Update! Setup Active Directory Integration with the PowerShell SDK

Update 10/6/2017 — Updated the PowerShell script to support the cmdlets in the PowerShell SDK (1.7.4.0+).

—————

Having Active Directory integration certainly helps with organizing users in the various groups to control what actions can be performed on the FlashArray. The most complicated part of setting up Directory Service integration is on the Active Directory side. Once you have the below ingredients it very straight-forward.

Basic ingredients:

  • 1 Active Directory (AD) Server
  • 1 Organizational Unit (OU)
  • 1 Organization Group (Global)
  • 3 Security Groups
    • 1 Array Admin Group — Full permissions.
    • 1 Storage Admin Group — Perform storage tasks (add hosts, wwns/iqns, volumes)
    • 1 Read Only Group — View permissions to focus on the Analysis tab use.
  • 1 AD user account that has privileges to query (Eg. MSLAB\PureDSSync).

Each of the Active Directory Groups that need to be created can have any name you choose but obviously make sure that each of the groups can easily be identified as related to Pure Storage for easy management.

Once all of the details have been gathered substiture them into the hashtable items of the $oDS PowerShell variable below and run the script. The script will setup the Directory Service configuration and at the end test that the Directory Services works.

$FlashArray = New-PfaArray -EndPoint 1.1.1.1 -Credentials (Get-Credential) -IgnoreCertificateError

$oDS = @{
    LdapUri = "ldap://10.21.201.50"
    BaseDN = "DC=mslab,DC=purestorage,DC=com"
    GroupBase = "OU=PureStorageDirectoryServices"
    ArrayAdminGroup = "PureStorage_AdminGroup"
    StorageAdminGroup = "PureStorage_StorageAdminGroup"
    ReadOnlyGroup = "PureStorage_ReadOnlyGroup"
    BindUser = "Administrator"
    BindPassword = "***********"
}

# Note: A dialog or encrypted file can be used to capture the BindUser and BindPassword.

Get-PfaDirectoryServiceConfiguration -Array $FlashArray
Get-PfaDirectoryServiceGroups -Array $FlashArray

Set-PfaDirectoryServiceArrayAdminGroup -Array $FlashArray -ArrayAdminGroup $oDS.ArrayAdminGroup
Set-PfaDirectoryServiceGroupBase -Array $FlashArray -GroupBase $oDS.GroupBase
Set-PfaDirectoryServiceReadOnlyGroup -Array $FlashArray -ReadOnlyGroup $oDS .ReadOnlyGroup
Set-PfaDirectoryServiceStorageAdminGroup -Array $FlashArray -StorageAdminGroup $oDS.StorageAdminGroup
Set-PfaDirectoryServiceConfiguration -Array $FlashArray -BaseDN $oDS.BaseDN -BindUser $oDS.BindUser -BindPassword $oDS.BindPassword -URI $DirectoryObj.LdapUri
Test-PfaDirectoryService -Array $FlashArray | Format-Table -Autosize

Below shows my environment after setting up the Directory Services.

 

 

Cheers,
Barkz

10/6/2017 Barkz Microsoft , PowerShell , Pure Storage , REST API , Windows Server Leave a Comment

Add Comment

Required fields are marked *. Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.