├── .gitattributes ├── .github ├── ISSUE_TEMPLATE │ ├── General.md │ ├── Problem_with_resource.yml │ ├── Resource_proposal.yml │ └── config.yml ├── PULL_REQUEST_TEMPLATE.md └── stale.yml ├── .gitignore ├── .markdownlint.json ├── .vscode ├── analyzersettings.psd1 ├── extensions.json ├── settings.json └── tasks.json ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── GitVersion.yml ├── HISTORIC_CHANGELOG.md ├── LICENSE ├── README.md ├── RequiredModules.psd1 ├── Resolve-Dependency.ps1 ├── Resolve-Dependency.psd1 ├── SECURITY.md ├── azure-pipelines.yml ├── build.ps1 ├── build.yaml ├── codecov.yml ├── source ├── ActiveDirectoryDsc.psd1 ├── ActiveDirectoryDsc.psm1 ├── DSCResources │ ├── MSFT_ADComputer │ │ ├── MSFT_ADComputer.psm1 │ │ ├── MSFT_ADComputer.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADComputer.strings.psd1 │ ├── MSFT_ADDomain │ │ ├── MSFT_ADDomain.psm1 │ │ ├── MSFT_ADDomain.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADDomain.strings.psd1 │ ├── MSFT_ADDomainController │ │ ├── MSFT_ADDomainController.psm1 │ │ ├── MSFT_ADDomainController.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADDomainController.strings.psd1 │ ├── MSFT_ADDomainControllerProperties │ │ ├── MSFT_ADDomainControllerProperties.psm1 │ │ ├── MSFT_ADDomainControllerProperties.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADDomainControllerProperties.strings.psd1 │ ├── MSFT_ADDomainDefaultPasswordPolicy │ │ ├── MSFT_ADDomainDefaultPasswordPolicy.psm1 │ │ ├── MSFT_ADDomainDefaultPasswordPolicy.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADDomainDefaultPasswordPolicy.strings.psd1 │ ├── MSFT_ADDomainFunctionalLevel │ │ ├── MSFT_ADDomainFunctionalLevel.psm1 │ │ ├── MSFT_ADDomainFunctionalLevel.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADDomainFunctionalLevel.strings.psd1 │ ├── MSFT_ADDomainTrust │ │ ├── MSFT_ADDomainTrust.psm1 │ │ ├── MSFT_ADDomainTrust.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADDomainTrust.strings.psd1 │ ├── MSFT_ADFineGrainedPasswordPolicy │ │ ├── MSFT_ADFineGrainedPasswordPolicy.psm1 │ │ ├── MSFT_ADFineGrainedPasswordPolicy.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADFineGrainedPasswordPolicy.strings.psd1 │ ├── MSFT_ADForestFunctionalLevel │ │ ├── MSFT_ADForestFunctionalLevel.psm1 │ │ ├── MSFT_ADForestFunctionalLevel.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADForestFunctionalLevel.strings.psd1 │ ├── MSFT_ADForestProperties │ │ ├── MSFT_ADForestProperties.psm1 │ │ ├── MSFT_ADForestProperties.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADForestProperties.strings.psd1 │ ├── MSFT_ADGroup │ │ ├── MSFT_ADGroup.psm1 │ │ ├── MSFT_ADGroup.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADGroup.strings.psd1 │ ├── MSFT_ADKDSKey │ │ ├── MSFT_ADKDSKey.psm1 │ │ ├── MSFT_ADKDSKey.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADKDSKey.strings.psd1 │ ├── MSFT_ADManagedServiceAccount │ │ ├── MSFT_ADManagedServiceAccount.psm1 │ │ ├── MSFT_ADManagedServiceAccount.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADManagedServiceAccount.strings.psd1 │ ├── MSFT_ADObjectEnabledState │ │ ├── MSFT_ADObjectEnabledState.psm1 │ │ ├── MSFT_ADObjectEnabledState.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADObjectEnabledState.strings.psd1 │ ├── MSFT_ADObjectPermissionEntry │ │ ├── MSFT_ADObjectPermissionEntry.psm1 │ │ ├── MSFT_ADObjectPermissionEntry.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADObjectPermissionEntry.strings.psd1 │ ├── MSFT_ADOptionalFeature │ │ ├── MSFT_ADOptionalFeature.psm1 │ │ ├── MSFT_ADOptionalFeature.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADOptionalFeature.strings.psd1 │ ├── MSFT_ADOrganizationalUnit │ │ ├── MSFT_ADOrganizationalUnit.psm1 │ │ ├── MSFT_ADOrganizationalUnit.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADOrganizationalUnit.strings.psd1 │ ├── MSFT_ADReadOnlyDomainControllerAccount │ │ ├── MSFT_ADReadOnlyDomainControllerAccount.psm1 │ │ ├── MSFT_ADReadOnlyDomainControllerAccount.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADReadOnlyDomainControllerAccount.strings.psd1 │ ├── MSFT_ADReplicationSite │ │ ├── MSFT_ADReplicationSite.psm1 │ │ ├── MSFT_ADReplicationSite.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADReplicationSite.strings.psd1 │ ├── MSFT_ADReplicationSiteLink │ │ ├── MSFT_ADReplicationSiteLink.psm1 │ │ ├── MSFT_ADReplicationSiteLink.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADReplicationSiteLink.strings.psd1 │ ├── MSFT_ADReplicationSubnet │ │ ├── MSFT_ADReplicationSubnet.psm1 │ │ ├── MSFT_ADReplicationSubnet.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADReplicationSubnet.strings.psd1 │ ├── MSFT_ADServicePrincipalName │ │ ├── MSFT_ADServicePrincipalName.psm1 │ │ ├── MSFT_ADServicePrincipalName.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADServicePrincipalName.strings.psd1 │ ├── MSFT_ADUser │ │ ├── MSFT_ADUser.PropertyMap.psd1 │ │ ├── MSFT_ADUser.psm1 │ │ ├── MSFT_ADUser.schema.mof │ │ ├── README.md │ │ └── en-US │ │ │ └── MSFT_ADUser.strings.psd1 │ └── MSFT_WaitForADDomain │ │ ├── MSFT_WaitForADDomain.psm1 │ │ ├── MSFT_WaitForADDomain.schema.mof │ │ ├── README.md │ │ └── en-US │ │ └── MSFT_WaitForADDomain.strings.psd1 ├── Examples │ ├── README.md │ └── Resources │ │ ├── ADComputer │ │ ├── 1-ADComputer_AddComputerAccount_Config.ps1 │ │ ├── 2-ADComputer_AddComputerAccountDisabled_Config.ps1 │ │ ├── 3-ADComputer_AddComputerAccountSpecificPath_Config.ps1 │ │ ├── 4-ADComputer_AddComputerAccountAndCreateODJRequest_Config.ps1 │ │ └── 5-ADComputer_CreateClusterComputerAccount_Config.ps1 │ │ ├── ADDomain │ │ ├── 1-ADDomain_NewForest_Config.ps1 │ │ ├── 2-ADDomain_NewChildDomain_Config.ps1 │ │ └── 3-ADDomain_NewDomainTree_Config.ps1 │ │ ├── ADDomainController │ │ ├── 1-ADDomainController_AddDomainControllerToDomainMinimal_Config.ps1 │ │ ├── 2-ADDomainController_AddDomainControllerToDomainAllProperties_Config.ps1 │ │ ├── 3-ADDomainController_AddDomainControllerToDomainUsingIFM_Config.ps1 │ │ ├── 4-ADDomainController_AddReadOnlyDomainController_Config.ps1 │ │ ├── 5-ADDomainController_AddDomainControllerAndMoveRole_Config.ps1 │ │ └── 6-ADDomainController_AddDomainControllerUsingInstallDns_Config.ps1 │ │ ├── ADDomainControllerProperties │ │ └── 1-ADDomainControllerProperties_SetContentFreshness_Config.ps1 │ │ ├── ADDomainDefaultPasswordPolicy │ │ └── 1-ADDomainDefaultPasswordPolicy_ConfigureDefaultPasswordPolicy_Config.ps1 │ │ ├── ADDomainFunctionalLevel │ │ └── 1-ADDomainFunctionalLevel_SetLevel_Config.ps1 │ │ ├── ADDomainTrust │ │ ├── 1-ADDomainTrust_ExternalInboundTrust_Config.ps1 │ │ └── 2-ADDomainTrust_ExternalInboundTrustWithOptInToRecreate_Config.ps1 │ │ ├── ADFineGrainedPasswordPolicy │ │ ├── 1-ADFineGrainedPasswordPolicy_ConfigurePolicyWithDefaults_Config.ps1 │ │ ├── 2-ADFineGrainedPasswordPolicy_ConfigurePolicyWithSpecifics_Config.ps1 │ │ └── 3-ADFineGrainedPasswordPolicy_RemovePolicy_Config.ps1 │ │ ├── ADForestFunctionalLevel │ │ └── 1-ADForestFunctionalLevel_SetLevel_Config.ps1 │ │ ├── ADForestProperties │ │ ├── 1-ADForestProperties_ReplaceForestProperties_Config.ps1 │ │ ├── 2-ADForestProperties_AddRemoveForestProperties_Config.ps1 │ │ └── 3-ADForestProperties_TombstoneLifetime_Config.ps1 │ │ ├── ADGroup │ │ ├── 1-ADGroup_NewGroup_Config.ps1 │ │ ├── 2-ADGroup_NewGroupWithMembers_Config.ps1 │ │ ├── 3-ADGroup_NewGroupMultidomainMembers_Config.ps1 │ │ └── 4-ADGroup_NewGroupOneWayTrust_Config.ps1 │ │ ├── ADKDSKey │ │ ├── 1-ADKDSKey_CreateKDSRootKey_Config.ps1 │ │ ├── 2-ADKDSKey_CreateKDSRootKeyInPast_Config.ps1 │ │ └── 3-ADKDSKey_CreateKDSRootKeyRemoveLastKey_Config.ps1 │ │ ├── ADManagedServiceAccount │ │ ├── 1-ADManagedServiceAccount_CreateManagedServiceAccount_Config.ps1 │ │ ├── 2-ADManagedServiceAccount_CreateGroupManagedServiceAccount_Config.ps1 │ │ ├── 3-ADManagedServiceAccount_CreateGroupManagedServiceAccountWithMembers_Config.ps1 │ │ └── 4-ADManagedServiceAccount_CreateGroupManagedServiceAccountCustomPath_Config.ps1 │ │ ├── ADObjectEnabledState │ │ ├── 1-ADObjectEnabledState_EnabledComputerAccount_Config.ps1 │ │ ├── 2-ADObjectEnabledState_CreateClusterComputerAccount_Config.ps1 │ │ └── 3-ADObjectEnabledState_EnabledPrestagedClusterComputerAccount_Config.ps1 │ │ ├── ADObjectPermissionEntry │ │ ├── 1-ADObjectPermissionEntry_DelegateFullControl_Config.ps1 │ │ ├── 2-ADObjectPermissionEntry_CreateDeleteComputerObject_Config.ps1 │ │ └── 3-ADObjectPermissionEntry_ReadWriteComputerObjectProperties_Config.ps1 │ │ ├── ADOptionalFeature │ │ └── 1-ADOptionalFeature_EnableADRecycleBin_Config.ps1 │ │ ├── ADOrganizationalUnit │ │ └── 1-ADOrganizationalUnit_CreateADOU_Config.ps1 │ │ ├── ADReplicationSite │ │ ├── 1-ADReplicationSite_CreateADReplicationSite_Config.ps1 │ │ ├── 2-ADReplicationSite_CreateADReplicationSiteRenameDefault_Config.ps1 │ │ └── 3-ADReplicationSite_RemoveADReplicationSite_Config.ps1 │ │ ├── ADReplicationSiteLink │ │ ├── 1-ADReplicationSiteLink_CreateReplicationSiteLink_Config.ps1 │ │ ├── 2-ADReplicationSiteLink_ModifyExistingReplicationSiteLink_Config.ps1 │ │ └── 3-ADReplicationSiteLink_EnableOptions_Config.ps1 │ │ ├── ADReplicationSubnet │ │ └── 1-ADReplicationSubnet_CreateReplicationSubnet_Config.ps1 │ │ ├── ADServicePrincipalName │ │ ├── 1-ADServicePrincipalName_AddUserServicePrincipalName_Config.ps1 │ │ └── 2-ADServicePrincipalName_AddComputerServicePrincipalName_Config.ps1 │ │ ├── ADUser │ │ ├── 1-ADUser_CreateUserAndManagePassword_Config.ps1 │ │ ├── 2-ADUser_CreateUserAndIgnorePasswordChanges_Config.ps1 │ │ ├── 3-ADUser_UpdateThumbnailPhotoAsBase64_Config.ps1 │ │ ├── 4-ADUser_UpdateThumbnailPhotoFromFile_Config.ps1 │ │ └── 5-ADUser_RemoveThumbnailPhoto_Config.ps1 │ │ └── WaitForADDomain │ │ ├── 1-WaitForADDomain_WaitForDomainController_Config.ps1 │ │ ├── 2-WaitForADDomain_WaitForDomainControllerUsingBuiltInCredential_Config.ps1 │ │ ├── 3-WaitForADDomain_WaitForDomainControllerUsingCredential_Config.ps1 │ │ ├── 4-WaitForADDomain_WaitForDomainControllerInSite_Config.ps1 │ │ ├── 5-WaitForADDomain_WaitForDomainControllerWithReboot_Config.ps1 │ │ ├── 6-WaitForADDomain_WaitForDomainControllerWithLongerDelay_Config.ps1 │ │ └── 7-WaitForADDomain_WaitForDomainControllerIgnoringAuthenticationErrors_Config.ps1 ├── Modules │ └── ActiveDirectoryDsc.Common │ │ ├── ActiveDirectoryDsc.Common.psd1 │ │ ├── ActiveDirectoryDsc.Common.psm1 │ │ ├── Build-Readme.ps1 │ │ ├── README.md │ │ ├── docs │ │ ├── Add-TypeAssembly.md │ │ ├── Assert-ADPSDrive.md │ │ ├── Assert-MemberParameters.md │ │ ├── Compare-ResourcePropertyState.md │ │ ├── Convert-PropertyMapToObjectProperties.md │ │ ├── ConvertFrom-TimeSpan.md │ │ ├── ConvertTo-DeploymentDomainMode.md │ │ ├── ConvertTo-DeploymentForestMode.md │ │ ├── ConvertTo-TimeSpan.md │ │ ├── Find-DomainController.md │ │ ├── Get-ADCommonParameters.md │ │ ├── Get-ADDirectoryContext.md │ │ ├── Get-ADDomainNameFromDistinguishedName.md │ │ ├── Get-ADObjectParentDN.md │ │ ├── Get-ActiveDirectoryDomain.md │ │ ├── Get-ActiveDirectoryForest.md │ │ ├── Get-ByteContent.md │ │ ├── Get-CurrentUser.md │ │ ├── Get-DomainControllerObject.md │ │ ├── Get-DomainName.md │ │ ├── Get-DomainObject.md │ │ ├── New-CimCredentialInstance.md │ │ ├── Remove-DuplicateMembers.md │ │ ├── Resolve-MembersSecurityIdentifier.md │ │ ├── Resolve-SamAccountName.md │ │ ├── Resolve-SecurityIdentifier.md │ │ ├── Restore-ADCommonObject.md │ │ ├── Set-ADCommonGroupMember.md │ │ ├── Start-ProcessWithTimeout.md │ │ ├── Test-ADReplicationSite.md │ │ ├── Test-DomainMember.md │ │ ├── Test-IsDomainController.md │ │ ├── Test-Members.md │ │ └── Test-Password.md │ │ └── en-US │ │ └── ActiveDirectoryDsc.Common.strings.psd1 ├── WikiSource │ └── Home.md └── en-US │ ├── ActiveDirectoryDsc.strings.psd1 │ └── about_ActiveDirectoryDsc.help.txt └── tests ├── Integration ├── MSFT_ADComputer.Integration.Tests.ps1 ├── MSFT_ADComputer.config.ps1 ├── MSFT_ADDomain.Child.Integration.Tests.ps1 ├── MSFT_ADDomain.Child.config.ps1 ├── MSFT_ADDomain.Root.Integration.Tests.ps1 ├── MSFT_ADDomain.Root.config.ps1 ├── MSFT_ADDomainControllerProperties.Integration.Tests.ps1 ├── MSFT_ADDomainControllerProperties.config.ps1 ├── MSFT_ADDomainFunctionalLevel.Integration.Tests.ps1 ├── MSFT_ADDomainFunctionalLevel.config.ps1 ├── MSFT_ADDomainTrust.Integration.Tests.ps1 ├── MSFT_ADDomainTrust.config.ps1 ├── MSFT_ADFineGrainedPasswordPolicy.Integration.Tests.ps1 ├── MSFT_ADFineGrainedPasswordPolicy.config.ps1 ├── MSFT_ADForestFunctionalLevel.Integration.Tests.ps1 ├── MSFT_ADForestFunctionalLevel.config.ps1 ├── MSFT_ADForestProperties.Integration.Tests.ps1 ├── MSFT_ADForestProperties.config.ps1 ├── MSFT_ADGroup.Integration.Tests.ps1 ├── MSFT_ADGroup.config.ps1 ├── MSFT_ADKDSKey.Integration.Tests.ps1 ├── MSFT_ADKDSKey.config.ps1 ├── MSFT_ADManagedServiceAccount.Integration.Tests.ps1 ├── MSFT_ADManagedServiceAccount.config.ps1 ├── MSFT_ADObjectEnableState.Integration.Tests.ps1 ├── MSFT_ADObjectEnabledState.config.ps1 ├── MSFT_ADOptionalFeature.Integration.Tests.ps1 ├── MSFT_ADOptionalFeature.config.ps1 ├── MSFT_ADReadOnlyDomainControllerAccount.Integration.Tests.ps1 ├── MSFT_ADReadOnlyDomainControllerAccount.config.ps1 ├── MSFT_ADReplicationSite.Integration.Tests.ps1 ├── MSFT_ADReplicationSite.config.ps1 ├── MSFT_ADReplicationSiteLink.Integration.Tests.ps1 ├── MSFT_ADReplicationSiteLink.config.ps1 ├── MSFT_ADReplicationSubnet.Integration.Tests.ps1 ├── MSFT_ADReplicationSubnet.config.ps1 ├── MSFT_ADServicePrincipalName.Integration.Tests.ps1 ├── MSFT_ADServicePrincipalName.config.ps1 ├── MSFT_ADUser.Integration.Tests.ps1 ├── MSFT_ADUser.config.ps1 ├── MSFT_WaitForADDomain.Integration.Tests.ps1 └── MSFT_WaitForADDomain.config.ps1 ├── TestHelpers ├── ActiveDirectoryDsc.TestHelper.psm1 └── DSC_Logo_96.jpg └── Unit ├── ActiveDirectoryDsc.Common.Tests.ps1 ├── MSFT_ADComputer.Tests.ps1 ├── MSFT_ADDomain.Tests.ps1 ├── MSFT_ADDomainController.Tests.ps1 ├── MSFT_ADDomainControllerProperties.Tests.ps1 ├── MSFT_ADDomainDefaultPasswordPolicy.Tests.ps1 ├── MSFT_ADDomainFunctionalLevel.Tests.ps1 ├── MSFT_ADDomainTrust.Tests.ps1 ├── MSFT_ADFineGrainedPasswordPolicy.Tests.ps1 ├── MSFT_ADForestFunctionalLevel.Tests.ps1 ├── MSFT_ADForestProperties.Tests.ps1 ├── MSFT_ADGroup.Tests.ps1 ├── MSFT_ADKDSKey.Tests.ps1 ├── MSFT_ADManagedServiceAccount.Tests.ps1 ├── MSFT_ADObjectEnabledState.Tests.ps1 ├── MSFT_ADObjectPermissionEntry.Tests.ps1 ├── MSFT_ADOptionalFeature.Tests.ps1 ├── MSFT_ADOrganizationalUnit.Tests.ps1 ├── MSFT_ADReadOnlyDomainControllerAccount.Tests.ps1 ├── MSFT_ADReplicationSite.Tests.ps1 ├── MSFT_ADReplicationSiteLink.tests.ps1 ├── MSFT_ADReplicationSubnet.Tests.ps1 ├── MSFT_ADServicePrincipalName.Tests.ps1 ├── MSFT_ADUser.Tests.ps1 ├── MSFT_WaitForADDomain.Tests.ps1 └── Stubs ├── ADDSDeployment_2019.psm1 ├── ActiveDirectory_2019.psm1 ├── Kds.psm1 └── README.md /.gitattributes: -------------------------------------------------------------------------------- 1 | # Needed for publishing of examples, build worker defaults to core.autocrlf=input. 