mikerobertson.info

a blog

View on GitHub
14 March 2019

Nested

by Mike

After the second hour of troubleshooting domain trust issues and re-familiarizing myself with the local/global/universal group nesting requirements for cross-forest ACL management, I finally stopped to ask myself what I was doing. How did I get down this rabbit hole? Wasn’t I supposed to be updating a PowerShell module for DC promotion?

Oh, right. I created a new git branch because my original script constrained functionality explicitly to Server 2012, and now I want to refactor to support multiple OS choices. But of course, for a test branch, I’ll want my YAML deployments pointed to the test domain.

Oh, right. The test domain doesn’t have the same DFS namespace structure as production. I’ll need to create a new one and set up the directory structure to hold my scripts and modules. I’ll also want to mirror the permission scheme so that we can manage access the same way.

Oh, right. If I want to deploy this new branch directly from my workstation, I’ll need to make sure the test ACL groups contain my production accounts, too. But why isn’t that working?

Now the day is gone, my feature branch is still identical to the master, and I could have just manually copied and pasted the code I wanted to test hours ago.

Changing a Lightbulb GIF

tags: tech - culture