For those that are working with VMware View it is probably common knowledge that View stores information about the virtual desktop infrastructure configuration in an AD-LDS (Active Directory Lightweight Directory Service) on the Connection Servers. An AD-LDS, previously known as ADAM, is an embedded LDAP directory.
Since the current PowerShell snapin that comes with VMware View is seriously lacking functionality, and doesn’t integrate too well with the PowerCLI snapin, there are several View administrators out there, that look at this AD-LDS to help them manage their View environment.
I will list a number of existing scripts that use the AD-LDS to retrieve View related information. But most of the time these scripts go for only part of the available information.
These are just a few examples of such scripts.
- Andre Leibovici and his Setting VMware View Desktop State Remotely post.
- Clinton Kitson with his Automating VMware View Pool Membership
- Matt Boren and his VMware View reporting — PowerShell without Broker-based cmdlets — Part 0 post
- Rasmus Jensen and his Check VMware View 4.x pool provisioning status post
In this function I aimed at getting all the information that View keeps in the AD LDS.
That way:
- you don’t need no to use something like AdsiEdit to explore what is there
- it will give you a way to have a backup of the View AD-LDS content
- it will allow you to perform an audit of your View environment, and discover which recent change is causing problems
This script was shown during our VMworld 2012 presentation as an example of how to integrate with different VMware products from PowerShell.
Note: the following functions were tested against View 5.1. I can’t guarantee their proper functioning against earlier View releases.
Intro
While I was thinking of writing this function to extract all the View information from the AD-LDS partition, there were a couple of decisions to be made.
The View Schema
The View AD-LDS partition contains multiple types of records. The layout of these records can not be retrieved from the actual AD-LDS partition, because some of the attributes on these records are OPTIONAL. In other words, the attribute is not necessarily present in a record you retrieve from the AD-LDS partition.
The easiest solution I found was to use the vdiSchema.ldf file that is used when you install VMware View to create the AD-LDS partition.
From that .ldf file it was rather easy to extract the layout of each record used by View and containing all the possible attributes, also the optional ones.
Since this file, and consequently the View AD-LDS schema, only potentially changes when there is a new View version, or in some rare cases when there are View patches, you will only need to read this .ldf file once for each View build.
The .ldf file can be found in %ProgramFiles%\VMware\VMware View\Server\LDAP\ldif on any of your View Connection servers.
The View AD-LDS Records
The View AD-LDS partition uses different type of records (see the previous section).
As a consequence, I couldn’t export the content of the records to a single CSV file. As a solution I decided to use an XLS file, where I could place each type of record in a separate worksheet.
For that I use the Export-Xls function from my Beyond Export-Csv: Export-Xls post.
The Schema Export Script
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
function Get-VDILDSSchema { <# .SYNOPSIS Reads the attributes from VIEW AD-LDS schema .DESCRIPTION The function will read all entries from the View AD-LDS schema and returns a simplified structure .NOTES Author: Luc Dekens .PARAMETER VDISChema The path to LDIF file that contains the schema .EXAMPLE PS> Get-VDILDSSchema -VDISchema #> param( [CmdletBinding()] [parameter(Mandatory = $true)] [System.String]$VDISchema ) $regAttrMain = [regex]"# objectclasses:.*NAME\s'(?.*)'.*DESC\s'(?.*)'.*SUP\s'(?.*)'(?.*)" $regAttrRequired = [regex]".*MUST\s\(\s(?.*?)\s\)" $regAttrOptional = [regex]".*MAY\s\(\s(?.*?)\s\)" $attrArr = @{} $skipClass = $false Get-Content -Path $VDISchema | where {$_ -match $regAttrMain} | %{ $class = $Matches['ClassName'] if($class -notmatch 'pae-AdminFolderID-' -and $class -notmatch '-a$'){ $description = $Matches['Description'] $subclass = $Matches['Subclass'] $rest = $Matches['Rest'] if($subclass -ne 'top' -and $subclass -match '^pae-'){ $template = $attrArr[$subclass] $template.Name = $class $template.Description = $description } else{ $template = New-Object PSObject -Property @{ Name = $class Description = $description } } if($rest -match $regAttrRequired){ $required = $Matches['Required'] $required.Split('$') | %{ $attrName = $_.Trim(' ') if(!($template | Get-Member -Name $attrName)){ $template | Add-Member -Name $attrName -Value $null -MemberType NoteProperty } } } if($rest -match $regAttrOptional){ $optional = $Matches['Optional'] $optional.Split('$') | %{ $attrName = $_.Trim(' ') if(!($template | Get-Member -Name $attrName)){ $template | Add-Member -Name $attrName -Value $null -MemberType NoteProperty } } } $attrArr[$class] = $template } } $attrArr } |
Annotation
Line 16: With the $VDISchema parameter you specify the path to the .ldf file that is used to define the records in the View AD-LDS partition.