2 | * text eol=autocrlf 3 | 4 | *.mof text eol=crlf 5 | *.sh text eol=lf 6 | *.svg eol=lf 7 | 8 | # Ensure any exe files are treated as binary 9 | *.exe binary 10 | *.jpg binary 11 | *.xl* binary 12 | *.pfx binary 13 | *.png binary 14 | *.dll binary 15 | *.so binary 16 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/General.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: General question or documentation update 3 | about: If you have a general question or documentation update suggestion around the resource module. 4 | --- 5 | 8 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/Resource_proposal.yml: -------------------------------------------------------------------------------- 1 | name: New resource proposal 2 | description: If you have a new resource proposal that you think should be added to this resource module. 3 | title: "NewResourceName: New resource proposal" 4 | labels: [] 5 | assignees: [] 6 | body: 7 | - type: markdown 8 | attributes: 9 | value: | 10 | Please replace `NewResourceName` in the issue title (above) with your proposed resource name. 11 | 12 | Thank you for contributing and making this resource module better! 13 | - type: textarea 14 | id: description 15 | attributes: 16 | label: Resource proposal 17 | description: Provide information how this resource will/should work and how it will help users. 18 | validations: 19 | required: true 20 | - type: textarea 21 | id: proposedProperties 22 | attributes: 23 | label: Proposed properties 24 | description: | 25 | List all the proposed properties that the resource should have (key, required, write, and/or read). For each property provide a detailed description, the data type, if a default value should be used, and if the property is limited to a set of values. 26 | value: | 27 | Property | Type qualifier | Data type | Description | Default value | Allowed values 28 | --- | --- | --- | --- | --- | --- 29 | PropertyName | Key | String | Detailed description | None | None 30 | validations: 31 | required: true 32 | - type: textarea 33 | id: considerations 34 | attributes: 35 | label: Special considerations or limitations 36 | description: | 37 | Provide any considerations or limitations you can think of that a contributor should take in account when coding the proposed resource, and or what limitations a user will encounter or should consider when using the proposed resource. 38 | validations: 39 | required: true 40 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | blank_issues_enabled: false 2 | contact_links: 3 | - name: "Virtual PowerShell User Group #DSC channel" 4 | url: https://dsccommunity.org/community/contact/ 5 | about: "To talk to the community and maintainers of DSC Community, please visit the #DSC channel." 6 | 7 | -------------------------------------------------------------------------------- /.github/stale.yml: -------------------------------------------------------------------------------- 1 | # Configuration for probot-stale - https://github.com/probot/stale 2 | 3 | limitPerRun: 30 4 | 5 | pulls: 6 | daysUntilStale: 14 7 | daysUntilClose: false 8 | exemptProjects: true 9 | exemptMilestones: true 10 | staleLabel: abandoned 11 | exemptLabels: 12 | - needs review 13 | - on hold 14 | - waiting for CLA pass 15 | 16 | markComment: > 17 | Labeling this pull request (PR) as abandoned since it has gone 14 days or more 18 | since the last update. An abandoned PR can be continued by another contributor. 19 | The abandoned label will be removed if work on this PR is taken up again. 20 | 21 | issues: 22 | daysUntilStale: 30 23 | daysUntilClose: 40 24 | exemptProjects: true 25 | exemptMilestones: true 26 | staleLabel: stale 27 | exemptLabels: 28 | - bug 29 | - enhancement 30 | - tests 31 | - documentation 32 | - resource proposal 33 | - on hold 34 | 35 | markComment: > 36 | This issue has been automatically marked as stale because 37 | it has not had activity from the community in the last 30 days. It will be 38 | closed if no further activity occurs within 10 days. If the issue is labelled 39 | with any of the work labels (e.g bug, enhancement, documentation, or tests) 40 | then the issue will not auto-close. 41 | 42 | closeComment: > 43 | This issue has been automatically closed because it is has not had activity 44 | from the community in the last 40 days. 45 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | output/ 2 | -------------------------------------------------------------------------------- /.markdownlint.json: -------------------------------------------------------------------------------- 1 | { 2 | "default": true, 3 | "MD029": { 4 | "style": "one" 5 | }, 6 | "MD013": { 7 | "line_length": 120 8 | }, 9 | "MD024": false, 10 | "MD034": false, 11 | "no-hard-tabs": true 12 | } 13 | -------------------------------------------------------------------------------- /.vscode/extensions.json: -------------------------------------------------------------------------------- 1 | { 2 | "recommendations": [ 3 | "davidanson.vscode-markdownlint", 4 | "ms-vscode.powershell", 5 | "streetsidesoftware.code-spell-checker", 6 | "redhat.vscode-yaml" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "powershell.codeFormatting.openBraceOnSameLine": false, 3 | "powershell.codeFormatting.newLineAfterOpenBrace": true, 4 | "powershell.codeFormatting.newLineAfterCloseBrace": true, 5 | "powershell.codeFormatting.whitespaceBeforeOpenBrace": true, 6 | "powershell.codeFormatting.whitespaceBeforeOpenParen": true, 7 | "powershell.codeFormatting.whitespaceAroundOperator": true, 8 | "powershell.codeFormatting.whitespaceAfterSeparator": true, 9 | "powershell.codeFormatting.ignoreOneLineBlock": false, 10 | "powershell.codeFormatting.pipelineIndentationStyle": "IncreaseIndentationForFirstPipeline", 11 | "powershell.codeFormatting.preset": "Custom", 12 | "powershell.codeFormatting.alignPropertyValuePairs": true, 13 | "powershell.developer.bundledModulesPath": "${cwd}/output/RequiredModules", 14 | "powershell.scriptAnalysis.settingsPath": ".vscode\\analyzersettings.psd1", 15 | "powershell.scriptAnalysis.enable": true, 16 | "files.trimTrailingWhitespace": true, 17 | "files.trimFinalNewlines": true, 18 | "files.insertFinalNewline": true, 19 | "files.associations": { 20 | "*.ps1xml": "xml" 21 | }, 22 | "cSpell.words": [ 23 | "COMPANYNAME", 24 | "ICONURI", 25 | "LICENSEURI", 26 | "PROJECTURI", 27 | "RELEASENOTES", 28 | "buildhelpers", 29 | "endregion", 30 | "gitversion", 31 | "icontains", 32 | "keepachangelog", 33 | "notin", 34 | "pscmdlet", 35 | "steppable" 36 | ], 37 | "[markdown]": { 38 | "files.trimTrailingWhitespace": false, 39 | "files.encoding": "utf8" 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Code of Conduct 2 | 3 | This project has adopted the [DSC Community Code of Conduct](https://dsccommunity.org/code_of_conduct). 4 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Please check out common DSC Community [contributing guidelines](https://dsccommunity.org/guidelines/contributing). 4 | 5 | ## Running the Tests 6 | 7 | If want to know how to run this module's tests you can look at the [Testing Guidelines](https://dsccommunity.org/guidelines/testing-guidelines/#running-tests) 8 | -------------------------------------------------------------------------------- /GitVersion.yml: -------------------------------------------------------------------------------- 1 | mode: ContinuousDelivery 2 | next-version: 5.0.0 3 | major-version-bump-message: '(breaking\schange|breaking|major)\b' 4 | minor-version-bump-message: '(adds?|features?|minor)\b' 5 | patch-version-bump-message: '\s?(fix|patch)' 6 | no-bump-message: '\+semver:\s?(none|skip)' 7 | assembly-informational-format: '{NuGetVersionV2}+Sha.{Sha}.Date.{CommitDate}' 8 | branches: 9 | master: 10 | tag: preview 11 | regex: ^main$ 12 | pull-request: 13 | tag: PR 14 | feature: 15 | tag: useBranchName 16 | increment: Minor 17 | regex: f(eature(s)?)?[\/-] 18 | source-branches: ['master'] 19 | hotfix: 20 | tag: fix 21 | increment: Patch 22 | regex: (hot)?fix(es)?[\/-] 23 | source-branches: ['master'] 24 | 25 | ignore: 26 | sha: [] 27 | merge-message-formats: {} 28 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) DSC Community contributors. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /RequiredModules.psd1: -------------------------------------------------------------------------------- 1 | @{ 2 | PSDependOptions = @{ 3 | AddToPath = $true 4 | Target = 'output\RequiredModules' 5 | Parameters = @{ 6 | Repository = 'PSGallery' 7 | } 8 | } 9 | 10 | InvokeBuild = 'latest' 11 | PSScriptAnalyzer = 'latest' 12 | Pester = '4.10.1' 13 | Plaster = 'latest' 14 | ModuleBuilder = 'latest' 15 | ChangelogManagement = 'latest' 16 | Sampler = 'latest' 17 | 'Sampler.GitHubTasks' = 'latest' 18 | MarkdownLinkCheck = 'latest' 19 | 'DscResource.Test' = 'latest' 20 | xDscResourceDesigner = 'latest' 21 | 22 | # Build dependencies needed for using the module 23 | 'DscResource.Common' = 'latest' 24 | 25 | # Analyzer rules 26 | 'DscResource.AnalyzerRules' = 'latest' 27 | 'Indented.ScriptAnalyzerRules' = 'latest' 28 | 29 | # Prerequisite modules for documentation. 30 | 'DscResource.DocGenerator' = 'latest' 31 | PlatyPS = 'latest' 32 | 33 | # Prerequisites modules needed for examples or integration tests 34 | xFailoverCluster = '1.14.1' 35 | } 36 | -------------------------------------------------------------------------------- /Resolve-Dependency.psd1: -------------------------------------------------------------------------------- 1 | @{ 2 | Gallery = 'PSGallery' 3 | AllowPrerelease = $false 4 | WithYAML = $true 5 | 6 | UseModuleFast = $true 7 | #ModuleFastVersion = '0.1.2' 8 | #ModuleFastBleedingEdge = $true 9 | 10 | UsePSResourceGet = $true 11 | #PSResourceGetVersion = '1.0.1' 12 | 13 | UsePowerShellGetCompatibilityModule = $true 14 | UsePowerShellGetCompatibilityModuleVersion = '3.0.23-beta23' 15 | } 16 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | ## Security 2 | 3 | The DSC Community takes the security of our modules seriously, which includes all source code repositories managed through our GitHub organization. 4 | 5 | If you believe you have found a security vulnerability in any DSC Community owned repository, please report it to us as described below. 6 | 7 | ## Reporting Security Issues 8 | 9 | **Please do not report security vulnerabilities through public GitHub issues.** 10 | 11 | Instead, please report them to one or several members of the DSC Community organization. 12 | The easiest way to do so is to send us a direct message via twitter or slack. 13 | 14 | You should receive a response within 48 hours. If for some reason you do not, please follow up to other member of the community. 15 | 16 | Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: 17 | 18 | * Type of issue 19 | * Full paths of source file(s) related to the manifestation of the issue 20 | * The location of the affected source code (tag/branch/commit or direct URL) 21 | * Any special configuration required to reproduce the issue 22 | * Step-by-step instructions to reproduce the issue 23 | * Proof-of-concept or exploit code (if possible) 24 | * Impact of the issue, including how an attacker might exploit the issue 25 | 26 | This information will help us triage your report more quickly. 27 | 28 | ## Preferred Languages 29 | 30 | We prefer all communications to be in English. 31 | -------------------------------------------------------------------------------- /codecov.yml: -------------------------------------------------------------------------------- 1 | codecov: 2 | require_ci_to_pass: no 3 | # main should be the baseline for reporting 4 | branch: main 5 | 6 | comment: 7 | layout: "reach, diff, flags, files" 8 | behavior: default 9 | 10 | coverage: 11 | range: 50..80 12 | round: down 13 | precision: 0 14 | 15 | status: 16 | project: 17 | default: 18 | # Set the overall project code coverage requirement to 70% 19 | target: 70 20 | patch: 21 | default: 22 | # Set the pull request requirement to not regress overall coverage by more than 5% 23 | # and let codecov.io set the goal for the code changed in the patch. 24 | target: auto 25 | threshold: 5 26 | 27 | fixes: 28 | - '^\d+\.\d+\.\d+::source' # move path "X.Y.Z" => "source" 29 | -------------------------------------------------------------------------------- /source/ActiveDirectoryDsc.psm1: -------------------------------------------------------------------------------- 1 | <# 2 | This file is intentionally left empty. It is must be left here for the module 3 | manifest to refer to. It is recreated during the build process. 4 | #> 5 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADComputer/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The ADComputer DSC resource will manage computer accounts within Active Directory. 4 | This resource can be used to provision a computer account before the computer is 5 | added to the domain. These pre-created computer objects can be used with offline 6 | domain join, unsecure domain Join and RODC domain join scenarios. 7 | 8 | >**Note:** An Offline Domain Join (ODJ) request file will only be created 9 | >when a computer account is first created in the domain. Setting an Offline 10 | >Domain Join (ODJ) Request file path for a configuration that updates a 11 | >computer account that already exists, or restore it from the recycle bin 12 | >will not cause the Offline Domain Join (ODJ) request file to be created. 