I've always assumed that being a computer type means that you follow a very simple axiom: never repeat manually what could be done by a program for you.
In other words, automate the automatable, whenever possible, and, when it's not possible, whine like hell.
It turns out that our SysAdmin consultant does not think this way. Or perhaps it's simply that his definition of "possible" is extremely limited. At any rate, as a result of his ignorance in this matter, I've been reading up on scripting, trying to get myself the requisite literacy in Windows programming that, staggeringly, the Windows expert lacks. In this case, I have a very simple, very tedious task to do:
1. Collect a list of student users from our online student information database.
2. Create Active Directory accounts for those students that don't already have accounts.
3. Delete Active Directory student accounts for students not on our list.
This is the kind of task that any lover of computers should refuse to believe must be done by hand. (Note that I also had to create google-based e-mail accounts for these people — that was a no-brainer because google is not designed by idiots (there's a defined csv file and all I have to do is massage the data into that format and upload it).)
Lo and behold, after much fruitless searching, I have at long last found instructions for creating Active Directory accounts from information in a spreadsheet (or, if they were more sane, a csv file) (hopefully that link will help future googlers).
As I began to read those instructions, though, I was struck by the following strange prose, which so confused me, and so revealed the weirdness of the category of "System Administrator", that I had to stop reading and write this blog post. Here goes:
System administrators, or so we are often told, are the last of the rugged individualists. System administrators don't use mice and dropdown lists; they type their commands at the command line. System administrators don't bother with graphical user interfaces; they like their data displayed in the command window. System administrators don't pull up to the drive-through window at a fast-food restaurant, they actually get out of the car and... well, okay, even rugged individualists have to draw the line somewhere. The point is, you can run a script by starting it from the command prompt and passing it a bunch of command-line arguments; in addition, you can output data to the command window or to a text file. What more could you possibly need?
The truth is, there are lots of times you don't need anything else. On the other hand, sometimes—just sometimes, mind you—system administrators look at applications like Microsoft® Excel and think about how nice it would be to harness some of the capabilities Excel for their own use. Consider, for example, the need to create a bunch of new user accounts in Microsoft® Active Directory®. Could you do that by passing command-line parameters to a script? Sure, if you don't mind typing in command strings similar to this:
cscript new_user.vbs /cn="Myer Ken" /sAMAccountName="kenmyer" /givenName="Ken" /SN="Myer"
Okay, maybe that's not such a good idea. But couldn't you read in all the information from a text file? You bet you could. Of course, the text file would have to look something like this:
That works, too, but good luck getting your HR department to supply you with a text file that looks like that. Can you use these techniques? If you want to. But think about how easy it would be for your HR department (or whoever) to type all this information in Excel; in fact, there's a good chance that's what they already do. Yes, Excel is a graphical utility, and, yes, you're a rugged individualist, but just this once, wouldn't it be nice to be able to take an Excel spreadsheet, run a script against it, and then use the information gleaned from the spreadsheet to create a whole bunch of user accounts, all in one fell swoop?
Okay, sure, not for you. But maybe you have a friend who isn't as rugged an individualist as you are. If so, tell your friend that he or she is in luck. This month we're going to tell you—um, we're going to tell them how to use a script to read data directly from an Excel spreadsheet, and then use that data to create a bunch of new user accounts in Active Directory. And then next month we'll show them how to go the opposite route: How to grab data out of Active Directory (or some other location) and display it in a nicely-formatted spreadsheet. And listen: If you decide to try these scripts, we promise not to tell your fellow system administrators. Promise
Ok, let's look at the crazy assumptions in the above:
- The point of the commandline is that you can do things with lots of parameters, which shows you're knowledgable.
Actually, the point is that you can chain various commands together, and save useful combinations thereof in scripts. No one prefers typing long chains of obscure switches to pressing a few buttons; it's just that there's no way to program button-presses, so programmers prefer the commandline. It appears that sysadmins (as imagined by the above prose) try to imitate programmers by typing everything into a commandline, but don't actually understand it).
- A CSV text file is scary
WTF? Is there any decent programming language that doesn't have simple libraries for handling CSV files?
- An Excel file is different from a csv file
Again, WTF? Is there any person sufficiently computer literate to be reading this document who couldn't turn a given excel file into a csv file easily (Save As...)? And is there any HR department that could be trusted to get column headers etc. exactly right so you could run a script using their Excel file? Or is it actually true that all the crap excel adds to data to make the HR department happy (like formatting, for example) just gets in the way of the programmer, which is why you'd convert to CSV in the first place. I assume in this example we'll massage it into a predetermined format of Excel file instead, but if that's the case, there's really no difference between the Excel solution and the CSV solution.
- Rugged individualists wouldn't run scripts against spreadsheets
Huh? I frankly can't imagine how any thinking person (and I assume these straw-man rugged individualists would style themselves thinking people) could possibly consider creating users doing anything other than running a script against something like a spreadsheet (assuming, that is, that one is copying a list of users from elsewhere, such as HR).
Of course the ultimate WTF is that this functionality isn't built into AD at a more basic level.
Anyway, I'll be reading the rest of the article soon. The odd thing about the article is that it seems to posit a commandline-using sysadmin in opposition to someone with a modicum of programming knowledge. And that, I must say, is very strange.