LLMpediaThe first transparent, open encyclopedia generated by LLMs

PowerShell Desired State Configuration

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Exchange Server Hop 4
Expansion Funnel Raw 50 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted50
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
PowerShell Desired State Configuration
NamePowerShell Desired State Configuration
DeveloperMicrosoft
Released2013
Programming languagePowerShell, C#
Operating systemWindows, Linux
LicenseMIT (parts)

PowerShell Desired State Configuration is a configuration management platform developed by Microsoft that uses a declarative model to define and enforce the desired state of computers and services. It integrates with Windows Server, Microsoft Azure, and cross-platform PowerShell Core environments, enabling automation across datacenter and cloud infrastructures. Influenced by trends in infrastructure as code, it intersects with projects and organizations such as Chef (software), Puppet (software), Ansible (software), HashiCorp, and GitHub for versioned configuration authoring and distribution.

Overview

DSC originated within Microsoft's PowerShell team and was prominently announced around the time of Windows Server 2012 R2 and PowerShell 4.0. It provides a declarative syntax to express configuration intent, allowing engines to apply idempotent changes to resources on targets like Windows Server 2016, Windows Server 2019, Ubuntu, and Red Hat Enterprise Linux. DSC participates in ecosystems including Microsoft Azure Automation, System Center, Chef (software), and Jenkins (software) pipelines for continuous delivery of infrastructure. Governance and auditing of DSC workflows are often integrated with tools and institutions such as Azure Policy, Microsoft Intune, and enterprise identity systems like Active Directory and Azure Active Directory.

Architecture and Components

The DSC architecture separates configuration authoring, resource modules, and node execution. Key components include the Local Configuration Manager (LCM) embedded in nodes, pull servers that host configuration artifacts, and resource modules that encapsulate actions. LCM implements a reconciliation loop similar to controllers used by Kubernetes clusters and integrates with Windows components like Windows Management Instrumentation and the Common Information Model. Pull server implementations include the native DSC Pull Server, Azure Automation DSC, and community projects integrated via GitHub repositories. DSC resource modules are published by vendors such as Microsoft and third parties including Chef (software), Puppet (software), and independent maintainers on PowerShell Gallery.

Configuration Language and Resources

Configurations are authored in PowerShell script syntax that emits a MOF (Managed Object Format) document consumed by the LCM. The language permits declarative blocks referencing resource types such as File, Service, Registry, and Script; vendors provide specialized resources for IIS (Internet Information Services), SQL Server, Exchange Server, and SharePoint. Resource modules follow a schema and may be implemented in PowerShell or C#, drawing on standards like the Common Information Model used by Windows Management Instrumentation. The resource ecosystem is cataloged on platforms including PowerShell Gallery, with community modules often integrated into orchestration tools like Octopus Deploy and Azure DevOps.

Workflow and Deployment Models

DSC supports two primary modes: push and pull. In push mode, administrators use tools such as the PowerShell CLI, Azure Automation, or orchestration servers like System Center Configuration Manager to send MOF documents directly to nodes. Pull mode leverages a pull server where nodes periodically check for updated configurations, a pattern analogous to package repositories such as npm or NuGet and orchestration flows in Kubernetes Helm. Continuous integration and deployment pipelines often use GitHub Actions, Azure Pipelines, or Jenkins (software) to validate configurations, run tests with frameworks like Pester, and publish resource modules to the PowerShell Gallery or private artifact feeds.

Security and Compliance

DSC supports signing and encryption of configuration artifacts, integration with certificate authorities such as Active Directory Certificate Services, and role-based access control when combined with Azure Active Directory or Windows Server ACLs. Auditability is enhanced via eventing to the Windows Event Log, integration with Azure Monitor, and export of compliance state to management systems such as Microsoft System Center and Splunk. Security concerns intersect with policies and standards managed by organizations like National Institute of Standards and Technology and frameworks such as CIS Controls, where DSC can enforce baseline configurations for servers, endpoints, and cloud resources.

Use Cases and Examples

Common DSC use cases include enforcing desired configurations for web farms running IIS (Internet Information Services), automating SQL Server installations, configuring Hyper-V hosts, and maintaining compliance for virtual machines in Microsoft Azure and on-premises datacenters. Enterprises integrate DSC into hybrid cloud scenarios with Azure Automation DSC and use it alongside configuration management systems from Chef (software) and Puppet (software) to manage heterogeneous fleets. Community examples and recipes are shared on PowerShell Gallery, GitHub, and blogs authored by teams at Microsoft and independent specialists who contribute modules for platforms like Exchange Server, SharePoint, and container host management.

Limitations and Criticisms

Critics note that DSC's learning curve blends imperative PowerShell skills with declarative modeling, creating complexity for teams familiar only with one paradigm; similar critiques were leveled at transitions within Microsoft product lines and enterprise tooling shifts. The resource ecosystem can be fragmented, with varying quality across community modules on PowerShell Gallery and inconsistent cross-platform behavior between Windows Server and Linux distributions like Ubuntu or CentOS. Operationally, scaling pull servers at global scale requires careful planning akin to challenges faced by organizations operating Content Delivery Network architectures, and integration with modern GitOps workflows has been addressed by third-party projects rather than being native.

Category:Microsoft software