13 | 14 | ## Requirements 15 | 16 | * Target machine must be running Windows Server 2008 R2 or later. 17 | * The parameter `RestoreFromRecycleBin` requires that the feature Recycle 18 | Bin has been enabled prior to an object is deleted. If the feature 19 | Recycle Bin is disabled then the property `msDS-LastKnownRDN` is not 20 | added the deleted object. 21 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADDomain/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The ADDomain resource creates a new domain in a new forest or a child domain in an existing forest. While it is possible to set the forest functional level and the domain functional level during deployment with this resource the common restrictions apply. For more information see [TechNet](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels). 4 | 5 | ## Requirements 6 | 7 | * Target machine must be running Windows Server 2008 R2 or later. 8 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADDomain/en-US/MSFT_ADDomain.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData @' 3 | QueryDomain = Querying for domain '{0}'. (ADD0001) 4 | DomainFound = Active Directory domain '{0}' found. (ADD0003) 5 | CreatingChildDomain = Creating domain '{0}' as a child of domain '{1}'. (ADD0004) 6 | CreatedChildDomain = Child domain '{0}' created. (ADD0005) 7 | CreatingForest = Creating AD forest '{0}'. (ADD0006) 8 | CreatedForest = AD forest '{0}' created. (ADD0007) 9 | DomainInDesiredState = The domain '{0}' is in the desired state. (ADD0008) 10 | DomainNotInDesiredState = The domain '{0}' is NOT in the desired state. (ADD0009) 11 | SysVolPathDoesNotExistError = The expected SysVol Path '{0}' does not exist. (ADD0011) 12 | GetAdForestUnexpectedError = Error getting AD forest '{0}'. (ADD0014) 13 | '@ 14 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADDomainController/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The ADDomainController DSC resource will install and configure domain 4 | controllers in Active Directory. Installation of Read-Only Domain Controllers 5 | (RODC) is also supported. 6 | 7 | Promotion of a Domain Controller using an existing DNS is available using 8 | the `InstallDns` parameter. The parameter specifies if the DNS Server service 9 | should be installed and configured on the domain controller. If this is 10 | not set the default value of the parameter `InstallDns` of the cmdlet 11 | [`Install-ADDSDomainController`](https://docs.microsoft.com/en-us/powershell/module/addsdeployment/install-addsdomaincontroller) 12 | is used. The parameter `InstallDns` is only used during the provisioning 13 | of a domain controller. The parameter cannot be used to install or uninstall 14 | the DNS server on an already provisioned domain controller. 15 | 16 | > **Note:** If the account used for the parameter `Credential` 17 | > cannot connect to another domain controller, for example using a credential 18 | > without the domain name, then the cmdlet `Install-ADDSDomainController` will 19 | > seemingly halt (without reporting an error) when trying to replicate 20 | > information from another domain controller. 21 | > Make sure to use a correct domain account with the correct permission as 22 | > the account for the parameter `Credential`. 23 | 24 | The parameter `FlexibleSingleMasterOperationRole` is ignored until 25 | the node has been provisioned as a domain controller. Take extra care 26 | to make sure the Flexible Single Master Operation (FSMO) roles are moved 27 | accordingly to avoid that two domain controller try to get to be the 28 | owner of the same role (potential "ping-pong"-behavior). 29 | 30 | > The resource does not support seizing of Flexible Single Master Operation 31 | > (FSMO) roles 32 | 33 | ## Requirements 34 | 35 | * Target machine must be running Windows Server 2008 R2 or later. 36 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADDomainControllerProperties/MSFT_ADDomainControllerProperties.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("ADDomainControllerProperties")] 2 | class MSFT_ADDomainControllerProperties : OMI_BaseResource 3 | { 4 | [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; 5 | [Write, Description("Specifies the Distributed File System Replication (DFSR) server threshold after the number of days its content is considered stale (MaxOfflineTimeInDays). Once the content is considered stale, the Distributed File System Replication (DFSR) server will no longer be able to replicate.")] UInt32 ContentFreshness; 6 | }; 7 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADDomainControllerProperties/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | This resource enforces the single instance properties of a domain controller. 4 | *Properties that must always have a value, but the value can be changed.* 5 | 6 | ## Requirements 7 | 8 | * Target machine must be running Windows Server 2008 R2 or later. 9 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADDomainControllerProperties/en-US/MSFT_ADDomainControllerProperties.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData @' 3 | RetrievingProperties = Retrieving the properties for the domain controller '{0}'. (ADDCP0001) 4 | TestConfiguration = Determining the current state of the properties on the domain controller '{0}'. (ADDCP0002) 5 | DomainControllerInDesiredState = The domain controller is in the desired state. (ADDCP0003) 6 | DomainControllerNotInDesiredState = The domain controller is not in the desired state. (ADDCP0004) 7 | ContentFreshnessUpdated = The content freshness property (MaxOfflineTimeInDays) will be updated to {0} days. (ADDCP0005) 8 | '@ 9 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADDomainDefaultPasswordPolicy/MSFT_ADDomainDefaultPasswordPolicy.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0"), FriendlyName("ADDomainDefaultPasswordPolicy")] 2 | class MSFT_ADDomainDefaultPasswordPolicy : OMI_BaseResource 3 | { 4 | [Key, Description("Name of the domain to which the password policy will be applied.")] String DomainName; 5 | [Write, Description("Whether password complexity is enabled for the default password policy.")] Boolean ComplexityEnabled; 6 | [Write, Description("Length of time that an account is locked after the number of failed login attempts (minutes).")] UInt32 LockoutDuration; 7 | [Write, Description("Maximum time between two unsuccessful login attempts before the counter is reset to 0 (minutes).")] UInt32 LockoutObservationWindow; 8 | [Write, Description("Number of unsuccessful login attempts that are permitted before an account is locked out.")] UInt32 LockoutThreshold; 9 | [Write, Description("Minimum length of time that you can have the same password (minutes).")] UInt32 MinPasswordAge; 10 | [Write, Description("Maximum length of time that you can have the same password (minutes).")] UInt32 MaxPasswordAge; 11 | [Write, Description("Minimum number of characters that a password must contain.")] UInt32 MinPasswordLength; 12 | [Write, Description("Number of previous passwords to remember.")] UInt32 PasswordHistoryCount; 13 | [Write, Description("Whether the directory must store passwords using reversible encryption.")] Boolean ReversibleEncryptionEnabled; 14 | [Write, Description("Active Directory domain controller to enact the change upon.")] String DomainController; 15 | [Write, Description("Credentials used to access the domain."), EmbeddedInstance("MSFT_Credential")] String Credential; 16 | }; 17 | 18 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADDomainDefaultPasswordPolicy/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The ADDomainDefaultPasswordPolicy DSC resource will manage an Active Directory domain's default password policy. 4 | 5 | ## Requirements 6 | 7 | * Target machine must be running Windows Server 2008 R2 or later. 8 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADDomainDefaultPasswordPolicy/en-US/MSFT_ADDomainDefaultPasswordPolicy.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData @' 3 | QueryingDomainPasswordPolicy = Querying Active Directory domain '{0}' default password policy. (ADDDPP0001) 4 | UpdatingDomainPasswordPolicy = Updating Active Directory domain '{0}' default password policy. (ADDDPP0002) 5 | SettingPasswordPolicyValue = Setting password policy '{0}' property to '{1}'. (ADDDPP0003) 6 | ResourcePropertyValueIncorrect = Property '{0}' value is incorrect; expected '{1}', actual '{2}'. (ADDDPP0004) 7 | ResourceInDesiredState = Resource '{0}' is in the desired state. (ADDDPP0005) 8 | ResourceNotInDesiredState = Resource '{0}' is NOT in the desired state. (ADDDPP0006) 9 | '@ 10 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADDomainFunctionalLevel/MSFT_ADDomainFunctionalLevel.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("ADDomainFunctionalLevel")] 2 | class MSFT_ADDomainFunctionalLevel : OMI_BaseResource 3 | { 4 | [Key, Description("Specifies the Active Directory domain to modify. You can identify a domain by its distinguished name, GUID, security identifier, DNS domain name, or NetBIOS domain name.")] String DomainIdentity; 5 | [Required, Description("Specifies the functional level for the Active Directory domain."), ValueMap{"Windows2008R2Domain", "Windows2012Domain", "Windows2012R2Domain", "Windows2016Domain", "Windows2025Domain"}, Values{"Windows2008R2Domain", "Windows2012Domain", "Windows2012R2Domain", "Windows2016Domain", "Windows2025Domain"}] String DomainMode; 6 | }; 7 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADDomainFunctionalLevel/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | This resource changes the domain functional level. For further details, see [Forest and Domain Functional Levels](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels). 4 | 5 | **WARNING: This action might be irreversible!** Make sure you understand 6 | the consequences of changing the domain functional level. 7 | 8 | Read more about raising function levels and potential roll back 9 | scenarios in the Active Directory documentation. For example: [Upgrade Domain Controllers to Windows Server 2016](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-controllers). 10 | 11 | ## Requirements 12 | 13 | * Target machine must be running Windows Server 2008 R2 or later. 14 | * Target machine must be running the minimum required operating system 15 | version for the domain functional level to set. 16 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADDomainFunctionalLevel/en-US/MSFT_ADDomainFunctionalLevel.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData @' 3 | RetrievingDomainMode = Retrieving the domain functional level for the domain '{0}'. (ADDFL0001) 4 | TestConfiguration = Determining the current domain functional level in the domain '{0}'. (ADDFL0002) 5 | LevelInDesiredState = The domain functional level is in the desired state. (ADDFL0003) 6 | LevelNotInDesiredState = The domain functional level is not in the desired state. (ADDFL0004) 7 | DomainModeUpdating = The domain functional level will change from '{0}' to '{1}'. (ADDFL0005) 8 | '@ 9 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADDomainTrust/MSFT_ADDomainTrust.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.1.0"), FriendlyName("ADDomainTrust")] 2 | class MSFT_ADDomainTrust : OMI_BaseResource 3 | { 4 | [Write, Description("Specifies whether the computer account is present or absent. Default value is 'Present'."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; 5 | [Required, Description("Specifies the credentials to authenticate to the target domain."), EmbeddedInstance("MSFT_Credential")] String TargetCredential; 6 | [Key, Description("Specifies the name of the Active Directory domain that is being trusted.")] String TargetDomainName; 7 | [Required, Description("Specifies the type of trust. The value 'External' means the context Domain, while the value 'Forest' means the context 'Forest'."), ValueMap{"External","Forest"}, Values{"External","Forest"}] String TrustType; 8 | [Required, Description("Specifies the direction of the trust."), ValueMap{"Bidirectional","Inbound","Outbound"}, Values{"Bidirectional","Inbound","Outbound"}] String TrustDirection; 9 | [Key, Description("Specifies the name of the Active Directory domain that is requesting the trust.")] String SourceDomainName; 10 | [Write, Description("Specifies if the is allowed to be recreated if required. Default value is $false.")] Boolean AllowTrustRecreation; 11 | }; 12 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADDomainTrust/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The ADDomainTrust DSC resource will manage Domain Trusts within Active Directory. A trust is a relationship, which you establish between domains or forests. To understand more about trusts in Active Directory, please see the article [Forest Design Models](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/forest-design-models) for more information. 4 | 5 | ## Requirements 6 | 7 | * Target machine must be running Windows Server 2008 R2 or later. 8 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADDomainTrust/en-US/MSFT_ADDomainTrust.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData @' 3 | CheckingTrustMessage = Determining if the trust between domains '{0}' and '{1}' with the context type '{2}' exists. (ADDT0001) 4 | RemovedTrust = Trust between between domains '{0}' and '{1}' with the context type '{2}' has been removed. (ADDT0002) 5 | AddedTrust = Created the trust between domains '{0}' and '{1}' with the context type '{2}' and direction '{3}'. (ADDT0003) 6 | SetTrustDirection = The trust direction has been changed to '{0}'. (ADDT0004) 7 | TrustPresentMessage = The trust between domains '{0}' and '{1}' with the context type '{2}' exist. (ADDT0005) 8 | TrustAbsentMessage = There is no trust between domains '{0}' and '{1}' with the context type '{2}'. (ADDT0006) 9 | TestConfiguration = Determining the current state of the Active Directory trust with source domain '{0}', target domain '{1}' and context type '{2}'. (ADDT0007) 10 | InDesiredState = The Active Directory trust is in the desired state. (ADDT0008) 11 | NotInDesiredState = The Active Directory trust is not in the desired state. (ADDT0009) 12 | NeedToRecreateTrust = The trust type is not in desired state, removing the trust between the domains '{0}' and '{1}' with the context type '{2}' to be able to recreate the trust with the correct context type '{3}'. (ADDT0010) 13 | RecreatedTrustType = Recreated the trust between domains '{0}' and '{1}' with the context type '{2}' and direction '{3}'. (ADDT0011) 14 | NotOptInToRecreateTrust = Not opt-in to recreate trust. To opt-in set the parameter AllowTrustRecreation to $true. 15 | '@ 16 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADFineGrainedPasswordPolicy/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The ADFineGrainedPasswordPolicy DSC resource will manage an Active Directory domain's fine grained password policies. 