}"
$hostname = "{Subscribe published data from "Monitor List Items" activity}"
$action = "{Subscribe published data from "Monitor List Items" activity}"
$zone = "{Subscribe published data from "Monitor List Items" activity}"
$fullhostname = $hostname + "." + $zone
$ptrhostname = $fullhostname + "."
$createPTRonly = "{Subscribe published data from "Monitor List Items" activity}"
$deletePTRonly = "{Subscribe published data from "Monitor List Items" activity}"

if (([bool]($ip -as [ipaddress])) -eq "True")
{
    $iparray = $ip -split "\."
    if (($iparray[0] -eq "172") -AND ($iparray[1] -eq "16"))
    {
        $rzone = "$($iparray[1]).$($iparray[0]).in-addr.arpa"
        $hostnameoctet = $iparray[3] + "." + $iparray[2]
    }
    else
    {
        $rzone = "$($iparray[2]).$($iparray[1]).$($iparray[0]).in-addr.arpa"
        $hostnameoctet = $iparray[3]
    }
}

if ($action -eq 'Create')
{
    
    if ($createPTRonly -eq 'False')
    {

        Add-DnsServerResourceRecordA -Name $hostname -ZoneName $zone -IPv4Address $ip -computername $dc  -EA SilentlyContinue
        Add-DnsServerResourceRecordPtr -Name $hostnameoctet -ZoneName $rzone -PtrDomainName $fullhostname -computername $dc  -EA SilentlyContinue
        
    }
    elseif ($createPTRonly -eq 'True')
    {

        Add-DnsServerResourceRecordPtr -Name $hostnameoctet -ZoneName $rzone -PtrDomainName $fullhostname -computername $dc  -EA SilentlyContinue
    }
    
}
elseif ($action -eq 'Delete')
{
    
    if ($deletePTRonly -eq 'False')
    {

        Remove-DnsServerResourceRecord -ZoneName $zone -RRType "A" -Name $hostname -RecordData $ip  -computername $dc -confirm:$false -force -EA SilentlyContinue

        Remove-DnsServerResourceRecord -recorddata $ptrhostname -name $hostnameoctet -zonename $rzone -computername $dc -confirm:$false -force -RRType "PTR" -EA SilentlyContinue
        
    }
    elseif ($deletePTRonly -eq 'True')
    {

        Remove-DnsServerResourceRecord -recorddata $ptrhostname -name $hostnameoctet -zonename $rzone -computername $dc -Confirm:$false -force -RRType "PTR" -EA SilentlyContinue
        
    }
    
}

 

$email = get-aduser -filter{displayname -eq "{Created By From "Monitor List Items"}" } -properties mail | select -ExpandProperty mail
$email

Now in the “TO” section of the “E-mail upon successful execution” activity, subscribe to the “PS Script 02 Results”.
That’s it !

Now you can add some regular expression validation to your form to validate data.

You now have the chassis to build upon, you can add different DNS record types, enable the form to accept wildcard input, or you can even enable CSV file upload for bulk DNS manipulation (Although need = highly unlikely)  !

If you need any further clarification, feel free to drop me a comment.

Until next time, hang loose.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s