-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
xADDomainController: Added new parameter IsGlobalCatalog #255
Conversation
Codecov Report
@@ Coverage Diff @@
## dev #255 +/- ##
====================================
+ Coverage 87% 88% +<1%
====================================
Files 20 20
Lines 1852 1904 +52
Branches 11 10 -1
====================================
+ Hits 1624 1684 +60
+ Misses 217 210 -7
+ Partials 11 10 -1 |
@nyanhp, @devopsjesus, @rchristman89 would anyone of you (or all) help me an review this PR? 😃 Let me know if you need any help to get started with reviewing. I'm here or on (join) Slack. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 7 of 7 files at r1.
Reviewable status: all files reviewed, 17 unresolved discussions (waiting on @johlju)
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 87 at r1 (raw file):
try { $dc = Get-ADDomainController -Identity $env:COMPUTERNAME -Credential $DomainAdministratorCredential
variables should be spelled out throughout. Non-Stopping (but maybe open issue for clean-up on this resource)
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 88 at r1 (raw file):
{ $dc = Get-ADDomainController -Identity $env:COMPUTERNAME -Credential $DomainAdministratorCredential Write-Verbose -Message "Found domain controller '$($dc.Name)' in domain '$($dc.Domain)'."
Should be using localized strings. Non-Stopping (but maybe open issue for clean-up on this resource)
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 228 at r1 (raw file):
Write-Verbose -Message "Verified that domain '$($DomainName)' is present, continuing ..." $params = @{
params should be spelled out throughout. Non-Stopping (but maybe open issue for clean-up on this resource)
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 236 at r1 (raw file):
} if ($DatabasePath -ne $null)
Should use 'ContainsKey' throughout. Non-Stopping (but maybe open issue for clean-up on this resource)
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 289 at r1 (raw file):
} $dc = Get-ADDomainController -Identity $env:COMPUTERNAME -Credential $DomainAdministratorCredential -ErrorAction 'Stop'
dc should be spelled out throughout. Non-Stopping (but maybe open issue for clean-up on this resource)
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 298 at r1 (raw file):
else { throw 'Could not get the distinguished name of the NTDSSettingsObject directory object that represents this domain controller.'
Should be using localized strings. Non-Stopping (but maybe open issue for clean-up on this resource)
Examples/Resources/xADDomainController/1-AddDomainControllerToDomainMinimal.ps1, line 46 at r1 (raw file):
} xADDomainController 'DomainController1'
Can we call this something like 'DomainControllerMinimal'
Examples/Resources/xADDomainController/2-AddDomainControllerToDomainAllProperties.ps1, line 46 at r1 (raw file):
} xADDomainController 'DomainController1'
Can we call this 'DomainControllerAllProperties'?
Examples/Resources/xADDomainController/3-AddDomainControllerToDomainUsingIFM.ps1, line 46 at r1 (raw file):
} xADDomainController 'DomainController1'
Can we call this something like 'DomainControllerWithIFM'
Tests/Unit/MSFT_xADDomainController.Tests.ps1, line 304 at r1 (raw file):
Mock -CommandName Install-ADDSDomainController -ParameterFilter { $InstallationMediaPath -eq $correctInstallationMediaPath } Set-TargetResource @testDefaultParams -DomainName $correctDomainName -InstallationMediaPath $correctInstallationMediaPath -Verbose
Should Verbose be enabled in test cases?