4 | 5 | ## Requirements 6 | 7 | * Target machine must be running Windows Server 2012 or later. 8 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADFineGrainedPasswordPolicy/en-US/MSFT_ADFineGrainedPasswordPolicy.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData @' 3 | QueryingPasswordPolicy = Querying policy '{0}'. (ADFGPP0001) 4 | CreatingPasswordPolicy = Creating policy '{0}'. (ADFGPP0002) 5 | RemovingPasswordPolicy = Removing policy '{0}'. (ADFGPP0003) 6 | SettingPasswordPolicyValue = Setting policy '{0}' property '{1}' to '{2}'. (ADFGPP0004) 7 | PasswordPolicyInDesiredState = Policy '{0}' is in the desired state. (ADFGPP0005) 8 | PasswordPolicyNotInDesiredState = Policy '{0}' is not in the desired state. (ADFGPP0006) 9 | SettingPasswordPolicyError = Error setting policy '{0}'. (ADFGPP0007) 10 | AddingPasswordPolicyError = Error adding policy '{0}'. (ADFGPP0008) 11 | RemovePasswordPolicyError = Error removing policy '{0}'. (ADFGPP0009) 12 | RetrievePasswordPolicyError = Error retrieving policy '{0}'. (ADFGPP0010) 13 | RetrievePasswordPolicySubjectError = Error retrieving policy subject '{0}'. (ADFGPP0011) 14 | PasswordPolicyExistsButShouldNot = Policy '{0}' exists but should not. (ADFGPP0012) 15 | PasswordPolicyDoesNotExistButShould = Policy '{0}' does not exist but should. (ADFGPP0013) 16 | RemoveDeletionProtection = Removing deletion protection from policy '{0}'. (ADFGPP0014) 17 | RemovingDeletionProtectionError = Error removing deletion protection from policy '{0}'. (ADFGPP0015) 18 | AddingPasswordPolicySubjects = Adding new subjects to policy '{0}', count '{1}'. (ADFGPP0016) 19 | RemovingPasswordPolicySubjects = Removing existing subjects from policy '{0}', count '{1}'. (ADFGPP0017) 20 | AddingPasswordPolicySubjectsError = Error adding subjects to policy '{0}'. (ADFGPP0018) 21 | RemovingPasswordPolicySubjectsError = Error removing subjects from policy '{0}'. (ADFGPP0019) 22 | PasswordPolicyNotFound = Policy '{0}' was not found. (ADFGPP0020) 23 | '@ 24 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADForestFunctionalLevel/MSFT_ADForestFunctionalLevel.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("ADForestFunctionalLevel")] 2 | class MSFT_ADForestFunctionalLevel : OMI_BaseResource 3 | { 4 | [Key, Description("Specifies the Active Directory forest to modify. You can identify a forest by its fully qualified domain name (FQDN), GUID, DNS host name, or NetBIOS name.")] String ForestIdentity; 5 | [Required, Description("Specifies the the functional level for the Active Directory forest."), ValueMap{"Windows2008R2Forest", "Windows2012Forest", "Windows2012R2Forest", "Windows2016Forest", "Windows2025Forest"}, Values{"Windows2008R2Forest", "Windows2012Forest", "Windows2012R2Forest", "Windows2016Forest", "Windows2025Forest"}] String ForestMode; 6 | }; 7 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADForestFunctionalLevel/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | This resource changes the forest functional level. For further details, see [Forest and Domain Functional Levels](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels). 4 | 5 | **WARNING: This action might be irreversible!** Make sure you understand 6 | the consequences of changing the forest functional level. 7 | 8 | Read more about raising function levels and potential roll back 9 | scenarios in the Active Directory documentation, for example: [Upgrade Domain Controllers to Windows Server 2016](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-controllers). 10 | 11 | ## Requirements 12 | 13 | * Target machine must be running Windows Server 2008 R2 or later. 14 | * Target machine must be running the minimum required operating system 15 | version for the forest functional level to set. 16 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADForestFunctionalLevel/en-US/MSFT_ADForestFunctionalLevel.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData @' 3 | RetrievingForestMode = Retrieving the forest functional level for the forest '{0}'. (ADFFL0001) 4 | TestConfiguration = Determining the current forest functional level in the forest '{0}'. (ADFFL0002) 5 | LevelInDesiredState = The forest functional level is in the desired state. (ADFFL0003) 6 | LevelNotInDesiredState = The forest functional level is not in the desired state. (ADFFL0004) 7 | ForestModeUpdating = The forest functional level will change from '{0}' to '{1}'. (ADFFL0005) 8 | '@ 9 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADForestProperties/MSFT_ADForestProperties.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("ADForestProperties")] 2 | class MSFT_ADForestProperties : OMI_BaseResource 3 | { 4 | [Write, Description("Specifies the user account credentials to use to perform this task."), EmbeddedInstance("MSFT_Credential")] String Credential; 5 | [Key, Description("Specifies the target Active Directory forest for the change.")] String ForestName; 6 | [Write, Description("Specifies the Service Principal Name (SPN) Suffix(es) to be explicitly defined in the forest and replace existing Service Principal Names. Cannot be used with ServicePrincipalNameSuffixToAdd or ServicePrincipalNameSuffixToRemove.")] String ServicePrincipalNameSuffix[]; 7 | [Write, Description("Specifies the Service Principal Name (SPN) Suffix(es) to be added to the forest. Cannot be used with ServicePrincipalNameSuffix.")] String ServicePrincipalNameSuffixToAdd[]; 8 | [Write, Description("Specifies the Service Principal Name (SPN) Suffix(es) to be removed from the forest. Cannot be used with ServicePrincipalNameSuffix.")] String ServicePrincipalNameSuffixToRemove[]; 9 | [Write, Description("Specifies the AD Tombstone lifetime which determines how long deleted items exist in Active Directory before they are purged.")] Sint32 TombStoneLifetime; 10 | [Write, Description("Specifies the User Principal Name (UPN) Suffix(es) to be explicitly defined in the forest and replace existing User Principal Names. Cannot be used with UserPrincipalNameSuffixToAdd or UserPrincipalNameSuffixToRemove.")] String UserPrincipalNameSuffix[]; 11 | [Write, Description("Specifies the User Principal Name (UPN) Suffix(es) to be added to the forest. Cannot be used with UserPrincipalNameSuffix.")] String UserPrincipalNameSuffixToAdd[]; 12 | [Write, Description("Specifies the User Principal Name (UPN) Suffix(es) to be removed from the forest. Cannot be used with UserPrincipalNameSuffix.")] String UserPrincipalNameSuffixToRemove[]; 13 | }; 14 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADForestProperties/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The ADForestProperties DSC resource will manage forest wide settings within an Active Directory forest. 4 | These include User Principal Name (UPN) suffixes, Service Principal Name (SPN) suffixes and the tombstone lifetime. 5 | 6 | ## Requirements 7 | 8 | * Target machine must be running Windows Server 2008 R2 or later. 9 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADForestProperties/en-US/MSFT_ADForestProperties.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData @' 3 | GetForest = Getting properties for forest '{0}'. (ADFP0001) 4 | ForestUpnSuffixNotInDesiredState = User Principal Name Suffix for forest '{0}' not in the desired state. (ADFP0002) 5 | ForestSpnSuffixNotInDesiredState = Service Principal Name Suffix for forest '{0}' not in the desired state. (ADFP0003) 6 | AddSpnSuffix = Adding Service Principal Name Suffix: '{0}' for forest '{1}'. (ADFP0004) 7 | RemoveSpnSuffix = Removing Service Principal Name Suffix: '{0}' for forest '{1}'. (ADFP0005) 8 | ReplaceSpnSuffix = Replacing Service Principal Name Suffix with: '{0}' for forest '{1}'. (ADFP0006) 9 | ClearSpnSuffix = Clearing Service Principal Name Suffix for forest '{0}'. (ADFP0007) 10 | AddUpnSuffix = Adding User Principal Name Suffix: '{0}' for forest '{1}'. (ADFP0008) 11 | RemoveUpnSuffix = Removing User Principal Name Suffix: '{0}' for forest '{1}'. (ADFP0009) 12 | ReplaceUpnSuffix = Replacing User Principal Name Suffix with: '{0}' for forest '{1}'. (ADFP0010) 13 | ClearUpnSuffix = Clearing User Principal Name Suffix for forest '{0}'. (ADFP0011) 14 | TombstoneLifetimeNotInDesiredState = Tombstone lifetime for forest '{0}' not in the desired state. Current: '{1}', Expected: '{2}'. (ADFP0012) 15 | SetTombstoneLifetime = Setting tombstone lifetime to '{0}' for forest '{1}. (ADFP0013) 16 | SetTombstoneLifetimeError = Error setting tombstone lifetime to '{0}' for forest '{1}. (ADFP0014) 17 | '@ 18 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADGroup/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The ADGroup DSC resource will manage groups within Active Directory. 4 | 5 | ## Requirements 6 | 7 | * Target machine must be running Windows Server 2008 R2 or later. 8 | * The parameter `RestoreFromRecycleBin` requires that the feature Recycle 9 | Bin has been enabled prior to an object is deleted. If the feature 10 | Recycle Bin is disabled then the property `msDS-LastKnownRDN` is not 11 | added the deleted object. 12 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADGroup/en-US/MSFT_ADGroup.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData @' 3 | RetrievingGroupMembers = Retrieving group membership based on '{0}' property. (ADG0001) 4 | GroupMembershipNotDesiredState = Group membership is NOT in the desired state. (ADG0002) 5 | AddingGroupMembers = Adding '{0}' member(s) to AD group '{1}'. (ADG0003) 6 | RemovingGroupMembers = Removing '{0}' member(s) from AD group '{1}'. (ADG0004) 7 | AddingGroup = Creating AD Group '{0}'. (ADG0005) 8 | RemovingGroup = Removing AD Group '{0}'. (ADG0007) 9 | MovingGroup = Moving AD Group '{0}' to '{1}'. (ADG0008) 10 | RestoringGroup = Attempting to restore the group {0} from recycle bin. (ADG0009) 11 | UpdatingResourceProperty = Updating AD Group '{0}' property '{1}' to '{2}'. (ADG0012) 12 | RetrievingGroupMembersError = Error retrieving membership for AD Group '{0}'. (ADG0014) 13 | ResourceExistsButShouldNotMessage = AD Group '{0}' exists but should not. (ADG0015) 14 | ResourceDoesNotExistButShouldMessage = AD Group '{0}' does not exist but should. (ADG0016) 15 | AddingGroupError = Error adding AD Group '{0}'. (ADG0017) 16 | RemovingGroupError = Error removing AD Group '{0}'. (ADG0018) 17 | MovingGroupError = Error moving AD Group '{0}' from '{1}' to '{2}'. (ADG0019) 18 | SettingGroupError = Error setting AD Group '{0}'. (ADG0020) 19 | RetrievingGroup = Retrieving AD Group '{0}'. (ADG0021) 20 | RetrievingGroupError = Error Retrieving AD Group '{0}'. (ADG0022) 21 | GroupIsPresent = The AD Group '{0}' is present. (ADG0023) 22 | GroupIsAbsent = The AD Group '{0}' is absent. (ADG0024) 23 | ResourceInDesiredStateMessage = AD Group '{0}' is in the desired state. (ADG0025) 24 | '@ 25 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADKDSKey/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The ADKDSKey DSC resource will manage KDS Root Keys within Active Directory. The KDS root keys are used to begin generating Group Managed Service Account (gMSA) passwords. 4 | 5 | ## Requirements 6 | 7 | * Target machine must be running Windows Server 2008 R2 or later. 8 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADManagedServiceAccount/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The ADManagedServiceAccount DSC resource will manage Single and Group Managed Service Accounts (MSAs) within Active Directory. A Managed Service Account is a managed domain account that provides automatic password management, simplified service principal name (SPN) management and the ability to delegate management to other administrators. 4 | A Single Managed Service Account can only be used on a single computer, whereas a Group Managed Service Account can be shared across multiple computers. 5 | 6 | ## Requirements 7 | 8 | * Target machine must be running Windows Server 2008 R2 or later. 9 | * Group Managed Service Accounts need at least one Windows Server 2012 Domain Controller. 10 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADManagedServiceAccount/en-US/MSFT_ADManagedServiceAccount.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture='en-US' 2 | ConvertFrom-StringData @' 3 | AddingManagedServiceAccountMessage = Adding {0} Account '{1}' to '{2}'. (MSA0001) 4 | RecreatingManagedServiceAccountMessage = Recreating {0} Account '{1}'. (MSA0002) 5 | RemovingManagedServiceAccountMessage = Removing {0} Account '{1}'. (MSA0003) 6 | MovingManagedServiceAccountMessage = Moving {0} Account '{1}' from '{2}' to '{3}'. (MSA0004) 7 | ManagedServiceAccountNotFoundMessage = {0} Account '{1}' was not found. (MSA0005) 8 | RetrievingManagedServiceAccountMessage = Retrieving Account '{0}'. (MSA0006) 9 | ManagedServiceAccountInDesiredStateMessage = {0} Account '{1}' is in the desired state. (MSA0007) 10 | UpdatingManagedServiceAccountPropertyMessage = Updating {0} Account '{1}' property '{2}' to '{3}'. (MSA0008) 11 | RetrievingManagedPasswordPrincipalsMessage = Retrieving Principals Allowed To Retrieve Managed Password based on '{0}' property. (MSA0009) 12 | ResourceExistsButShouldNotMessage = {0} Account '{1}' exists but should not. (MSA0010) 13 | ResourceDoesNotExistButShouldMessage = {0} Account '{1}' does not exist but should. (MSA0011) 14 | AddingManagedServiceAccountError = Error adding {0} Account '{1}' to '{2}'. (MSA0012) 15 | RemovingManagedServiceAccountError = Error removing {0} Account '{1}'. (MSA0013) 16 | SettingManagedServiceAccountError = Error setting {0} Account '{1}'. (MSA0014) 17 | MovingManagedServiceAccountError = Error moving {0} Account '{1}' from '{2}' to '{3}'. (MSA0015) 18 | RetrievingManagedServiceAccountError = Error retrieving Account '{0}'. (MSA0016) 19 | RetrievingManagedPasswordPrincipalsError = Error retrieving Principal '{0}'. (MSA0017) 20 | GettingADDomainError = Error getting Active Directory Domain details. (MSA0018) 21 | KdsRootKeyNotFoundError = Error adding group account '{0}'. The KDS Root Key was not found. (MSA0019) 22 | '@ 23 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADObjectEnabledState/MSFT_ADObjectEnabledState.