github.com/teknogeek/dnscontrol@v0.2.8/providers/activedir/doc.md

github.com/teknogeek/dnscontrol@v0.2.8/providers/activedir/doc.md (about)

     1  ### ActiveDirectory
     2  
     3  This provider updates a DNS Zone in an ActiveDirectory Integrated Zone.
     4  
     5  When run on Windows, AD is updated directly. The code generates
     6  PowerShell commands, executes them, and checks the results.
     7  It leaves behind a log file of the commands that were generated.
     8  
     9  When run on non-Windows, AD isn't updated because we can't execute
    10  PowerShell at this time.  Instead of reading the existing zone data
    11  from AD, It learns what
    12  records are in the zone by reading
    13  `adzonedump.{ZONENAME}.json`, a file that must be created beforehand.
    14  It does not actually update AD, it generates a file with PowerShell
    15  commands that would do the updates, which you must execute afterwords.
    16  If the `adzonedump.{ZONENAME}.json` does not exist, the zone is quietly skipped.
    17  
    18  Not implemented:
    19  
    20  * Delete records.  This provider will not delete any records. It will only add
    21  and change existing records. See "Note to future devs" below.
    22  * Update TTLs.  It ignores TTLs.
    23  
    24  
    25  ## required creds.json config
    26  
    27  No "creds.json" configuration is expected.
    28  
    29  ## example dns config js:
    30  
    31  ```
    32  var REG_NONE = NewRegistrar('none', 'NONE')
    33  var DSP_ACTIVEDIRECTORY_DS = NewDSP("activedir", "ACTIVEDIRECTORY_PS");
    34  
    35  D('ds.stackexchange.com', REG_NONE,
    36      DSP_ACTIVEDIRECTORY_DS,
    37  )
    38  
    39  
    40      // records handled by another provider...
    41  );
    42  ```
    43  
    44  ## Special Windows stuff
    45  
    46  This provider needs to do 2 things:
    47  
    48  * Get a list of zone records:
    49    * powerShellDump: Runs a PS command that dumps the zone to JSON.
    50    * readZoneDump: Opens a adzonedump.$DOMAINNAME.json file and reads JSON out of it.  If the file does not exist, this is considered an error and processing stops.
    51  
    52  * Update records:
    53    * powerShellExec: Execute PS commands that do the update.
    54    * powerShellRecord: Record the PS command that can be run later to do the updates.  This file is -psout=dns_update_commands.ps1
    55  
    56  So what happens when?  Well, that's complex.  We want both Windows and Linux to be able to use -fakewindows
    57  for either debugging or (on Windows) actual use.  However only Windows permits -fakewinows=false and actually executes
    58  the PS code.  Here's which algorithm is used for each case:
    59  
    60    * If -fakewindows is used on any system: readZoneDump and powerShellRecord is used.
    61    * On Windows (without -fakewindows): powerShellDump and powerShellExec is used.
    62    * On Linux (wihtout -fakewindows): the provider loads as "NONE" and nothing happens.
    63  
    64  
    65  ## Note to future devs
    66  
    67  ### Why doesn't this provider delete records?
    68  
    69  Because at this time Stack doesn't fully control AD zones
    70  using dnscontrol. It only needs to add/change records.
    71  
    72  What should we do when it does need to delete them?
    73  
    74  Currently NO_PURGE is a no-op.  I would change it to update
    75  domain metadata to flag that deletes should be enabled/disabled.
    76  Then generate the deletes only if this flag exists.  To be paranoid,
    77  the func that does the deleting could check this flag to make sure
    78  that it really should be deleting something.