ADOrganizationalUnit: Add DomainController parameter

[jacob-h1]

Description

The ADOrganizationUnit DSC resource has a 'Credential' parameter but does not have the 'DomainController' parameter. Therefore it is not possible to create an OU if the computer is not member of the domain.
The *-ADOrganizationalUnit CmdLets in the ActiveDirectory module all supports the 'Server' parameter so it should be possible to add this the 'DomainController' parameter to the resource.

Proposed properties

DomainController: Specifies the Active Directory Domain Services instance to connect to perform the task.

Special considerations or limitations

N/A

[X-Guardian]

Hi @jacob-h1, none of the resources in this module have been written or tested to work successfully when run from a non-domain joined computer. I'm not sure it is a scenario that we would want to support.

[jacob-h1]

Hi @jacob-h1, none of the resources in this module have been written or tested to work successfully when run from a non-domain joined computer. I'm not sure it is a scenario that we would want to support.

It is fully supported by the underlying *-ADOrganizationalUnit CmdLets used by the resource (using the 'Server' parameter). Most of the other resources in this module have the 'DomainController' parameter. So why not add it to the ADOrganizationalUnit resource as well?

[X-Guardian]

Happy to accept a PR if you want to raise one, but just warning you that you are likely to come across a lot of issues with other ActiveDirectoryDsc resources running them from a non-domain joined machine.

[Clebam]

Hi, there might be a use foreach of the ActiveDirectoryDsc Resources in a scenario where you have 2 domains, say:

• contoso.com
• child.contoso.com

You may have a server used to administrate both domain (using specified credentials), with the server being on consoto.com domain. This scenario prevents to expose directly AD DC.

[matt2005]

This is also useful when working with trusted domains. I'm working on a PR to add support