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("ADObjectEnabledState")] 2 | class MSFT_ADObjectEnabledState : OMI_BaseResource 3 | { 4 | [Key, Description("Specifies the identity of an object that has the object class specified in the parameter ObjectClass. When ObjectClass is set to 'Computer' then this property can be set to either distinguished name, GUID (objectGUID), security identifier (objectSid), or security Accounts Manager account name (sAMAccountName).")] String Identity; 5 | [Key, Description("Specifies the object class."), ValueMap{"Computer"}, Values{"Computer"}] String ObjectClass; 6 | [Required, Description("Specifies the value of the Enabled property.")] Boolean Enabled; 7 | [Write, Description("Specifies the Active Directory Domain Services instance to connect to perform the task.")] String DomainController; 8 | [Write, Description("Specifies the user account credentials to use to perform the task."), EmbeddedInstance("MSFT_Credential")] String Credential; 9 | }; 10 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADObjectEnabledState/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | This resource enforces the property `Enabled` on the object class *Computer*. 4 | 5 | >This resource could support other object classes like *msDS-ManagedServiceAccount*, 6 | >*msDS-GroupManagedServiceAccount*, and *User*. But these object classes 7 | >are not yet supported due to that other resources already enforces the 8 | >`Enabled` property. If this resource should support another object class, 9 | >then it should be made so that only one resource enforces the enabled 10 | >property. This is to prevent a potential "ping-pong" behavior if both 11 | >resource would be used in a configuration. 12 | 13 | ## Requirements 14 | 15 | * Target machine must be running Windows Server 2008 R2 or later. 16 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADObjectEnabledState/en-US/MSFT_ADObjectEnabledState.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData @' 3 | RetrievingComputerAccount = Retrieving the information about the computer account '{0}' from Active Directory. (ADOES0001) 4 | ComputerAccountEnabled = The computer account is enabled. (ADOES0002) 5 | ComputerAccountDisabled = The computer account is disabled. (ADOES0003) 6 | FailedToRetrieveComputerAccount = Failed to retrieve the computer account '{0}' from Active Directory. (ADOES0005) 7 | TestConfiguration = Determining the current state of the enabled property of the object with the identity '{0}' and object class '{1}'. (ADOES0006) 8 | ComputerAccountInDesiredState = The property Enabled of the computer account '{0}' is in the desired state. (ADOES0007) 9 | ComputerAccountNotInDesiredState = The property Enabled of the computer account '{0}' is not in the desired state. (ADOES0008) 10 | ComputerAccountHasBeenDisabled = The computer account '{0}' has been disabled. (ADOES0009) 11 | ComputerAccountHasBeenEnabled = The computer account '{0}' has been enabled. (ADOES0010) 12 | '@ 13 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADObjectPermissionEntry/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The ADObjectPermissionEntry DSC resource will manage access control lists on Active Directory objects. The resource is 4 | designed to to manage just one entry in the list of permissions (ACL) for one AD object. It will only interact with the 5 | one permission and leave all others as they were. The resource can be used multiple times to add multiple entries into 6 | one ACL. 7 | 8 | ## Requirements 9 | 10 | * Target machine must be running Windows Server 2008 R2 or later. 11 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADObjectPermissionEntry/en-US/MSFT_ADObjectPermissionEntry.strings.psd1: -------------------------------------------------------------------------------- 1 | 2 | # culture='en-US' 3 | ConvertFrom-StringData @' 4 | ObjectPermissionEntryFound = Object permission entry found on object '{0}'. (OPE0001) 5 | ObjectPermissionEntryNotFound = Object permission entry not found on object '{0}'. (OPE0002) 6 | AddingObjectPermissionEntry = Adding object permission entry to object '{0}'. (OPE0003) 7 | RemovingObjectPermissionEntry = Removing object permission entry from object '{0}'. (OPE0004) 8 | ObjectPermissionEntryInDesiredState = Object permission entry on object '{0}' is in the desired state. (OPE0005) 9 | ObjectPermissionEntryNotInDesiredState = Object permission entry on object '{0}' is not in the desired state. (OPE0006) 10 | ObjectPathIsAbsent = Object Path '{0}' is absent from Active Directory. (OPE0007) 11 | RetrievedADDrivePSPath = Retrieved the AD Drive full PSPath of '{0}'. (OPE0008) 12 | '@ 13 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADOptionalFeature/MSFT_ADOptionalFeature.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("ADOptionalFeature")] 2 | class MSFT_ADOptionalFeature : OMI_BaseResource 3 | { 4 | [Key, Description("Specifies the target Active Directory forest for the change.")] String ForestFQDN; 5 | [Key, Description("Specifies the feature to be activated")] String FeatureName; 6 | [Required, EmbeddedInstance("MSFT_Credential"), Description("Specifies the user account credentials to use to perform this task.")] String EnterpriseAdministratorCredential; 7 | [Read, Description("Shows the current state of the feature i.e. enabled or not")] Boolean Enabled; 8 | }; 9 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADOptionalFeature/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The ADOptionalFeature DSC resource will enable the Active Directory Optional Feature of choice for the target forest. 4 | This resource first verifies that the forest and domain modes match or exceed the requirements. If the forest or domain mode 5 | is insufficient, then the resource will exit with an error message. The change is executed against the 6 | Domain Naming Master FSMO of the forest. 7 | 8 | ## Requirements 9 | 10 | * Target machine must be running Windows Server 2008 R2 or later, depending on the feature. 11 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADOptionalFeature/en-US/MSFT_ADOptionalFeature.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture='en-US' 2 | ConvertFrom-StringData @' 3 | ForestNotFound = Cannot contact forest '{0}'. Check the spelling of the Forest FQDN and make sure that a domain controller is available on the network. (ADOF0001) 4 | CredentialError = Credential error. Check the username and password used. (ADOF0002) 5 | GetUnhandledException = Unhandled exception getting Optional Feature status for forest '{0}'. (ADOF0003) 6 | SetUnhandledException = Unhandled exception setting Optional Feature status for forest '{0}'. (ADOF0004) 7 | ForestFunctionalLevelError = Forest functional level '{0}' does not meet minimum requirement of Windows2008R2Forest or greater. (ADOF0005) 8 | DomainFunctionalLevelError = Domain functional level '{0}' does not meet minimum requirement of Windows2008R2Forest or greater. (ADOF0006) 9 | OptionalFeatureEnabled = Active Directory {0} is enabled. (ADOF0007) 10 | OptionalFeatureNotEnabled = Active Directory {0} is not enabled. (ADOF0008) 11 | EnablingOptionalFeature = Enabling Active Directory {1} in the forest '{0}'. (ADOF0009) 12 | '@ 13 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADOrganizationalUnit/MSFT_ADOrganizationalUnit.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("ADOrganizationalUnit")] 2 | class MSFT_ADOrganizationalUnit : OMI_BaseResource 3 | { 4 | [Key, Description("The name of the Organizational Unit (OU).")] String Name; 5 | [Key, Description("Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created.")] String Path; 6 | [Write, Description("Specifies whether the Organizational Unit (OU) should be present or absent. Default value is 'Present'."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] String Ensure; 7 | [Write, Description("The credential to be used to perform the operation on Active Directory."), EmbeddedInstance("MSFT_Credential")] String Credential; 8 | [Write, Description("Specifies the Active Directory Domain Services instance to use to perform the task.")] String DomainController; 9 | [Write, Description("Specifies if the Organizational Unit (OU) container should be protected from deletion. Default value is $true.")] Boolean ProtectedFromAccidentalDeletion; 10 | [Write, Description("Specifies the description of the Organizational Unit (OU). Default value is empty ('').")] String Description; 11 | [Write, Description("Try to restore the Organizational Unit (OU) from the recycle bin before creating a new one.")] Boolean RestoreFromRecycleBin; 12 | [Read, Description("Returns the X.500 distinguished name of the Organizational Unit.")] String DistinguishedName; 13 | }; 14 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADOrganizationalUnit/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The ADOrganizational Unit DSC resource will manage Organizational Units (OUs) within Active Directory. An OU is a 4 | subdivision within an Active Directory into which you can place users, groups, computers, and other organizational 5 | units. 6 | 7 | ## Requirements 8 | 9 | * Target machine must be running Windows Server 2008 R2 or later. 10 | * The parameter `RestoreFromRecycleBin` requires that the feature Recycle Bin has been enabled prior to an object being 11 | deleted. If the Recycle Bin feature is disabled then the property `msDS-LastKnownRDN` is not added the deleted object. 12 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADOrganizationalUnit/en-US/MSFT_ADOrganizationalUnit.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData @' 3 | RetrievingOU = Retrieving OU '{0}' from path '{1}'. (ADOU0001) 4 | UpdatingOU = Updating OU '{0}'. (ADOU0002) 5 | DeletingOU = Deleting OU '{0}'. (ADOU0003) 6 | CreatingOU = Creating OU '{0}'. (ADOU0004) 7 | RestoringOU = Attempting to restore the organizational unit object' {0}' from the recycle bin. (ADOU0005) 8 | OUInDesiredState = OU '{0}' exists and is in the desired state. (ADOU0006) 9 | OUExistsButShouldNot = OU '{0}' exists when it should not exist. (ADOU0007) 10 | OUDoesNotExistButShould = OU '{0}' does not exist when it should exist. (ADOU0008) 11 | OUDoesNotExistAndShouldNot = OU '{0}' does not exist and is in the desired state. (ADOU00090) 12 | PathNotFoundError = The Path '{0}' was not found. (ADOU0010) 13 | OUIsPresent = The OU '{0}' is present. (ADOU0011) 14 | OUIsAbsent = The OU '{0}' is absent. (ADOU0012) 15 | OUPathIsAbsent = The OU Parent Path '{0}' is absent. (ADOU0013) 16 | GetResourceError = Error getting OU '{0}'. (ADOU0014) 17 | NewResourceError = Error adding OU '{0}'. (ADOU0015) 18 | SetResourceError = Error updating OU '{0}'. (ADOU0016) 19 | RemoveResourceError = Error removing OU '{0}'. (ADOU0017) 20 | '@ 21 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADReadOnlyDomainControllerAccount/MSFT_ADReadOnlyDomainControllerAccount.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.1.0"), FriendlyName("ADReadOnlyDomainControllerAccount")] 2 | class MSFT_ADReadOnlyDomainControllerAccount : OMI_BaseResource 3 | { 4 | [Key, Description("The name of the Read Only Domain Controller Account which will be created.")] String DomainControllerAccountName; 5 | [Key, Description("The fully qualified domain name (FQDN) of the domain the Read Only Domain Controller will be created in.")] String DomainName; 6 | [Required, Description("The credentials (as a 'PSCredential' object) of a user that has Domain Administrator rights to add the Read Only Domain Controller Account to the domain."), EmbeddedInstance("MSFT_Credential")] String Credential; 7 | [Required, Description("The name of the site this Read Only Domain Controller Account will be added to.")] String SiteName; 8 | [Write, Description("Specifies if the read only domain controller will be a Global Catalog (GC).")] Boolean IsGlobalCatalog; 9 | [Read, Description("Returns the state of the Read Only Domain Controller Account.")] String Ensure; 10 | [Write, Description("Specifies the user or group that is the delegated administrator of this Read-Only Domain Controller (RODC) Account.")] String DelegatedAdministratorAccountName; 11 | [Write, Description("Specifies an array of names of user accounts, group accounts, and computer accounts whose passwords can be replicated to this Read-Only Domain Controller (RODC) Account.")] String AllowPasswordReplicationAccountName[]; 12 | [Write, Description("Specifies the names of user accounts, group accounts, and computer accounts whose passwords are not to be replicated to this Read-Only Domain Controller (RODC) Account.")] String DenyPasswordReplicationAccountName[]; 13 | [Write, Description("Specifies if the DNS Server service should be installed and configured on the Read Only Domain Controller. If this is not set the default value of the parameter `InstallDns` of the cmdlet Add-ADDSReadOnlyDomainControllerAccount is used. This parameter is only used during the provisioning of a read only domain controller. The parameter cannot be used to install or uninstall the DNS server on an already provisioned read only domain controller.")] Boolean InstallDns; 14 | }; 15 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADReadOnlyDomainControllerAccount/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The ADReadOnlyDomainControllerAccount DSC resource will pre-create a read only domain 4 | controller account in Active Directory. This allows the account actually installing 5 | the read only domain controller to use delegated administrative credentials supplied in 6 | DelegatedAdministratorAccountName rather than requiring Domain Admins permissions. 