Line 19-21: Some RegEx expression that are later in the script to analyse the entries in the .ldf file. Note the 2 RegEx expressions that will bring out the obligatory and optional attributes
Line 33-43: This part of the script extracts the class information from the .ldf file. The script only handles the classes that start with pae-. These are actually the classes in the AD LDS partition that will hold View related information.
Line 44-52: The code that handles the required attributes.
Line 53-61: The code that handles the optional attributes.
The AD-LDS Export Script
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
function Get-ADAMTree { <# .SYNOPSIS Reads the content of the View AD-LDS partition .DESCRIPTION The function will read all records in the View AD-LDS partition, based on the schema file that is passed with the VDISchema parameter. The AD-LDS partition is read recursively. The helper function Get-ADAMProperties gets the attributes for each record. .NOTES Author: Luc Dekens .PARAMETER Node The node in the AD-LDS partition where to start reading .PARAMETER VDIClasses The XML file that contains the View schema description .EXAMPLE PS> Get-ADAMTree -Node $node -VDIClasses "C:\schena.xml #> param( [CmdletBinding()] [parameter(Mandatory = $true)] [System.DirectoryServices.DirectoryEntry]$Node, [parameter(Mandatory = $true)] [System.Collections.Hashtable]$VDIClasses ) begin{ function Get-ADAMProperties { param( [parameter(Mandatory = $true)] [System.DirectoryServices.DirectoryEntry]$Node, [parameter(Mandatory = $true)] [System.Collections.Hashtable]$VDIClasses ) $class = $node.SchemaClassName if($VDIClasses.ContainsKey($class)){ $model = $VDIClasses[$class] $base = New-Object PSObject $model.PSObject.Properties | %{ $base | Add-Member -MemberType $_.MemberType -Name $_.Name -Value $_.Value } $node | Get-Member -Name pae* | %{ $propName = $_.Name if("pae-NameValuePair","pae-LicenseKey2" -contains $propName -and !(Get-Member -InputObject $base -Name $propName)){ $base | Add-Member -Name $propName -Value $null -MemberType NoteProperty } $propValue = $node.($_.Name)[0] $base.$propName = $propValue } $base } } } process{ if($node.Children){ $node.Children | %{ Get-ADAMTree $_ $VDIClasses } } Get-ADAMProperties $node $VDIClasses } } |
Annotation
Line 21: The start node in the AD LDS partition where the function should start. The View partition root node is called “dc=vdi,dc=vmware,dc=int”
Line 23: The hash table that contains the View classes that were retrieved by the Get-VDILDSSchema function from the .ldf file.
Line 27-53: An internal helper function that actually reads the records and their attributes. This helper function is called by the main process at each node.
Line 36: If the script encounters a record that is described in the hash table, it will extract the required info, and place the created object in the pipeline. Remember we only look at records that start with pae-.
Line 43: For each View related record the script finds, it only looks at the attributes that start with pae-. These are the View related attributed and avoid that the script looses time by looking at all the other attributes.
Line 56-62: The main routine of the function. Note that the script calls itself recursively for each of the children at a node. And at each node, the internal helper function is called to retrieve the records and their attributes at the node.
Sample Usage
Both functions can be used separately. You can first read the .ldf file and store the extracted class information in a XML file.
|
1 2 3 4 |
$ldfPath = "C:\View\vdiSchema.ldf" Get-VDILDSSchema -vdiSchema $ldfPath | Export-Clixml c:\View\VDI-classes.xml -Confirm:$false |
But you can bring a bit more intelligence in a script.
In the following example the script checks if the XML file is present, and if not it will create it. Then the script continues by extracting all the records from the View partition. So in this case you only need to provide the .ldf file.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
$view = "dc=vdi,dc=vmware,dc=int" $domain = "LDAP://$viewServer/$view" if(!(Test-Path -Path $VDIClassesPath)){ Get-VDILDSSchema -vdiSchema $ldfPath | Export-Clixml -Path $VDIClassesPath -Confirm:$false } $VDIClasses = Import-Clixml -Path $VDIClassesPath $root = New-Object System.DirectoryServices.DirectoryEntry $domain $report = Get-ADAMTree -Node $root -VDIClasses $VDIClasses if(Test-Path -Path $xlsPath){ Get-Item -Path $xlsPath | Remove-Item -Confirm:$false } $report | Group-Object -Property Name | %{ Export-Xls -InputObject $_.Group -Path $xlsPath ` -WorksheetName $_.Name -NoTypeInformation } |
To make your life easier, the following download link allows you to get a .ps1 file that holds all the functions and the main logic. You just have to provide it with the path to the .ldf file, the path to the .xml file and the name of the .xls file.
And to give you an idea of what is contained in the .xls file, some screenshots.
A worksheet per available recordtype
Each View record attribute in a column.
And of course the values.
In a follow-up post I will show you how you can use this .xls file to retrieve the information that some of the scripts I mentioned in the beginning of this post were using.
Enjoy !