Add AD pre-population extractor for Dr Migrate#17
Draft
adamswbrown wants to merge 1 commit into
Draft
Conversation
Implements the nine queries from the AD pre-population spec as a single read-only PowerShell script: master server inventory, computer + service account + gMSA SPNs, sites, subnets, OU distribution, stale servers, domain controllers, and a coverage summary. Adds a derived workload classification CSV that joins all SPN sources against the service-class reference table so SQL/IIS/Exchange/etc. workloads can be picked up without scanning the servers. https://claude.ai/code/session_01Mv4u6bByTyy75mWPzod2Y4
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements the AD pre-population spec as a single read-only PowerShell script that pulls a complete server inventory, workload signals, and topology from Active Directory into CSVs ready to be merged into a DMC cloud-migration assessment.
The nine queries from the spec, plus a derived workload classification:
ad_servers.csv— authoritative enabled-server list (OS, last logon, OU, owner)ad_spns_computer.csv— SPNs against computer objectsad_spns_service_accounts.csv— SPNs against domain user accounts (catches SQL/Exchange/IIS running as service accounts)ad_spns_gmsa.csv— SPNs against Group Managed Service Accountsad_workload_classification.csv— derived per-host workload hints from joined SPN data + reference tablead_sites.csv,ad_subnets.csv— topologyad_ou_distribution.csv— top-3-level OU countsad_stale_servers.csv— inactive pastStaleThresholdDays(default 90)ad_domain_controllers.csv— DCs (usually out of migration scope)ad_coverage_summary.csv— single-row summary for the customer conversationad_run_status.csv— per-query status with row counts and any errorsRead-only; runs as any authenticated domain user. Logs to stderr so stdout stays clean. Each query is wrapped in try/catch — partial output is preferred over no output. Supports
-Server,-Credential,-StaleThresholdDays,-TimestampOutputfor snapshotting.Test plan
-StaleThresholdDays-TimestampOutputcreates a dated subdirectory and re-runs don't clobber prior snapshotsad_workload_classification.csvagainst a known SQL host (workload should be derived from the service-account SPN, not the computer SPN)https://claude.ai/code/session_01Mv4u6bByTyy75mWPzod2Y4
Generated by Claude Code