7 | 8 | > The resource does not support removing pre-created Read Only Domain Controller accounts. 9 | 10 | ## Requirements 11 | 12 | * Target machine must be running Windows Server 2008 R2 or later. 13 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADReplicationSite/MSFT_ADReplicationSite.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("ADReplicationSite")] 2 | class MSFT_ADReplicationSite : OMI_BaseResource 3 | { 4 | [Write, Description("Specifies if the Active Directory replication site should be present or absent. Default value is 'Present'."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] String Ensure; 5 | [Key, Description("Specifies the name of the Active Directory replication site.")] String Name; 6 | [Write, Description("Specifies if the Default-First-Site-Name should be renamed if it exists. Default value is $false.")] Boolean RenameDefaultFirstSiteName; 7 | [Write, Description("Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is 'description'.")] String Description; 8 | }; 9 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADReplicationSite/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The ADReplicationSite DSC resource will manage Replication Sites within Active Directory. Sites are used in Active Directory to either enable clients to discover network resources (published shares, domain controllers) close to the physical location of a client computer or to reduce network traffic over wide area network (WAN) links. Sites can also be used to optimize replication between domain controllers. 4 | 5 | ## Requirements 6 | 7 | * Target machine must be running Windows Server 2008 R2 or later. 8 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADReplicationSite/en-US/MSFT_ADReplicationSite.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture='en-US' 2 | ConvertFrom-StringData @' 3 | AddReplicationSiteDefaultFirstSiteName = Add the replication site 'Default-First-Site-Name' to '{0}'. (ADRS0001) 4 | AddReplicationSite = Add the replication site '{0}'. (ADRS0002) 5 | RemoveReplicationSite = Remove the replication site '{0}'. (ADRS0003) 6 | GetReplicationSite = Getting replication site '{0}'. (ADRS0004) 7 | ReplicationSiteAbsent = Replication site '{0}' is not present. (ADRS0005) 8 | ReplicationSitePresent = Replication site '{0}' is present. (ADRS0006) 9 | ReplicationSiteInDesiredState = The replication site '{0}' is in the desired state. (ADRS0007) 10 | ReplicationSiteNotInDesiredState = The replication site '{0}' is not in the desired state. (ADRS0008) 11 | UpdateReplicationSite = The replication site '{0}' needs to be updated. 12 | '@ 13 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADReplicationSiteLink/MSFT_ADReplicationSiteLink.schema.mof: -------------------------------------------------------------------------------- 1 | 2 | [ClassVersion("1.0.0.0"), FriendlyName("ADReplicationSiteLink")] 3 | class MSFT_ADReplicationSiteLink : OMI_BaseResource 4 | { 5 | [Key, Description("Specifies the name of the site link.")] String Name; 6 | [Write, Description("Specifies the cost to be placed on the site link.")] SInt32 Cost; 7 | [Write, Description("This parameter sets the value of the Description property for the object.")] String Description; 8 | [Write, Description("Species the frequency (in minutes) for which replication will occur where this site link is in use between sites.")] Sint32 ReplicationFrequencyInMinutes; 9 | [Write, Description("Specifies the list of sites included in the site link.")] String SitesIncluded[]; 10 | [Write, Description("Specifies the list of sites to exclude from the site link.")] String SitesExcluded[]; 11 | [Write, Description("Specifies if the site link should be present or absent. Default value is 'Present'."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; 12 | [Write, Description("Enables or disables Change Notification Replication on a site link. Default value is $false.")] Boolean OptionChangeNotification; 13 | [Write, Description("Enables or disables Two Way Sync on a site link. Default value is $false.")] Boolean OptionTwoWaySync; 14 | [Write, Description("Enables or disables Compression on a site link. Default value is $false.")] Boolean OptionDisableCompression; 15 | }; 16 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADReplicationSiteLink/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The ADReplicationSiteLink DSC resource will manage Replication Site Links within Active Directory. A site link connects two or more sites. Site links reflect the administrative policy for how sites are to be interconnected and the methods used to transfer replication traffic. You must connect sites with site links so that domain controllers at each site can replicate Active Directory changes. 4 | 5 | ## Requirements 6 | 7 | * Target machine must be running Windows Server 2008 R2 or later. 8 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADReplicationSiteLink/en-US/MSFT_ADReplicationSiteLink.strings.psd1: -------------------------------------------------------------------------------- 1 | ConvertFrom-StringData @' 2 | SiteNotFound = Site: '{0}' not found in SitesIncluded. Current SitesIncluded: '{1}'. (ADRSL0001) 3 | SiteFoundInExcluded = Excluded '{0}' site found in SitesIncluded. Current SitesIncluded: '{1}'. (ADRSL0002) 4 | PropertyNotInDesiredState = '{0}' is not in desired state Current: '{1}' Desired: '{2}'. (ADRSL0003) 5 | SettingProperty = Setting property '{0}' to '{1}' on site link '{2}'. (ADRSL0004) 6 | RemovingSites = Removing sites '{0}' from site link '{1}'. (ADRSL0005) 7 | AddingSites = Adding sites '{0}' to site link '{1}'. (ADRSL0006) 8 | NewSiteLink = Creating AD Site Link '{0}'. (ADRSL0007) 9 | RemoveSiteLink = Removing AD Site Link '{0}'. (ADRSL0008) 10 | SiteLinkNotFound = Could not find '{0}' site link. (ADRSL0009) 11 | GetSiteLinkUnexpectedError = Unexpected error getting site link '{0}'. (ADRSL0010) 12 | ADSiteInDesiredState = '{0}' is in the desired state. (ADRSL0011) 13 | ADSiteNotInDesiredState = '{0}' is not in the desired state. (ADRSL0012) 14 | ADSiteIsPresentButShouldBeAbsent = '{0}' is present but should be absent. (ADRSL0013) 15 | ADSiteIsAbsentButShouldBePresent = '{0}' is absent but should be present. (ADRSL0014) 16 | '@ 17 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADReplicationSubnet/MSFT_ADReplicationSubnet.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("ADReplicationSubnet")] 2 | class MSFT_ADReplicationSubnet : OMI_BaseResource 3 | { 4 | [Write, Description("Specifies if the Active Directory replication subnet should be present or absent. Default value is 'Present'."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] String Ensure; 5 | [Key, Description("The name of the Active Directory replication subnet, e.g. 10.0.0.0/24.")] String Name; 6 | [Required, Description("The name of the assigned Active Directory replication site, e.g. Default-First-Site-Name.")] String Site; 7 | [Write, Description("The location for the Active Directory replication site. Default value is empty ('') location.")] String Location; 8 | [Write, Description("Specifies a description of the object. This parameter sets the value of the Description property for the object.")] String Description; 9 | }; 10 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADReplicationSubnet/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The ADReplicationSubnet DSC resource will manage replication subnets. 4 | 5 | ## Requirements 6 | 7 | * Target machine must be running Windows Server 2008 R2 or later. 8 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADReplicationSubnet/en-US/MSFT_ADReplicationSubnet.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture='en-US' 2 | ConvertFrom-StringData @' 3 | CreateReplicationSubnet = Create the replication subnet '{0}'. (ADRS0001) 4 | RemoveReplicationSubnet = Remove the replication subnet '{0}'. (ADRS0002) 5 | GetReplicationSubnet = Getting replication subnet '{0}'. (ADRS0003) 6 | SetReplicationSubnetSite = Set the replication subnet '{0}' site to '{1}'. (ADRS0004) 7 | SetReplicationSubnetLocation = Set the replication subnet '{0}' location to '{1}'. (ADRS0005) 8 | ReplicationSubnetAbsent = Replication subnet '{0}' is absent. (ADRS0006) 9 | ReplicationSubnetPresent = Replication subnet '{0}' is present. (ADRS0007) 10 | ReplicationSubnetInDesiredState = The replication subnet '{0}' is in the desired state. (ADRS0008) 11 | ReplicationSubnetNotInDesiredState = The replication subnet '{0}' is not in the desired state. (ADRS0009) 12 | SetReplicationSubnetDescription = Set the replication subnet '{0}' description to '{1}'. (ADRS0010) 13 | '@ 14 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADServicePrincipalName/MSFT_ADServicePrincipalName.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("ADServicePrincipalName")] 2 | class MSFT_ADServicePrincipalName : OMI_BaseResource 3 | { 4 | [Write, Description("Specifies if the service principal name should be added or removed. Default value is 'Present'."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] String Ensure; 5 | [Key, Description("The full SPN to add or remove, e.g. HOST/LON-DC1.")] String ServicePrincipalName; 6 | [Write, Description("The user or computer account to add or remove the SPN to, e.g. User1 or LON-DC1$. Default value is ''. If Ensure is set to Present, a value must be specified.")] String Account; 7 | }; 8 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADServicePrincipalName/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The ADServicePrincipalName DSC resource will manage service principal names. A service principal name (SPN) is a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. This allows a client application to request that the service authenticate an account even if the client does not have the account name. 4 | 5 | ## Requirements 6 | 7 | * Target machine must be running Windows Server 2008 R2 or later. 8 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADServicePrincipalName/en-US/MSFT_ADServicePrincipalName.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture='en-US' 2 | ConvertFrom-StringData @' 3 | GetServicePrincipalName = Getting service principal name '{0}'. (ADSPN0001) 4 | ServicePrincipalNameAbsent = Service principal name '{0}' is absent. (ADSPN0002) 5 | ServicePrincipalNamePresent = Service principal name '{0}' is present on account(s) '{1}'. (ADSPN0003) 6 | AccountNotFound = Active Directory object with SamAccountName '{0}' not found. (ADSPN0004) 7 | RemoveServicePrincipalName = Removing service principal name '{0}' from account '{1}'. (ADSPN0005) 8 | AddServicePrincipalName = Adding service principal name '{0}' to account '{1}. (ADSPN0006) 9 | ServicePrincipalNameInDesiredState = Service principal name '{0}' is in the desired state. (ADSPN0007) 10 | ServicePrincipalNameNotInDesiredState = Service principal name '{0}' is not in the desired state. (ADSPN0008) 11 | '@ 12 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_ADUser/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The ADUser DSC resource will manage Users within Active Directory. 4 | 5 | ## Requirements 6 | 7 | * Target machine must be running Windows Server 2008 R2 or later. 8 | * The parameter `RestoreFromRecycleBin` requires that the feature Recycle 9 | Bin has been enabled prior to an object is deleted. If the feature 10 | Recycle Bin is disabled then the property `msDS-LastKnownRDN` is not 11 | added the deleted object. 12 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_WaitForADDomain/MSFT_WaitForADDomain.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.1.0"), FriendlyName("WaitForADDomain")] 2 | class MSFT_WaitForADDomain : OMI_BaseResource 3 | { 4 | [Key, Description("Specifies the fully qualified domain name to wait for.")] String DomainName; 5 | [Write, Description("Specifies the site in the domain where to look for a domain controller.")] String SiteName; 6 | [Write, Description("Specifies the credentials that are used when accessing the domain, unless the built-in PsDscRunAsCredential is used."), EmbeddedInstance("MSFT_Credential")] String Credential; 7 | [Write, Description("Specifies the timeout in seconds that the resource will wait for the domain to be accessible. Default value is 300 seconds.")] UInt64 WaitTimeout; 8 | [Write, Description("Specifies the number of times the node will be reboot in an effort to connect to the domain.")] UInt32 RestartCount; 9 | [Write, Description("Specifies that the resource will not throw an error if authentication fails using the provided credentials and continue wait for the timeout. This can be used if the credentials are known to eventually exist but there are a potential timing issue before they are accessible.")] Boolean WaitForValidCredentials; 10 | [Read, Description("Returns a value indicating if a domain controller was found.")] Boolean IsAvailable; 11 | }; 12 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_WaitForADDomain/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The WaitForADDomain resource is used to wait for Active Directory domain 4 | controller to become available in the domain, or available in 5 | a specific site in the domain. 6 | 7 | >Running the resource as *NT AUTHORITY\SYSTEM*, only work when 8 | >evaluating the domain on the current node, for example on a 9 | >node that should be a domain controller (which might require a 10 | >restart of the node once the node becomes a domain controller). 11 | >In all other scenarios use either the built-in parameter 12 | >`PsDscRunAsCredential`, or the parameter `Credential`. 13 | 14 | Using the parameter `WaitForValidCredentials` ignores authentication 15 | errors a let the resource wait until time timeout is reached. If the 16 | parameter `WaitForValidCredentials` is not specified and the resource 17 | throws an authentication error, then the resource will fail. But the 18 | Local Configuration Manger (LCM) will automatically run the configuration 19 | again to try to get the node in desired state. If and when the LCM retries 20 | depends on how the LCM is configured. 