Tests/Unit/MSFT_xADDomainController.Tests.ps1, line 321 at r1 (raw file):
Mock -CommandName Move-ADDirectoryServer Set-TargetResource @testDefaultParams -DomainName $correctDomainName -SiteName $correctSiteName -Verbose
same as above
Tests/Unit/MSFT_xADDomainController.Tests.ps1, line 337 at r1 (raw file):
Mock -CommandName Move-ADDirectoryServer Set-TargetResource @testDefaultParams -DomainName $correctDomainName -SiteName $correctSiteName -Verbose
same as above
Tests/Unit/MSFT_xADDomainController.Tests.ps1, line 352 at r1 (raw file):
Mock -CommandName Move-ADDirectoryServer Set-TargetResource @testDefaultParams -DomainName $correctDomainName -Verbose
same as above
Tests/Unit/MSFT_xADDomainController.Tests.ps1, line 379 at r1 (raw file):
} Set-TargetResource @testDefaultParams -DomainName $correctDomainName -IsGlobalCatalog $true -Verbose
same as above
Tests/Unit/MSFT_xADDomainController.Tests.ps1, line 395 at r1 (raw file):
} Set-TargetResource @testDefaultParams -DomainName $correctDomainName -IsGlobalCatalog $false -Verbose
same as above
Tests/Unit/MSFT_xADDomainController.Tests.ps1, line 411 at r1 (raw file):
} Set-TargetResource @testDefaultParams -DomainName $correctDomainName -IsGlobalCatalog $true -Verbose
same as above
Tests/Unit/MSFT_xADDomainController.Tests.ps1, line 425 at r1 (raw file):
} Set-TargetResource @testDefaultParams -DomainName $correctDomainName -Verbose
same as above
@kungfu71186 Many thanks for the review 🙇 I will get on these in a day or so! |
b677659
to
266d84b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I made major refactor of this resource when I added localization. I have not tested this resource in a lab after the refactor. Looking to see how the unit tests work out after this refactor. Theoretical the refactor should not have changed any functionality.
Reviewable status: 1 of 8 files reviewed, 17 unresolved discussions (waiting on @kungfu71186)
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 87 at r1 (raw file):
Previously, kungfu71186 wrote…
variables should be spelled out throughout. Non-Stopping (but maybe open issue for clean-up on this resource)
Done.
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 88 at r1 (raw file):
Previously, kungfu71186 wrote…
Should be using localized strings. Non-Stopping (but maybe open issue for clean-up on this resource)
Done.
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 228 at r1 (raw file):
Previously, kungfu71186 wrote…
params should be spelled out throughout. Non-Stopping (but maybe open issue for clean-up on this resource)
Done.
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 236 at r1 (raw file):
Previously, kungfu71186 wrote…
Should use 'ContainsKey' throughout. Non-Stopping (but maybe open issue for clean-up on this resource)
Done.
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 289 at r1 (raw file):
Previously, kungfu71186 wrote…
dc should be spelled out throughout. Non-Stopping (but maybe open issue for clean-up on this resource)
Done.
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 298 at r1 (raw file):
Previously, kungfu71186 wrote…
Should be using localized strings. Non-Stopping (but maybe open issue for clean-up on this resource)
Done.
Examples/Resources/xADDomainController/1-AddDomainControllerToDomainMinimal.ps1, line 46 at r1 (raw file):
Previously, kungfu71186 wrote…
Can we call this something like 'DomainControllerMinimal'
Done.
Examples/Resources/xADDomainController/2-AddDomainControllerToDomainAllProperties.ps1, line 46 at r1 (raw file):
Previously, kungfu71186 wrote…
Can we call this 'DomainControllerAllProperties'?
Done.
Examples/Resources/xADDomainController/3-AddDomainControllerToDomainUsingIFM.ps1, line 46 at r1 (raw file):
Previously, kungfu71186 wrote…
Can we call this something like 'DomainControllerWithIFM'
Done.
Tests/Unit/MSFT_xADDomainController.Tests.ps1, line 304 at r1 (raw file):
Previously, kungfu71186 wrote…
Should Verbose be enabled in test cases?
Done. Added it to the splatting hash table so I only needed to set it once.
Tests/Unit/MSFT_xADDomainController.Tests.ps1, line 321 at r1 (raw file):
Previously, kungfu71186 wrote…
same as above
Done.
Tests/Unit/MSFT_xADDomainController.Tests.ps1, line 337 at r1 (raw file):
Previously, kungfu71186 wrote…
same as above
Done.
Tests/Unit/MSFT_xADDomainController.Tests.ps1, line 352 at r1 (raw file):
Previously, kungfu71186 wrote…
same as above
Done.
