Skip to content

Commit

Permalink
Changes to ADComputer
Browse files Browse the repository at this point in the history 
- BREAKING CHANGE: Renamed the parameter `DomainAdministratorCredential`
  to `Credential` to better indicate that it is possible to impersonate
  any credential with enough permission to perform the task (issue dsccommunity#269).
  • Loading branch information
@johlju
johlju committed Jul 29, 2019
1 parent a1494c2 commit 77e2135
Show file tree
Hide file tree
Showing 9 changed files with 193 additions and 178 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,9 @@
need at least one Windows Server 2012 Domain Controller"
([issue #399](https://github.com/PowerShell/ActiveDirectoryDsc/issues/399)).
- Changes to ADComputer
- BREAKING CHANGE: Renamed the parameter `DomainAdministratorCredential`
to `Credential` to better indicate that it is possible to impersonate
any credential with enough permission to perform the task ([issue #269](https://github.com/PowerShell/ActiveDirectoryDsc/issues/269)).
- Fixed the GUID in Example 3-AddComputerAccountSpecificPath_Config
([issue #410](https://github.com/PowerShell/ActiveDirectoryDsc/issues/410)).
- Changes to ADOrganizationalUnit
Expand Down
76 changes: 38 additions & 38 deletions DSCResources/MSFT_ADComputer/MSFT_ADComputer.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ $script:computerObjectPropertyMap = @(
Used by Get-ADCommonParameters and is returned as a common parameter.
.PARAMETER DomainAdministratorCredential
.PARAMETER Credential
Specifies the user account credentials to use to perform the task.
Used by Get-ADCommonParameters and is returned as a common parameter.
Expand Down Expand Up @@ -124,7 +124,7 @@ function Get-TargetResource
[ValidateNotNull()]
[System.Management.Automation.PSCredential]
[System.Management.Automation.CredentialAttribute()]
$DomainAdministratorCredential,
$Credential,

[Parameter()]
[ValidateNotNull()]
Expand Down Expand Up @@ -153,25 +153,25 @@ function Get-TargetResource
Computer account object.
#>
$getTargetResourceReturnValue = @{
Ensure = 'Absent'
ComputerName = $null
Location = $null
DnsHostName = $null
ServicePrincipalNames = $null
UserPrincipalName = $null
DisplayName = $null
Path = $null
Description = $null
Enabled = $false
Manager = $null
DomainController = $DomainController
DomainAdministratorCredential = $DomainAdministratorCredential
RequestFile = $RequestFile
RestoreFromRecycleBin = $RestoreFromRecycleBin
EnabledOnCreation = $EnabledOnCreation
DistinguishedName = $null
SID = $null
SamAccountName = $null
Ensure = 'Absent'
ComputerName = $null
Location = $null
DnsHostName = $null
ServicePrincipalNames = $null
UserPrincipalName = $null
DisplayName = $null
Path = $null
Description = $null
Enabled = $false
Manager = $null
DomainController = $DomainController
Credential = $Credential
RequestFile = $RequestFile
RestoreFromRecycleBin = $RestoreFromRecycleBin
EnabledOnCreation = $EnabledOnCreation
DistinguishedName = $null
SID = $null
SamAccountName = $null
}

$getADComputerResult = $null
Expand Down Expand Up @@ -219,7 +219,7 @@ function Get-TargetResource
$getTargetResourceReturnValue['Enabled'] = $getADComputerResult.Enabled
$getTargetResourceReturnValue['Manager'] = $getADComputerResult.ManagedBy
$getTargetResourceReturnValue['DomainController'] = $DomainController
$getTargetResourceReturnValue['DomainAdministratorCredential'] = $DomainAdministratorCredential
$getTargetResourceReturnValue['Credential'] = $Credential
$getTargetResourceReturnValue['RequestFile'] = $RequestFile
$getTargetResourceReturnValue['RestoreFromRecycleBin'] = $RestoreFromRecycleBin
$getTargetResourceReturnValue['EnabledOnCreation'] = $EnabledOnCreation
Expand Down Expand Up @@ -288,7 +288,7 @@ function Get-TargetResource
.PARAMETER DomainController
Specifies the Active Directory Domain Services instance to connect to perform the task.
.PARAMETER DomainAdministratorCredential
.PARAMETER Credential
Specifies the user account credentials to use to perform the task.
.PARAMETER RestoreFromRecycleBin
Expand Down Expand Up @@ -378,7 +378,7 @@ function Test-TargetResource
[ValidateNotNull()]
[System.Management.Automation.PSCredential]
[System.Management.Automation.CredentialAttribute()]
$DomainAdministratorCredential,
$Credential,

[Parameter()]
[ValidateNotNull()]
Expand All @@ -405,12 +405,12 @@ function Test-TargetResource
}

