Changes to ADComputer

- BREAKING CHANGE: Renamed the parameter `DomainAdministratorCredential`
  to `Credential` to better indicate that it is possible to impersonate
  any credential with enough permission to perform the task (issue dsccommunity#269).

CHANGELOG.md

@@ -52,6 +52,9 @@
   - BREAKING CHANGE: The previously made obsolete parameter `Enabled` has
     been removed and is now a read-only property. See resource documentation
     how to enforce the `Enabled` property.
+  - BREAKING CHANGE: Renamed the parameter `DomainAdministratorCredential`
+    to `Credential` to better indicate that it is possible to impersonate
+    any credential with enough permission to perform the task ([issue #269](https://github.com/PowerShell/ActiveDirectoryDsc/issues/269)).
   - Fixed the GUID in Example 3-AddComputerAccountSpecificPath_Config
     ([issue #410](https://github.com/PowerShell/ActiveDirectoryDsc/issues/410)).
 - Changes to ADOrganizationalUnit

DSCResources/MSFT_ADComputer/MSFT_ADComputer.psm1

@@ -81,7 +81,7 @@ $script:computerObjectPropertyMap = @(
 
         Used by Get-ADCommonParameters and is returned as a common parameter.
 
-    .PARAMETER DomainAdministratorCredential
+    .PARAMETER Credential
         Specifies the user account credentials to use to perform the task.
 
         Used by Get-ADCommonParameters and is returned as a common parameter.
@@ -114,7 +114,7 @@ function Get-TargetResource
         [ValidateNotNull()]
         [System.Management.Automation.PSCredential]
         [System.Management.Automation.CredentialAttribute()]
-        $DomainAdministratorCredential,
+        $Credential,
 
         [Parameter()]
         [ValidateNotNull()]
@@ -134,25 +134,25 @@ function Get-TargetResource
         Computer account object.
     #>
     $getTargetResourceReturnValue = @{
-        Ensure                        = 'Absent'
-        ComputerName                  = $null
-        Location                      = $null
-        DnsHostName                   = $null
-        ServicePrincipalNames         = $null
-        UserPrincipalName             = $null
-        DisplayName                   = $null
-        Path                          = $null
-        Description                   = $null
-        Enabled                       = $false
-        Manager                       = $null
-        DomainController              = $DomainController
-        DomainAdministratorCredential = $DomainAdministratorCredential
-        RequestFile                   = $RequestFile
-        RestoreFromRecycleBin         = $RestoreFromRecycleBin
-        EnabledOnCreation             = $EnabledOnCreation
-        DistinguishedName             = $null
-        SID                           = $null
-        SamAccountName                = $null
+        Ensure                = 'Absent'
+        ComputerName          = $null
+        Location              = $null
+        DnsHostName           = $null
+        ServicePrincipalNames = $null
+        UserPrincipalName     = $null
+        DisplayName           = $null
+        Path                  = $null
+        Description           = $null
+        Enabled               = $false
+        Manager               = $null
+        DomainController      = $DomainController
+        Credential            = $Credential
+        RequestFile           = $RequestFile
+        RestoreFromRecycleBin = $RestoreFromRecycleBin
+        EnabledOnCreation     = $EnabledOnCreation
+        DistinguishedName     = $null
+        SID                   = $null
+        SamAccountName        = $null
     }
 
     $getADComputerResult = $null
@@ -200,7 +200,7 @@ function Get-TargetResource
         $getTargetResourceReturnValue['Enabled'] = $getADComputerResult.Enabled
         $getTargetResourceReturnValue['Manager'] = $getADComputerResult.ManagedBy
         $getTargetResourceReturnValue['DomainController'] = $DomainController
-        $getTargetResourceReturnValue['DomainAdministratorCredential'] = $DomainAdministratorCredential
+        $getTargetResourceReturnValue['Credential'] = $Credential
         $getTargetResourceReturnValue['RequestFile'] = $RequestFile
         $getTargetResourceReturnValue['RestoreFromRecycleBin'] = $RestoreFromRecycleBin
         $getTargetResourceReturnValue['EnabledOnCreation'] = $EnabledOnCreation
@@ -266,7 +266,7 @@ function Get-TargetResource
     .PARAMETER DomainController
         Specifies the Active Directory Domain Services instance to connect to perform the task.
 