Tests/Unit/MSFT_xADDomainController.Tests.ps1, line 379 at r1 (raw file):
Previously, kungfu71186 wrote…
same as above
Done.
Tests/Unit/MSFT_xADDomainController.Tests.ps1, line 395 at r1 (raw file):
Previously, kungfu71186 wrote…
same as above
Done.
Tests/Unit/MSFT_xADDomainController.Tests.ps1, line 411 at r1 (raw file):
Previously, kungfu71186 wrote…
same as above
Done.
Tests/Unit/MSFT_xADDomainController.Tests.ps1, line 425 at r1 (raw file):
Previously, kungfu71186 wrote…
same as above
Done.
@kungfu71186 You mind looking at this again? I refactored it a bit, so a little more to review though. 🙂 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 7 of 7 files at r2.
Reviewable status: all files reviewed, 5 unresolved discussions (waiting on @johlju)
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 17 at r2 (raw file):
<# .SYNOPSIS Returns the current state of the certificate that may need to be requested.
Should be 'Domain Controller', not certificate
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 77 at r2 (raw file):
Assert-Module -ModuleName 'ActiveDirectory' $returnValue = @{
Is this standardize (returnValue variable name) or should it be? Just curious tbh
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 161 at r2 (raw file):
<# .SYNOPSIS Returns the current state of the certificate that may need to be requested.
Should be 'Domain Controller', not certificate
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 311 at r2 (raw file):
if ($IsGlobalCatalog) { $value = 1
Can we make this a little more descriptive. Maybe just 'globalCatalogValue'
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 356 at r2 (raw file):
<# .SYNOPSIS Returns the current state of the certificate that may need to be requested.
same, certificate
@johlju looks pretty good on my end. Good job! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: all files reviewed, 5 unresolved discussions (waiting on @johlju)
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 77 at r2 (raw file):
Assert-Module -ModuleName 'ActiveDirectory' $returnValue = @{
Is this standardize (returnValue variable name), like some other resources use targetResource. Just curious tbh
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 7 of 8 files reviewed, 5 unresolved discussions (waiting on @kungfu71186)
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 17 at r2 (raw file):
Previously, kungfu71186 wrote…
Should be 'Domain Controller', not certificate
Done.
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 77 at r2 (raw file):
Previously, kungfu71186 wrote…
Is this standardize (returnValue variable name) or should it be? Just curious tbh
Done. There is no actual standard for the variable name. I like have the variable names descriptive, so it it easier to read the code to understand what the variable contain when reading just a part of the code.
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 77 at r2 (raw file):
Previously, kungfu71186 wrote…
Is this standardize (returnValue variable name), like some other resources use targetResource. Just curious tbh
Done.
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 161 at r2 (raw file):
Previously, kungfu71186 wrote…
Should be 'Domain Controller', not certificate
Done.
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 311 at r2 (raw file):
Previously, kungfu71186 wrote…
Can we make this a little more descriptive. Maybe just 'globalCatalogValue'
Done.
DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1, line 356 at r2 (raw file):
Previously, kungfu71186 wrote…
same, certificate
Done.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 1 files at r3.
Reviewable status: complete! all files reviewed, all discussions resolved
@johlju not sure if anyone else needs to review, but looks good to me. |
@kungfu71186 I just push another commit, can you sign off on that too? I found out the hard way when manually doing an integration tests. The No, no other need to review. Your review and my manual test should be enough. 😃 Thank you! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome, i will try to do a manual test tonight
Reviewed 2 of 2 files at r4.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @johlju)
README.md, line 124 at r4 (raw file):
>seemingly halt (without reporting an error) when trying to replicate >information from another domain controller. >Make sure to use a correct domain account with the correct permssion as
permission spelling
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome! I will wait to merge this until you say okay on your testing too then! 🙂
Reviewable status: 7 of 8 files reviewed, 1 unresolved discussion (waiting on @kungfu71186)
README.md, line 124 at r4 (raw file):
Previously, kungfu71186 wrote…
permission spelling
Done. Doh. VSCode even told me it was spelled wrong. I just missed it. :/
@kungfu71186 I usually get the spelling right, but the grammar is not my strong suit (English is second language), so if you see me do grammatical errors, then please correct me. :) @PlagueHO are usually good at spotting those for me too. 😄 |
@johlju no worries, English is my first language, but sometimes it seems like it's my third lol. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 1 files at r5.