$getTargetResourceParameters = @{
ComputerName = $ComputerName
RequestFile = $RequestFile
DomainController = $DomainController
DomainAdministratorCredential = $DomainAdministratorCredential
RestoreFromRecycleBin = $RestoreFromRecycleBin
EnabledOnCreation = $EnabledOnCreation
ComputerName = $ComputerName
RequestFile = $RequestFile
DomainController = $DomainController
Credential = $Credential
RestoreFromRecycleBin = $RestoreFromRecycleBin
EnabledOnCreation = $EnabledOnCreation
}

# Need the @() around this to get a new array to enumerate.
Expand Down Expand Up @@ -550,7 +550,7 @@ function Test-TargetResource
.PARAMETER DomainController
Specifies the Active Directory Domain Services instance to connect to perform the task.
.PARAMETER DomainAdministratorCredential
.PARAMETER Credential
Specifies the user account credentials to use to perform the task.
.PARAMETER RestoreFromRecycleBin
Expand Down Expand Up @@ -638,7 +638,7 @@ function Set-TargetResource
[ValidateNotNull()]
[System.Management.Automation.PSCredential]
[System.Management.Automation.CredentialAttribute()]
$DomainAdministratorCredential,
$Credential,

[Parameter()]
[ValidateNotNull()]
Expand All @@ -661,12 +661,12 @@ function Set-TargetResource
}

$getTargetResourceParameters = @{
ComputerName = $ComputerName
RequestFile = $RequestFile
DomainController = $DomainController
DomainAdministratorCredential = $DomainAdministratorCredential
RestoreFromRecycleBin = $RestoreFromRecycleBin
EnabledOnCreation = $EnabledOnCreation
ComputerName = $ComputerName
RequestFile = $RequestFile
DomainController = $DomainController
Credential = $Credential
RestoreFromRecycleBin = $RestoreFromRecycleBin
EnabledOnCreation = $EnabledOnCreation
}

# Need the @() around this to get a new array to enumerate.
Expand Down
2 changes: 1 addition & 1 deletion DSCResources/MSFT_ADComputer/MSFT_ADComputer.schema.mof
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ class MSFT_ADComputer : OMI_BaseResource
[Write, Description("DEPRECATED - DO NOT USE. Please see the parameter EnabledOnCreation in this resource, and the resource ADObjectEnabledState on how to enforce the Enabled property. This parameter no longer sets or enforces the Enabled property. If this parameter is used then a warning message will be outputted saying that the Enabled parameter has been deprecated.")] Boolean Enabled;
[Write, Description("Specifies the user or group Distinguished Name that manages the computer account. Valid values are the user's or group's DistinguishedName, ObjectGUID, SID or SamAccountName.")] String Manager;
[Write, Description("Specifies the Active Directory Domain Services instance to connect to perform the task.")] String DomainController;
[Write, Description("Specifies the user account credentials to use to perform the task."), EmbeddedInstance("MSFT_Credential")] String DomainAdministratorCredential;
[Write, Description("Specifies the user account credentials to use to perform the task."), EmbeddedInstance("MSFT_Credential")] String Credential;
[Write, Description("Specifies the full path to the Offline Domain Join Request file to create.")] String RequestFile;
[Write, Description("Specifies whether the computer account is present or absent. Default value is 'Present'."), ValueMap{"Present", "Absent"},Values{"Present", "Absent"}] String Ensure;
[Write, Description("Try to restore the computer account from the recycle bin before creating a new one.")] Boolean RestoreFromRecycleBin;
Expand Down
34 changes: 20 additions & 14 deletions DSCResources/MSFT_ADComputer/en-US/about_ADComputer.help.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@
Write - String
Specifies the Active Directory Domain Services instance to connect to perform the task.

.PARAMETER DomainAdministratorCredential
.PARAMETER Credential
Write - String
Specifies the user account credentials to use to perform the task.

Expand Down Expand Up @@ -106,7 +106,7 @@ Configuration AddComputerAccount_Config
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[System.Management.Automation.PSCredential]
$DomainAdministratorCredential
$UserCredential
)

Import-DscResource -ModuleName ActiveDirectoryDsc
Expand All @@ -116,12 +116,16 @@ Configuration AddComputerAccount_Config
ADComputer 'CreateEnabled_SQL01'
{
ComputerName = 'SQL01'

PsDscRunAsCredential = $UserCredential
}

ADComputer 'CreateEnabled_SQL02'
{
ComputerName = 'SQL02'
EnabledOnCreation = $true

PsDscRunAsCredential = $UserCredential
}
}
}
Expand All @@ -138,7 +142,7 @@ Configuration AddComputerAccountDisabled_Config
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[System.Management.Automation.PSCredential]
$DomainAdministratorCredential
$UserCredential
)

Import-DscResource -ModuleName ActiveDirectoryDsc
Expand All @@ -149,6 +153,8 @@ Configuration AddComputerAccountDisabled_Config
{
ComputerName = 'CLU_CNO01'
EnabledOnCreation = $false

PsDscRunAsCredential = $UserCredential
}
}
}
Expand All @@ -166,7 +172,7 @@ Configuration AddComputerAccountSpecificPath_Config
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[System.Management.Automation.PSCredential]
$DomainAdministratorCredential
$UserCredential
)