-    .PARAMETER DomainAdministratorCredential
+    .PARAMETER Credential
         Specifies the user account credentials to use to perform the task.
 
     .PARAMETER RestoreFromRecycleBin
@@ -351,7 +351,7 @@ function Test-TargetResource
         [ValidateNotNull()]
         [System.Management.Automation.PSCredential]
         [System.Management.Automation.CredentialAttribute()]
-        $DomainAdministratorCredential,
+        $Credential,
 
         [Parameter()]
         [ValidateNotNull()]
@@ -369,12 +369,12 @@ function Test-TargetResource
     )
 
     $getTargetResourceParameters = @{
-        ComputerName                  = $ComputerName
-        RequestFile                   = $RequestFile
-        DomainController              = $DomainController
-        DomainAdministratorCredential = $DomainAdministratorCredential
-        RestoreFromRecycleBin         = $RestoreFromRecycleBin
-        EnabledOnCreation             = $EnabledOnCreation
+        ComputerName          = $ComputerName
+        RequestFile           = $RequestFile
+        DomainController      = $DomainController
+        Credential            = $Credential
+        RestoreFromRecycleBin = $RestoreFromRecycleBin
+        EnabledOnCreation     = $EnabledOnCreation
     }
 
     # Need the @() around this to get a new array to enumerate.
@@ -512,7 +512,7 @@ function Test-TargetResource
     .PARAMETER DomainController
         Specifies the Active Directory Domain Services instance to connect to perform the task.
 
-    .PARAMETER DomainAdministratorCredential
+    .PARAMETER Credential
         Specifies the user account credentials to use to perform the task.
 
     .PARAMETER RestoreFromRecycleBin
@@ -595,7 +595,7 @@ function Set-TargetResource
         [ValidateNotNull()]
         [System.Management.Automation.PSCredential]
         [System.Management.Automation.CredentialAttribute()]
-        $DomainAdministratorCredential,
+        $Credential,
 
         [Parameter()]
         [ValidateNotNull()]
@@ -609,12 +609,12 @@ function Set-TargetResource
     )
 
     $getTargetResourceParameters = @{
-        ComputerName                  = $ComputerName
-        RequestFile                   = $RequestFile
-        DomainController              = $DomainController
-        DomainAdministratorCredential = $DomainAdministratorCredential
-        RestoreFromRecycleBin         = $RestoreFromRecycleBin
-        EnabledOnCreation             = $EnabledOnCreation
+        ComputerName          = $ComputerName
+        RequestFile           = $RequestFile
+        DomainController      = $DomainController
+        Credential            = $Credential
+        RestoreFromRecycleBin = $RestoreFromRecycleBin
+        EnabledOnCreation     = $EnabledOnCreation
     }
 
     # Need the @() around this to get a new array to enumerate.

DSCResources/MSFT_ADComputer/MSFT_ADComputer.schema.mof

@@ -11,7 +11,7 @@ class MSFT_ADComputer : OMI_BaseResource
     [Write, Description("Specifies a description of the computer account.")] String Description;
     [Write, Description("Specifies the user or group Distinguished Name that manages the computer account. Valid values are the user's or group's DistinguishedName, ObjectGUID, SID or SamAccountName.")] String Manager;
     [Write, Description("Specifies the Active Directory Domain Services instance to connect to perform the task.")] String DomainController;
-    [Write, Description("Specifies the user account credentials to use to perform the task."), EmbeddedInstance("MSFT_Credential")] String DomainAdministratorCredential;
+    [Write, Description("Specifies the user account credentials to use to perform the task."), EmbeddedInstance("MSFT_Credential")] String Credential;
     [Write, Description("Specifies the full path to the Offline Domain Join Request file to create.")] String RequestFile;
     [Write, Description("Specifies whether the computer account is present or absent. Default value is 'Present'."), ValueMap{"Present", "Absent"},Values{"Present", "Absent"}] String Ensure;
     [Write, Description("Try to restore the computer account from the recycle bin before creating a new one.")] Boolean RestoreFromRecycleBin;

DSCResources/MSFT_ADComputer/en-US/about_ADComputer.help.txt

@@ -57,7 +57,7 @@
     Write - String
     Specifies the Active Directory Domain Services instance to connect to perform the task.
 