Reviewable status: complete! all files reviewed, all discussions resolved
@johlju Ran through a clean DC install with 2019. One issue I ran into was the windows feature Another strange issue is after I rebooted the machine, it says that it is a DC, but asked to finish the promotion. not sure why. Maybe a 2019 thing? Could also be my environment. Found one other issue. If I do something like: DomainName: mydomain.contoso.com Config looks like:
It fails the check because of: Its comparing using the fqdn. I think this check is sufficient enough: I think if you move: https://github.com/johlju/xActiveDirectory/blob/80f5c2b1fc08ac3627987b8167a97550c16a99ac/DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.psm1#L130-L148 this into the try block, you will be ok with your check or do something like i did: Maybe we can make that a common function. Assert-IsDomainController or whatever. You could also do it like MSA:
|
It's in the example here; https://github.com/PowerShell/xActiveDirectory#examples
I did not get this on Windows Server 2016 🤔 |
I actually did this and changed it in commit d84393b The reason I changed it because the test failed... And that is because I never actually throw the correct error it was expecting, so of course it failed. 😞 I must have been tired. 😕 Thank you for pointing out that again for me, I will make the correction. |
I'm gonna get the code coverage (thats the failing test), also seeing a strange error on Win 2016. Not sure if it is related to this change, or my configuration, but want to make sure. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: all files reviewed, 1 unresolved discussion
DSCResources/MSFT_xADCommon/MSFT_xADCommon.psm1, line 948 at r8 (raw file):
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]
@kungfu71186 I actually get Microsoft.ActiveDirectory.Management.ADServerDownException
when calling 'Get' function when the node is not already in a domain. If the node is in a domain I get [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]
. So I think we need to catch both.
Interesting. I had only tried while the node was on the domain this time. |
I wonder if we should do this instead |
Then we don't have to handle any errors at all. Much cleaner. Well, only error we need to handle if the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 6 of 11 files reviewed, all discussions resolved (waiting on @kungfu71186)
DSCResources/MSFT_xADCommon/MSFT_xADCommon.psm1, line 948 at r8 (raw file):
Previously, johlju (Johan Ljunggren) wrote…
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]
@kungfu71186 I actually get
Microsoft.ActiveDirectory.Management.ADServerDownException
when calling 'Get' function when the node is not already in a domain. If the node is in a domain I get[Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]
. So I think we need to catch both.
Done
@kungfu71186 Can you be so kind to review/approve these changes again? I feel comfortable that this change should be stable and work now (it feels more stable). I refactored the unit tests for |
I tested this change manually by running Get and Test with Invoke-DscResource, and then I run a full configuration on a node that was not part of a domain, and it successfully rebooted as a domain controller, and also not having a global catalog. 🙂 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@
Reviewed 3 of 5 files at r9, 1 of 1 files at r10.
Reviewable status: 10 of 11 files reviewed, 7 unresolved discussions (waiting on @johlju and @kungfu71186)
CHANGELOG.md, line 28 at r10 (raw file):
template, and
no comma here
DSCResources/MSFT_xADCommon/MSFT_xADCommon.psm1, line 34 at r10 (raw file):
AddingGroupMember = Adding member '{0}' from domain '{1}' to AD group '{2}'. WasExpectingDomainController = The operating system product type code is 2 so was expecting this node to be a domain controller, but no domain controller object was returned. (ADC0001)
It looks like this is used for when you get the domain controller object, but the product type code returns 2, indicating that it is a domain controller and you should have gotten the DC object.
Maybe something like:
The operating system product type code returned 2, which indicates that this is domain controller, but was unable to retrieve the domain controller object.
DSCResources/MSFT_xADCommon/MSFT_xADCommon.psm1, line 917 at r10 (raw file):
If the domain controller is not found, and empty object ($null) is returned.