Import-DscResource -ModuleName ActiveDirectoryDsc
Expand All @@ -175,10 +181,10 @@ Configuration AddComputerAccountSpecificPath_Config
{
ADComputer 'CreateComputerAccount'
{
DomainController = 'DC01'
ComputerName = 'SQL01'
Path = 'OU=Servers,DC=contoso,DC=com'
DomainAdministratorCredential = $DomainAdministratorCredential
DomainController = 'DC01'
ComputerName = 'SQL01'
Path = 'OU=Servers,DC=contoso,DC=com'
Credential = $UserCredential
}
}
}
Expand All @@ -197,7 +203,7 @@ Configuration AddComputerAccountAndCreateODJRequest_Config
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[System.Management.Automation.PSCredential]
$DomainAdministratorCredential
$UserCredential
)

Import-DscResource -ModuleName ActiveDirectoryDsc
Expand All @@ -206,11 +212,11 @@ Configuration AddComputerAccountAndCreateODJRequest_Config
{
ADComputer 'CreateComputerAccount'
{
DomainController = 'DC01'
ComputerName = 'NANO-200'
Path = 'OU=Servers,DC=contoso,DC=com'
RequestFile = 'D:\ODJFiles\NANO-200.txt'
DomainAdministratorCredential = $DomainAdministratorCredential
DomainController = 'DC01'
ComputerName = 'NANO-200'
Path = 'OU=Servers,DC=contoso,DC=com'
RequestFile = 'D:\ODJFiles\NANO-200.txt'
Credential = $UserCredential
}
}
}
Expand Down
6 changes: 5 additions & 1 deletion Examples/Resources/ADComputer/1-AddComputerAccount_Config.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ Configuration AddComputerAccount_Config
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[System.Management.Automation.PSCredential]
$DomainAdministratorCredential
$UserCredential
)

Import-DscResource -ModuleName ActiveDirectoryDsc
Expand All @@ -39,12 +39,16 @@ Configuration AddComputerAccount_Config
ADComputer 'CreateEnabled_SQL01'
{
ComputerName = 'SQL01'

PsDscRunAsCredential = $UserCredential
}

ADComputer 'CreateEnabled_SQL02'
{
ComputerName = 'SQL02'
EnabledOnCreation = $true

PsDscRunAsCredential = $UserCredential
}
}
}
4 changes: 3 additions & 1 deletion Examples/Resources/ADComputer/2-AddComputerAccountDisabled_Config.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ Configuration AddComputerAccountDisabled_Config
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[System.Management.Automation.PSCredential]
$DomainAdministratorCredential
$UserCredential
)

Import-DscResource -ModuleName ActiveDirectoryDsc
Expand All @@ -40,6 +40,8 @@ Configuration AddComputerAccountDisabled_Config
{
ComputerName = 'CLU_CNO01'
EnabledOnCreation = $false

PsDscRunAsCredential = $UserCredential
}
}
}
10 changes: 5 additions & 5 deletions Examples/Resources/ADComputer/3-AddComputerAccountSpecificPath_Config.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ Configuration AddComputerAccountSpecificPath_Config
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[System.Management.Automation.PSCredential]
$DomainAdministratorCredential
$UserCredential
)

Import-DscResource -ModuleName ActiveDirectoryDsc
Expand All @@ -39,10 +39,10 @@ Configuration AddComputerAccountSpecificPath_Config
{
ADComputer 'CreateComputerAccount'
{
DomainController = 'DC01'
ComputerName = 'SQL01'
Path = 'OU=Servers,DC=contoso,DC=com'
DomainAdministratorCredential = $DomainAdministratorCredential
DomainController = 'DC01'
ComputerName = 'SQL01'
Path = 'OU=Servers,DC=contoso,DC=com'
Credential = $UserCredential
}
}
}
12 changes: 6 additions & 6 deletions Examples/Resources/ADComputer/4-AddComputerAccountAndCreateODJRequest_Config.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ Configuration AddComputerAccountAndCreateODJRequest_Config
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[System.Management.Automation.PSCredential]
$DomainAdministratorCredential
$UserCredential
)

Import-DscResource -ModuleName ActiveDirectoryDsc
Expand All @@ -40,11 +40,11 @@ Configuration AddComputerAccountAndCreateODJRequest_Config
{
ADComputer 'CreateComputerAccount'
{
DomainController = 'DC01'
ComputerName = 'NANO-200'
Path = 'OU=Servers,DC=contoso,DC=com'
RequestFile = 'D:\ODJFiles\NANO-200.txt'
DomainAdministratorCredential = $DomainAdministratorCredential
DomainController = 'DC01'
ComputerName = 'NANO-200'
Path = 'OU=Servers,DC=contoso,DC=com'
RequestFile = 'D:\ODJFiles\NANO-200.txt'
Credential = $UserCredential
}
}
}

0 comments on commit 77e2135

Please sign in to comment.