-.PARAMETER DomainAdministratorCredential
+.PARAMETER Credential
     Write - String
     Specifies the user account credentials to use to perform the task.
 
@@ -106,7 +106,7 @@ Configuration ADComputer_AddComputerAccount_Config
         [Parameter(Mandatory = $true)]
         [ValidateNotNullOrEmpty()]
         [System.Management.Automation.PSCredential]
-        $DomainAdministratorCredential
+        $UserCredential
     )
 
     Import-DscResource -ModuleName ActiveDirectoryDsc
@@ -116,12 +116,16 @@ Configuration ADComputer_AddComputerAccount_Config
         ADComputer 'CreateEnabled_SQL01'
         {
             ComputerName = 'SQL01'
+
+            PsDscRunAsCredential = $UserCredential
         }
 
         ADComputer 'CreateEnabled_SQL02'
         {
             ComputerName      = 'SQL02'
             EnabledOnCreation = $true
+
+            PsDscRunAsCredential = $UserCredential
         }
     }
 }
@@ -138,7 +142,7 @@ Configuration ADComputer_AddComputerAccountDisabled_Config
         [Parameter(Mandatory = $true)]
         [ValidateNotNullOrEmpty()]
         [System.Management.Automation.PSCredential]
-        $DomainAdministratorCredential
+        $UserCredential
     )
 
     Import-DscResource -ModuleName ActiveDirectoryDsc
@@ -149,6 +153,8 @@ Configuration ADComputer_AddComputerAccountDisabled_Config
         {
             ComputerName      = 'CLU_CNO01'
             EnabledOnCreation = $false
+
+            PsDscRunAsCredential = $UserCredential
         }
     }
 }
@@ -166,7 +172,7 @@ Configuration ADComputer_AddComputerAccountSpecificPath_Config
         [Parameter(Mandatory = $true)]
         [ValidateNotNullOrEmpty()]
         [System.Management.Automation.PSCredential]
-        $DomainAdministratorCredential
+        $UserCredential
     )
 
     Import-DscResource -ModuleName ActiveDirectoryDsc
@@ -175,10 +181,10 @@ Configuration ADComputer_AddComputerAccountSpecificPath_Config
     {
         ADComputer 'CreateComputerAccount'
         {
-            DomainController              = 'DC01'
-            ComputerName                  = 'SQL01'
-            Path                          = 'OU=Servers,DC=contoso,DC=com'
-            DomainAdministratorCredential = $DomainAdministratorCredential
+            DomainController = 'DC01'
+            ComputerName     = 'SQL01'
+            Path             = 'OU=Servers,DC=contoso,DC=com'
+            Credential       = $UserCredential
         }
     }
 }
@@ -197,7 +203,7 @@ Configuration ADComputer_AddComputerAccountAndCreateODJRequest_Config
         [Parameter(Mandatory = $true)]
         [ValidateNotNullOrEmpty()]
         [System.Management.Automation.PSCredential]
-        $DomainAdministratorCredential
+        $UserCredential
     )
 
     Import-DscResource -ModuleName ActiveDirectoryDsc
@@ -206,11 +212,11 @@ Configuration ADComputer_AddComputerAccountAndCreateODJRequest_Config
     {
         ADComputer 'CreateComputerAccount'
         {
-            DomainController              = 'DC01'
-            ComputerName                  = 'NANO-200'
-            Path                          = 'OU=Servers,DC=contoso,DC=com'
-            RequestFile                   = 'D:\ODJFiles\NANO-200.txt'
-            DomainAdministratorCredential = $DomainAdministratorCredential
+            DomainController = 'DC01'
+            ComputerName     = 'NANO-200'
+            Path             = 'OU=Servers,DC=contoso,DC=com'
+            RequestFile      = 'D:\ODJFiles\NANO-200.txt'
+            Credential       = $UserCredential
         }
     }
 }