21 | 22 | ## Requirements 23 | 24 | * Target machine must be running Windows Server 2008 R2 or later. 25 | -------------------------------------------------------------------------------- /source/DSCResources/MSFT_WaitForADDomain/en-US/MSFT_WaitForADDomain.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture='en-US' 2 | ConvertFrom-StringData @' 3 | SearchDomainController = Searching for a domain controller in the domain '{0}'. (WFADD0001) 4 | RestartWasRequested = A restart was requested when no domain controller was found. Restart number {0} of a total of {1}. (WFADD0003) 5 | DomainInDesiredState = Domain '{0}' is in the desired state. (WFADD0006) 6 | DomainNotInDesiredState = Domain '{0}' is not in the desired state. (WFADD0007) 7 | FoundDomainController = Found domain controller. (WFADD0009) 8 | NoDomainController = No domain controller was found. (WFADD0010) 9 | ImpersonatingCredentials = Impersonating the credentials '{0}' when looking for a domain controller. (WFADD0011) 10 | SearchInSiteOnly = Limiting the search scope for a domain controller to the site '{0}'. (WFADD0012) 11 | TestConfiguration = Determining the current state of the Active Directory domain '{0}'. (WFADD0013) 12 | BackgroundJobFinished = The background job finished running. (WFADD0014) 13 | BackgroundJobFailed = The background job failed while searching for the domain controller. Returning the result of the background job. (WFADD0015) 14 | TimeoutReached = The background job did not completed before the timeout period. (WFADD0016) 15 | WaitingForDomain = Waiting for a domain '{0}' is available or until the timeout of {1} seconds has been reached. (WFADD0017) 16 | StartBackgroundJob = Starting background job that will be searching for the domain controller. (WFADD0018) 17 | WaitBackgroundJob = Waiting for the background job to finish, or timeout. (WFADD0019) 18 | BackgroundJobSuccessful = The background job completed successfully. (WFADD0020) 19 | StartOutputBackgroundJob = --- Start of result from background job. (WFADD0021) 20 | EndOutputBackgroundJob = --- End of result from background job. (WFADD0022) 21 | RemoveBackgroundJob = Removing the background job. (WFADD0023) 22 | '@ 23 | -------------------------------------------------------------------------------- /source/Examples/README.md: -------------------------------------------------------------------------------- 1 | # Examples 2 | 3 | This will help to understand how to setup certain scenarios with the 4 | ActiveDirectoryDsc resource module. 5 | 6 | ## Resource examples 7 | 8 | These are the links to the examples for each individual resource: 9 | 10 | - [ADComputer](Resources/ADComputer) 11 | - [ADDomain](Resources/ADDomain) 12 | - [ADDomainController](Resources/ADDomainController) 13 | - [ADDomainControllerProperties](Resources/ADDomainControllerProperties) 14 | - [ADDomainDefaultPasswordPolicy](Resources/ADDomainDefaultPasswordPolicy) 15 | - [ADDomainFunctionalLevel](Resources/ADDomainFunctionalLevel) 16 | - [ADDomainTrust](Resources/ADDomainTrust) 17 | - [ADForestFunctionalLevel](Resources/ADForestFunctionalLevel) 18 | - [ADForestProperties](Resources/ADForestProperties) 19 | - [ADGroup](Resources/ADGroup) 20 | - [ADKDSKey](Resources/ADKDSKey) 21 | - [ADManagedServiceAccount](Resources/ADManagedServiceAccount) 22 | - [ADObjectEnabledState](Resources/ADObjectEnabledState) 23 | - [ADObjectPermissionEntry](Resources/ADObjectPermissionEntry) 24 | - [ADOptionalFeature](Resources/ADOptionalFeature) 25 | - [ADOrganizationalUnit](Resources/ADOrganizationalUnit) 26 | - [ADReplicationSite](Resources/ADReplicationSite) 27 | - [ADReplicationSiteLink](Resources/ADReplicationSiteLink) 28 | - [ADReplicationSubnet](Resources/ADReplicationSubnet) 29 | - [ADServicePrincipalName](Resources/ADServicePrincipalName) 30 | - [ADUser](Resources/ADUser) 31 | - [WaitForADDomain](Resources/WaitForADDomain) 32 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADComputer/1-ADComputer_AddComputerAccount_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID ba7fb687-dad4-40b2-9776-c6b49386c297 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create two Active Directory computer accounts 20 | enabled. The property Enabled will not be enforced in either case. 21 | #> 22 | Configuration ADComputer_AddComputerAccount_Config 23 | { 24 | param 25 | ( 26 | [Parameter(Mandatory = $true)] 27 | [ValidateNotNullOrEmpty()] 28 | [System.Management.Automation.PSCredential] 29 | $Credential 30 | ) 31 | 32 | Import-DscResource -ModuleName ActiveDirectoryDsc 33 | 34 | node localhost 35 | { 36 | ADComputer 'CreateEnabled_SQL01' 37 | { 38 | ComputerName = 'SQL01' 39 | 40 | PsDscRunAsCredential = $Credential 41 | } 42 | 43 | ADComputer 'CreateEnabled_SQL02' 44 | { 45 | ComputerName = 'SQL02' 46 | EnabledOnCreation = $true 47 | 48 | PsDscRunAsCredential = $Credential 49 | } 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADComputer/2-ADComputer_AddComputerAccountDisabled_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 6c3b8deb-2fdb-4d81-b74d-81dbfe86fcd7 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create an Active Directory computer account 20 | disabled. The property Enabled will not be enforced. 21 | #> 22 | Configuration ADComputer_AddComputerAccountDisabled_Config 23 | { 24 | param 25 | ( 26 | [Parameter(Mandatory = $true)] 27 | [ValidateNotNullOrEmpty()] 28 | [System.Management.Automation.PSCredential] 29 | $Credential 30 | ) 31 | 32 | Import-DscResource -ModuleName ActiveDirectoryDsc 33 | 34 | node localhost 35 | { 36 | ADComputer 'CreateDisabled' 37 | { 38 | ComputerName = 'CLU_CNO01' 39 | EnabledOnCreation = $false 40 | 41 | PsDscRunAsCredential = $Credential 42 | } 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADComputer/3-ADComputer_AddComputerAccountSpecificPath_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 1a18e0a9-2a4b-4406-939e-ac2bb7b6e917 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create an Active Directory computer account 20 | on the specified domain controller and in the specific organizational 21 | unit. 22 | #> 23 | Configuration ADComputer_AddComputerAccountSpecificPath_Config 24 | { 25 | param 26 | ( 27 | [Parameter(Mandatory = $true)] 28 | [ValidateNotNullOrEmpty()] 29 | [System.Management.Automation.PSCredential] 30 | $Credential 31 | ) 32 | 33 | Import-DscResource -ModuleName ActiveDirectoryDsc 34 | 35 | node localhost 36 | { 37 | ADComputer 'CreateComputerAccount' 38 | { 39 | DomainController = 'DC01' 40 | ComputerName = 'SQL01' 41 | Path = 'OU=Servers,DC=contoso,DC=com' 42 | Credential = $Credential 43 | } 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADComputer/4-ADComputer_AddComputerAccountAndCreateODJRequest_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID c5ba4d3d-72ec-4dfc-b1f9-ff1f4c45f845 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | #Requires -Module ActiveDirectoryDsc 15 | 16 | <# 17 | .DESCRIPTION 18 | This configuration will create an Active Directory computer account 19 | on the specified domain controller and in the specific organizational 20 | unit. After the account is create an Offline Domain Join Request file 21 | is created to the specified path. 22 | #> 23 | Configuration ADComputer_AddComputerAccountAndCreateODJRequest_Config 24 | { 25 | param 26 | ( 27 | [Parameter(Mandatory = $true)] 28 | [ValidateNotNullOrEmpty()] 29 | [System.Management.Automation.PSCredential] 30 | $Credential 31 | ) 32 | 33 | Import-DscResource -ModuleName ActiveDirectoryDsc 34 | 35 | node localhost 36 | { 37 | ADComputer 'CreateComputerAccount' 38 | { 39 | DomainController = 'DC01' 40 | ComputerName = 'NANO-200' 41 | Path = 'OU=Servers,DC=contoso,DC=com' 42 | RequestFile = 'D:\ODJFiles\NANO-200.txt' 43 | Credential = $Credential 44 | } 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADComputer/5-ADComputer_CreateClusterComputerAccount_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 331c7f40-112d-468c-9bd0-8f1b073bee44 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | #Requires -Module xFailoverCluster 17 | 18 | <# 19 | .DESCRIPTION 20 | This configuration will create a computer account disabled, configure 21 | a cluster using the disabled computer account, and enforcing the 22 | computer account to be enabled. 23 | #> 24 | Configuration ADComputer_CreateClusterComputerAccount_Config 25 | { 26 | param 27 | ( 28 | [Parameter(Mandatory = $true)] 29 | [ValidateNotNullOrEmpty()] 30 | [System.Management.Automation.PSCredential] 31 | $Credential 32 | ) 33 | 34 | Import-DscResource -ModuleName ActiveDirectoryDsc 35 | Import-DscResource -ModuleName xFailoverCluster -ModuleVersion '1.14.1' 36 | 37 | node localhost 38 | { 39 | ADComputer 'ClusterAccount' 40 | { 41 | ComputerName = 'CLU_CNO01' 42 | EnabledOnCreation = $false 43 | } 44 | 45 | xCluster 'CreateCluster' 46 | { 47 | Name = 'CLU_CNO01' 48 | StaticIPAddress = '192.168.100.20/24' 49 | DomainAdministratorCredential = $Credential 50 | 51 | DependsOn = '[ADComputer]ClusterAccount' 52 | } 53 | 54 | ADObjectEnabledState 'EnforceEnabledPropertyToEnabled' 55 | { 56 | Identity = 'CLU_CNO01' 57 | ObjectClass = 'Computer' 58 | Enabled = $true 59 | 60 | DependsOn = '[xCluster]CreateCluster' 61 | } 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADDomain/1-ADDomain_NewForest_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 86c0280c-6b48-4689-815d-5bc0692845a4 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create a new domain with a new forest and a forest 20 | functional level of Server 2016. 21 | #> 22 | Configuration ADDomain_NewForest_Config 23 | { 24 | param 25 | ( 26 | [Parameter(Mandatory = $true)] 27 | [ValidateNotNullOrEmpty()] 28 | [System.Management.Automation.PSCredential] 29 | $Credential, 30 | 31 | [Parameter(Mandatory = $true)] 32 | [ValidateNotNullOrEmpty()] 33 | [System.Management.Automation.PSCredential] 34 | $SafeModePassword 35 | ) 36 | 37 | Import-DscResource -ModuleName PSDesiredStateConfiguration 38 | Import-DscResource -ModuleName ActiveDirectoryDsc 39 | 40 | node 'localhost' 41 | { 42 | WindowsFeature 'ADDS' 43 | { 44 | Name = 'AD-Domain-Services' 45 | Ensure = 'Present' 46 | } 47 | 48 | WindowsFeature 'RSAT' 49 | { 50 | Name = 'RSAT-AD-PowerShell' 51 | Ensure = 'Present' 52 | } 53 | 54 | ADDomain 'contoso.com' 55 | { 56 | DomainName = 'contoso.com' 57 | Credential = $Credential 58 | SafemodeAdministratorPassword = $SafeModePassword 59 | ForestMode = 'WinThreshold' 60 | } 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADDomain/2-ADDomain_NewChildDomain_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 40a01066-4c01-4115-b7a8-c21b51ac4ed3 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | 14 | #> 15 | 16 | #Requires -Module ActiveDirectoryDsc 17 | 18 | <# 19 | .DESCRIPTION 20 | This configuration will create a new child domain in an existing forest with 21 | a Domain Functional Level of Windows Server 2016 (WinThreshold). 22 | The credential parameter must contain the domain qualified credentials of a 23 | user in the forest who has permissions to create a new child domain. 24 | #> 25 | Configuration ADDomain_NewChildDomain_Config 26 | { 27 | param 28 | ( 29 | [Parameter(Mandatory = $true)] 30 | [ValidateNotNullOrEmpty()] 31 | [System.Management.Automation.PSCredential] 32 | $Credential, 33 | 34 | [Parameter(Mandatory = $true)] 35 | [ValidateNotNullOrEmpty()] 36 | [System.Management.Automation.PSCredential] 37 | $SafeModePassword 38 | ) 39 | 40 | Import-DscResource -ModuleName PSDesiredStateConfiguration 41 | Import-DscResource -ModuleName ActiveDirectoryDsc 42 | 43 | node 'localhost' 44 | { 45 | WindowsFeature 'ADDS' 46 | { 47 | Name = 'AD-Domain-Services' 48 | Ensure = 'Present' 49 | } 50 | 51 | WindowsFeature 'RSAT' 52 | { 53 | Name = 'RSAT-AD-PowerShell' 54 | Ensure = 'Present' 55 | } 56 | 57 | ADDomain 'child' 58 | { 59 | DomainName = 'child' 60 | Credential = $Credential 61 | SafemodeAdministratorPassword = $SafeModePassword 62 | DomainType = 'ChildDomain' 63 | DomainMode = 'WinThreshold' 64 | ParentDomainName = 'contoso.com' 65 | } 66 | } 67 | } 68 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADDomainControllerProperties/1-ADDomainControllerProperties_SetContentFreshness_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 924568d9-9764-4277-ab85-5a03b818bf6d 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will set the content freshness to 100 days. 20 | #> 21 | Configuration ADDomainControllerProperties_SetContentFreshness_Config 22 | { 23 | Import-DscResource -ModuleName ActiveDirectoryDsc 24 | 25 | node localhost 26 | { 27 | ADDomainControllerProperties 'ContentFreshness' 28 | { 29 | IsSingleInstance = 'Yes' 30 | ContentFreshness = 100 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADDomainDefaultPasswordPolicy/1-ADDomainDefaultPasswordPolicy_ConfigureDefaultPasswordPolicy_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 96b94fc3-2b96-47b7-82e8-d0551ec2e738 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will set an Active Directory domain's default password 20 | policy to set the minimum password length and complexity. 21 | #> 22 | Configuration ADDomainDefaultPasswordPolicy_ConfigureDefaultPasswordPolicy_Config 23 | { 24 | Param 25 | ( 26 | [Parameter(Mandatory = $true)] 27 | [System.String] 28 | $DomainName, 29 | 30 | [Parameter(Mandatory = $true)] 31 | [System.Boolean] 32 | $ComplexityEnabled, 33 | 34 | [Parameter(Mandatory = $true)] 35 | [System.Int32] 36 | $MinPasswordLength 37 | ) 38 | 39 | Import-DscResource -Module ActiveDirectoryDsc 40 | 41 | Node localhost 42 | { 43 | ADDomainDefaultPasswordPolicy 'DefaultPasswordPolicy' 44 | { 45 | DomainName = $DomainName 46 | ComplexityEnabled = $ComplexityEnabled 47 | MinPasswordLength = $MinPasswordLength 48 | } 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADDomainFunctionalLevel/1-ADDomainFunctionalLevel_SetLevel_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 1629d7ce-e8a8-4cba-ae0f-efe795470dd8 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will change the domain functional level to 20 | a Windows Server 2012 R2 Domain. 