If the domain controller is not found, an empty object ($null) is returned.
DSCResources/MSFT_xADCommon/MSFT_xADCommon.psm1, line 918 at r10 (raw file):
.OUTPUTS If the domain controller is not found, and empty object ($null) is returned. .NOTES
Need newline before
DSCResources/MSFT_xADCommon/MSFT_xADCommon.psm1, line 919 at r10 (raw file):
If the domain controller is not found, and empty object ($null) is returned. .NOTES Throws and Microsoft.ActiveDirectory.Management.ADServerDownException
Throws an exception of Microsoft.ActiveDirectory.Management.ADServerDownException if the domain cannot be contacted.
DSCResources/MSFT_xADCommon/MSFT_xADCommon.psm1, line 976 at r10 (raw file):
.SYNOPSIS Returns the domain controller object if the node is a domain controller, otherwise it return $null.
Returns $true if the node is a domain controller, otherwise it returns $false
Tests/Unit/MSFT_xADDomainController.Tests.ps1, line 455 at r10 (raw file):
} Context 'When the domain controller should change state og Global Catalog, but fail to return a domain controller object' {
og = of? typo
@johlju looks like code is good, just some grammatical issues and then ready for merge. Yay!!! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added two more localized strings. Realized it never say the global catalog was not in desired state.
Reviewable status: 6 of 11 files reviewed, 7 unresolved discussions (waiting on @johlju and @kungfu71186)
CHANGELOG.md, line 28 at r10 (raw file):
Previously, kungfu71186 wrote…
template, and
no comma here
Done.
DSCResources/MSFT_xADCommon/MSFT_xADCommon.psm1, line 34 at r10 (raw file):
Previously, kungfu71186 wrote…
It looks like this is used for when you get the domain controller object, but the product type code returns 2, indicating that it is a domain controller and you should have gotten the DC object.
Maybe something like:
The operating system product type code returned 2, which indicates that this is domain controller, but was unable to retrieve the domain controller object.
Done.
DSCResources/MSFT_xADCommon/MSFT_xADCommon.psm1, line 917 at r10 (raw file):
Previously, kungfu71186 wrote…
If the domain controller is not found, and empty object ($null) is returned.
If the domain controller is not found, an empty object ($null) is returned.
Done.
DSCResources/MSFT_xADCommon/MSFT_xADCommon.psm1, line 918 at r10 (raw file):
Previously, kungfu71186 wrote…
Need newline before
Done.
DSCResources/MSFT_xADCommon/MSFT_xADCommon.psm1, line 919 at r10 (raw file):
Previously, kungfu71186 wrote…
Throws an exception of Microsoft.ActiveDirectory.Management.ADServerDownException if the domain cannot be contacted.
Done.
DSCResources/MSFT_xADCommon/MSFT_xADCommon.psm1, line 976 at r10 (raw file):
Previously, kungfu71186 wrote…
Returns $true if the node is a domain controller, otherwise it returns $false
Done. Copy paste mistake :/
@kungfu71186 When you have time, could you please sign off on the last changes. 😃 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 5 of 5 files at r11.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @johlju)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@johlju looks good! Hopefully I didn't miss anything.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @johlju)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 7 files at r1, 4 of 10 files at r6, 1 of 5 files at r9, 5 of 5 files at r11.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @johlju)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @kungfu71186)
Tests/Unit/MSFT_xADDomainController.Tests.ps1, line 455 at r10 (raw file):
Previously, kungfu71186 wrote…
og = of? typo
Done.
I will run one more manual test in Win 2019, then I merge |
@kungfu71186 Two additional domain controllers installed without any issue. One with GC and one without GC. |
Pull Request (PR) description
InstallationMediaPath
that it wouldnot be added if it was specified in a configuration. Now the parameter
InstallationMediaPath
is correctly passed toInstall-ADDSDomainController
.tests for the function 'Set-TargetResource'.
This Pull Request (PR) fixes the following issues
Task list
Entry should say what was changed, and how that affects users (if applicable).
and comment-based help.
This change is