Examples/Resources/ADComputer/1-ADComputer_AddComputerAccount_Config.ps1

@@ -29,7 +29,7 @@ Configuration ADComputer_AddComputerAccount_Config
         [Parameter(Mandatory = $true)]
         [ValidateNotNullOrEmpty()]
         [System.Management.Automation.PSCredential]
-        $DomainAdministratorCredential
+        $UserCredential
     )
 
     Import-DscResource -ModuleName ActiveDirectoryDsc
@@ -39,12 +39,16 @@ Configuration ADComputer_AddComputerAccount_Config
         ADComputer 'CreateEnabled_SQL01'
         {
             ComputerName = 'SQL01'
+
+            PsDscRunAsCredential = $UserCredential
         }
 
         ADComputer 'CreateEnabled_SQL02'
         {
             ComputerName      = 'SQL02'
             EnabledOnCreation = $true
+
+            PsDscRunAsCredential = $UserCredential
         }
     }
 }

Examples/Resources/ADComputer/2-ADComputer_AddComputerAccountDisabled_Config.ps1

@@ -29,7 +29,7 @@ Configuration ADComputer_AddComputerAccountDisabled_Config
         [Parameter(Mandatory = $true)]
         [ValidateNotNullOrEmpty()]
         [System.Management.Automation.PSCredential]
-        $DomainAdministratorCredential
+        $UserCredential
     )
 
     Import-DscResource -ModuleName ActiveDirectoryDsc
@@ -40,6 +40,8 @@ Configuration ADComputer_AddComputerAccountDisabled_Config
         {
             ComputerName      = 'CLU_CNO01'
             EnabledOnCreation = $false
+
+            PsDscRunAsCredential = $UserCredential
         }
     }
 }

Examples/Resources/ADComputer/3-ADComputer_AddComputerAccountSpecificPath_Config.ps1

@@ -30,7 +30,7 @@ Configuration ADComputer_AddComputerAccountSpecificPath_Config
         [Parameter(Mandatory = $true)]
         [ValidateNotNullOrEmpty()]
         [System.Management.Automation.PSCredential]
-        $DomainAdministratorCredential
+        $UserCredential
     )
 
     Import-DscResource -ModuleName ActiveDirectoryDsc
@@ -39,10 +39,10 @@ Configuration ADComputer_AddComputerAccountSpecificPath_Config
     {
         ADComputer 'CreateComputerAccount'
         {
-            DomainController              = 'DC01'
-            ComputerName                  = 'SQL01'
-            Path                          = 'OU=Servers,DC=contoso,DC=com'
-            DomainAdministratorCredential = $DomainAdministratorCredential
+            DomainController = 'DC01'
+            ComputerName     = 'SQL01'
+            Path             = 'OU=Servers,DC=contoso,DC=com'
+            Credential       = $UserCredential
         }
     }
 }

Examples/Resources/ADComputer/4-ADComputer_AddComputerAccountAndCreateODJRequest_Config.ps1

@@ -31,7 +31,7 @@ Configuration ADComputer_AddComputerAccountAndCreateODJRequest_Config
         [Parameter(Mandatory = $true)]
         [ValidateNotNullOrEmpty()]
         [System.Management.Automation.PSCredential]
-        $DomainAdministratorCredential
+        $UserCredential
     )
 
     Import-DscResource -ModuleName ActiveDirectoryDsc
@@ -40,11 +40,11 @@ Configuration ADComputer_AddComputerAccountAndCreateODJRequest_Config
     {
         ADComputer 'CreateComputerAccount'
         {
-            DomainController              = 'DC01'
-            ComputerName                  = 'NANO-200'
-            Path                          = 'OU=Servers,DC=contoso,DC=com'
-            RequestFile                   = 'D:\ODJFiles\NANO-200.txt'
-            DomainAdministratorCredential = $DomainAdministratorCredential
+            DomainController = 'DC01'
+            ComputerName     = 'NANO-200'
+            Path             = 'OU=Servers,DC=contoso,DC=com'
+            RequestFile      = 'D:\ODJFiles\NANO-200.txt'
+            Credential       = $UserCredential
         }
     }
 }