-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Welcome to the ADDeploy wiki!
So, you were probably looking for PowerShell stuff related to ESAE, and you found this project. Yes, there are other modules and scripts already available to deploy some, or many, aspects of ESAE. This probably leads you to wonder why it is I felt that another one was required...simply put, I think that the other options I've seen are either too static, or never got completed. If you've got a smaller environment, or otherwise have the ability to use a relatively flat OU structure that fits completely within the MS 'Securing Privileged Access' content (formerly referred to as ESAE), you should absolutely use that approach and leverage one of the many fine options already available.
In my case, I'm a consultant, and I've had to build quite a few ESAE type environments by this point, and not a single one had a flat enough support organization to enable effective use of a flat OU structure. I won't go into all the details here, as this isn't the place. If you are interested in my philosophy on the subject, I suggest you check out my blog, where I will go into what is likely to be an exhausting level of detail.
The overall goal of this project is to enable deployment of an ESAE environment in an automated manner for those needing something a bit broader and more complex, but still need it to be manageable. This project leverages a specific set of framework components, particularly in regards to some aspects of the OU structure, but within that framework there is a LOT of room for customization, and even some extensibility, without needing to modify code within the module to make most scenarios work.
The existing published version is a pre-release, in that not all features have been built yet, and there are still a few bugs that need to be worked out. That said, the current components are capable of performing a fully automated deployment of some of the base 'Red' forest delegation needs and the OU structure, as well as all of the associated groups and ACLs. The module has the ability to run multi-threaded, so it can deploy hundreds of thousands of objects in a matter of hours. It's also been optimized to minimize the memory footprint (typically not more than a few hundred MB per thread), with threads tied to the number of processors on the system. As much as I possibly could, everything is completely dynamic, based on entries in a very lightweight SQLite DB, though I've come to realize I need to some architecture changes for a few things.
I won't go into that more on this page, but I have a few more details on other pages, and I'll continue to augment the wiki as time goes on. If you'd like to contribute, I'd love to have you on board. If you have ideas, I'd love to hear them, as I know there are probably lots of areas I can do much better.