21 | #> 22 | Configuration ADDomainFunctionalLevel_SetLevel_Config 23 | { 24 | Import-DscResource -ModuleName ActiveDirectoryDsc 25 | 26 | node localhost 27 | { 28 | ADDomainFunctionalLevel 'ChangeDomainFunctionalLevel' 29 | { 30 | DomainIdentity = 'contoso.com' 31 | DomainMode = 'Windows2012R2Domain' 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADDomainTrust/1-ADDomainTrust_ExternalInboundTrust_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 2caf2b93-d87e-426d-8c44-9f1d0452be10 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create a new one way inbound trust between two 20 | domains. 21 | #> 22 | Configuration ADDomainTrust_ExternalInboundTrust_Config 23 | { 24 | param 25 | ( 26 | [Parameter(Mandatory = $true)] 27 | [System.String] 28 | $SourceDomain, 29 | 30 | [Parameter(Mandatory = $true)] 31 | [System.String] 32 | $TargetDomain, 33 | 34 | [Parameter(Mandatory = $true)] 35 | [System.Management.Automation.PSCredential] 36 | $TargetDomainAdminCred 37 | ) 38 | 39 | Import-DscResource -module ActiveDirectoryDsc 40 | 41 | node localhost 42 | { 43 | ADDomainTrust 'Trust' 44 | { 45 | Ensure = 'Present' 46 | SourceDomainName = $SourceDomain 47 | TargetDomainName = $TargetDomain 48 | TargetCredential = $TargetDomainAdminCred 49 | TrustDirection = 'Inbound' 50 | TrustType = 'External' 51 | } 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADDomainTrust/2-ADDomainTrust_ExternalInboundTrustWithOptInToRecreate_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID ab9a3c8a-b63a-4a54-94d7-807da3e799e4 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create a new one way inbound trust between two 20 | domains, and allows the trust to recreated if it should have the wrong 21 | trust type. 22 | #> 23 | Configuration ADDomainTrust_ExternalInboundTrustWithOptInToRecreate_Config 24 | { 25 | param 26 | ( 27 | [Parameter(Mandatory = $true)] 28 | [System.String] 29 | $SourceDomain, 30 | 31 | [Parameter(Mandatory = $true)] 32 | [System.String] 33 | $TargetDomain, 34 | 35 | [Parameter(Mandatory = $true)] 36 | [System.Management.Automation.PSCredential] 37 | $TargetDomainAdminCred 38 | ) 39 | 40 | Import-DscResource -module ActiveDirectoryDsc 41 | 42 | node localhost 43 | { 44 | ADDomainTrust 'Trust' 45 | { 46 | Ensure = 'Present' 47 | SourceDomainName = $SourceDomain 48 | TargetDomainName = $TargetDomain 49 | TargetCredential = $TargetDomainAdminCred 50 | TrustDirection = 'Inbound' 51 | TrustType = 'External' 52 | AllowTrustRecreation = $true 53 | } 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADFineGrainedPasswordPolicy/1-ADFineGrainedPasswordPolicy_ConfigurePolicyWithDefaults_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.0 3 | .GUID 78858ff6-a4dc-4cfb-8af5-07113f6b900a 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | #> 13 | 14 | #Requires -Module ActiveDirectoryDsc 15 | 16 | <# 17 | .DESCRIPTION 18 | This configuration will create an Active Directory domain fine-grained password 19 | policy with default settings. 20 | #> 21 | 22 | Configuration ADFineGrainedPasswordPolicy_ConfigurePolicyWithDefaults_Config 23 | { 24 | Import-DscResource -Module ActiveDirectoryDsc 25 | 26 | Node localhost 27 | { 28 | ADFineGrainedPasswordPolicy 'FineGrainedPasswordPolicy' 29 | { 30 | Name = 'DomainUsers' 31 | Precedence = 10 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADFineGrainedPasswordPolicy/2-ADFineGrainedPasswordPolicy_ConfigurePolicyWithSpecifics_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.0 3 | .GUID d8518e26-7fc3-4902-a1d3-e5ebf93489d8 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | #> 13 | 14 | #Requires -Module ActiveDirectoryDsc 15 | 16 | <# 17 | .DESCRIPTION 18 | This configuration will create an Active Directory domain fine-grained password 19 | policy with specific settings. 20 | #> 21 | 22 | Configuration ADFineGrainedPasswordPolicy_ConfigurePolicyWithSpecifics_Config 23 | { 24 | Import-DscResource -Module ActiveDirectoryDsc 25 | 26 | Node localhost 27 | { 28 | ADFineGrainedPasswordPolicy 'FineGrainedPasswordPolicy' 29 | { 30 | Name = 'DomainAdmins' 31 | DisplayName = 'Domain Admins Password Policy' 32 | Description = 'This is the Fine Grained Password Policy for Domain Admins' 33 | Subjects = 'Domain Admins' 34 | ComplexityEnabled = $true 35 | LockoutDuration = '00:30:00' 36 | LockoutObservationWindow = '00:30:00' 37 | LockoutThreshold = 5 38 | MaxPasswordAge = '42.00:00:00' 39 | MinPasswordAge = '1.00:00:00' 40 | MinPasswordLength = 15 41 | PasswordHistoryCount = 24 42 | ReversibleEncryptionEnabled = $false 43 | ProtectedFromAccidentalDeletion = $true 44 | Precedence = 10 45 | } 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADFineGrainedPasswordPolicy/3-ADFineGrainedPasswordPolicy_RemovePolicy_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.0 3 | .GUID d1d88021-930b-4928-8f1f-7a002e374847 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | #> 13 | 14 | #Requires -Module ActiveDirectoryDsc 15 | 16 | <# 17 | .DESCRIPTION 18 | This configuration will remove an Active Directory domain fine-grained password policy. 19 | #> 20 | 21 | Configuration ADFineGrainedPasswordPolicy_RemovePolicy_Config 22 | { 23 | Import-DscResource -Module ActiveDirectoryDsc 24 | 25 | Node localhost 26 | { 27 | ADFineGrainedPasswordPolicy 'FineGrainedPasswordPolicy' 28 | { 29 | Name = 'DomainUsers' 30 | Precedence = 10 31 | Ensure = 'Absent' 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADForestFunctionalLevel/1-ADForestFunctionalLevel_SetLevel_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 09a75817-166a-4c9e-8d94-46b64526e01b 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will change the forest functional level to 20 | a Windows Server 2012 R2 Forest. 21 | #> 22 | Configuration ADForestFunctionalLevel_SetLevel_Config 23 | { 24 | Import-DscResource -ModuleName ActiveDirectoryDsc 25 | 26 | node localhost 27 | { 28 | ADForestFunctionalLevel 'ChangeForestFunctionalLevel' 29 | { 30 | ForestIdentity = 'contoso.com' 31 | ForestMode = 'Windows2012R2Forest' 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADForestProperties/1-ADForestProperties_ReplaceForestProperties_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 4ac2de06-ee10-4f15-9ed8-a87d21b48766 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will manage the Service and User Principal name suffixes 20 | in the forest by replacing any existing suffixes with the ones specified 21 | in the configuration. 22 | #> 23 | Configuration ADForestProperties_ReplaceForestProperties_Config 24 | { 25 | Import-DscResource -ModuleName ActiveDirectoryDsc 26 | 27 | node 'localhost' 28 | { 29 | ADForestProperties 'contoso.com' 30 | { 31 | ForestName = 'contoso.com' 32 | UserPrincipalNameSuffix = 'fabrikam.com', 'industry.com' 33 | ServicePrincipalNameSuffix = 'corporate.com' 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADForestProperties/2-ADForestProperties_AddRemoveForestProperties_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID bd5991db-7382-41cf-aefa-ba2b57af227a 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will manage the Service and User Principal name suffixes in 20 | the forest by adding and removing the desired suffixes. This will not overwrite 21 | existing suffixes in the forest. 22 | #> 23 | Configuration ADForestProperties_AddRemoveForestProperties_Config 24 | { 25 | Import-DscResource -ModuleName ActiveDirectoryDsc 26 | 27 | node localhost 28 | { 29 | ADForestProperties 'ContosoProperties' 30 | { 31 | ForestName = 'contoso.com' 32 | ServicePrincipalNameSuffixToAdd = 'test.net' 33 | ServicePrincipalNameSuffixToRemove = 'test.com' 34 | UserPrincipalNameSuffixToAdd = 'cloudapp.net', 'fabrikam.com' 35 | UserPrincipalNameSuffixToRemove = 'pester.net' 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADForestProperties/3-ADForestProperties_TombstoneLifetime_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID d343e3b3-0a2b-47c4-9445-b2c9b915f588 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will manage the Tombstone Lifetime setting of the 20 | Active Directory forest. 21 | #> 22 | Configuration ADForestProperties_TombstoneLifetime_Config 23 | { 24 | Import-DscResource -ModuleName ActiveDirectoryDsc 25 | 26 | node localhost 27 | { 28 | ADForestProperties 'ContosoProperties' 29 | { 30 | ForestName = 'contoso.com' 31 | TombstoneLifetime = 200 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADGroup/1-ADGroup_NewGroup_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID f24bbdb8-4f0d-47a4-9281-d40092322cd5 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create a new domain-local group 20 | #> 21 | Configuration ADGroup_NewGroup_Config 22 | { 23 | param 24 | ( 25 | [parameter(Mandatory = $true)] 26 | [System.String] 27 | $GroupName, 28 | 29 | [ValidateSet('DomainLocal', 'Global', 'Universal')] 30 | [System.String] 31 | $Scope = 'Global', 32 | 33 | [ValidateSet('Security', 'Distribution')] 34 | [System.String] 35 | $Category = 'Security', 36 | 37 | [ValidateNotNullOrEmpty()] 38 | [System.String] 39 | $Description 40 | ) 41 | 42 | Import-DscResource -Module ActiveDirectoryDsc 43 | 44 | Node localhost 45 | { 46 | ADGroup 'ExampleGroup' 47 | { 48 | GroupName = $GroupName 49 | GroupScope = $Scope 50 | Category = $Category 51 | Description = $Description 52 | Ensure = 'Present' 53 | } 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADGroup/2-ADGroup_NewGroupWithMembers_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 0d6564cf-5492-4922-b4ef-4c20da0b7b3f 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create a new domain-local group with three members. 20 | #> 21 | Configuration ADGroup_NewGroupWithMembers_Config 22 | { 23 | Import-DscResource -ModuleName ActiveDirectoryDsc 24 | 25 | node localhost 26 | { 27 | ADGroup 'dl1' 28 | { 29 | GroupName = 'DL_APP_1' 30 | GroupScope = 'DomainLocal' 31 | Members = 'john', 'jim', 'sally' 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADGroup/3-ADGroup_NewGroupMultidomainMembers_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 24e89cf1-5696-499e-9e3c-e44df3a9948f 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create a new domain-local group in contoso with 20 | three members in different domains. 21 | #> 22 | Configuration ADGroup_NewGroupMultiDomainMembers_Config 23 | { 24 | Import-DscResource -ModuleName ActiveDirectoryDsc 25 | 26 | node localhost 27 | { 28 | ADGroup 'dl1' 29 | { 30 | GroupName = 'DL_APP_1' 31 | GroupScope = 'DomainLocal' 32 | MembershipAttribute = 'DistinguishedName' 33 | Members = @( 34 | 'CN=john,OU=Accounts,DC=contoso,DC=com' 35 | 'CN=jim,OU=Accounts,DC=subdomain,DC=contoso,DC=com' 36 | 'CN=sally,OU=Accounts,DC=anothersub,DC=contoso,DC=com' 37 | ) 38 | } 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADGroup/4-ADGroup_NewGroupOneWayTrust_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.0 3 | .GUID f2ecc331-e242-4204-a6b1-54fd68c852b7 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Initial release 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create a new domain-local group in contoso with 20 | two members; one from the contoso domain and one from the fabrikam domain. 21 | This qualified SamAccountName format is required if any of the users are in a 22 | one-way trusted forest/external domain. 23 | #> 24 | Configuration ADGroup_NewGroupOneWayTrust_Config 25 | { 26 | Import-DscResource -ModuleName ActiveDirectoryDsc 27 | 28 | node localhost 29 | { 30 | ADGroup 'ExampleExternalTrustGroup' 31 | { 32 | GroupName = 'ExampleExternalTrustGroup' 33 | GroupScope = 'DomainLocal' 34 | MembershipAttribute = 'SamAccountName' 35 | Members = @( 36 | 'contoso\john' 37 | 'fabrikam\toby' 38 | ) 39 | } 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADKDSKey/1-ADKDSKey_CreateKDSRootKey_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 6c3b1da3-f139-42e5-89e9-b9c9986122c8 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create a KDS root key. If the date is set to a time 20 | slightly ahead in the future, the key won't be usable for at least 10 hours 21 | from the creation time. 22 | #> 23 | Configuration ADKDSKey_CreateKDSRootKey_Config 24 | { 25 | Import-DscResource -Module ActiveDirectoryDsc 26 | 27 | Node localhost 28 | { 29 | ADKDSKey 'ExampleKDSRootKey' 30 | { 31 | Ensure = 'Present' 32 | EffectiveTime = '1/1/2030 13:00' 33 | # Date must be set to at time in the future 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADKDSKey/2-ADKDSKey_CreateKDSRootKeyInPast_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID c3e0fb1e-d583-45ed-b95d-e7df1afa88b7 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | 14 | #> 15 | 16 | #Requires -Module ActiveDirectoryDsc 17 | 18 | <# 19 | .DESCRIPTION 20 | This configuration will create a KDS root key in the past. This will allow 21 | the key to be used right away, but if all the domain controllers haven't 22 | replicated yet, there may be issues when retrieving the gMSA password. 23 | Use with caution 24 | #> 25 | Configuration ADKDSKey_CreateKDSRootKeyInPast_Config 26 | { 27 | Import-DscResource -Module ActiveDirectoryDsc 28 | 29 | Node localhost 30 | { 31 | ADKDSKey 'ExampleKDSRootKeyInPast' 32 | { 33 | Ensure = 'Present' 34 | EffectiveTime = '1/1/1999 13:00' 35 | AllowUnsafeEffectiveTime = $true # Use with caution 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADKDSKey/3-ADKDSKey_CreateKDSRootKeyRemoveLastKey_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 2847174e-ab1c-44a0-8b4f-2ad70219b52b 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will remove the last KDS root key. Use with caution. 20 | If gMSAs are installed on the network, they will not be able to reset 21 | their passwords and it may cause services to fail. 22 | #> 23 | Configuration ADKDSKey_CreateKDSRootKeyRemoveLastKey_Config 24 | { 25 | Import-DscResource -Module ActiveDirectoryDsc 26 | 27 | Node localhost 28 | { 29 | ADKDSKey 'ExampleKDSRootKeyForceRemove' 30 | { 31 | Ensure = 'Absent' 32 | EffectiveTime = '1/1/2030 13:00' 33 | ForceRemove = $true # This will allow you to remove the key if it's the last one 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADManagedServiceAccount/1-ADManagedServiceAccount_CreateManagedServiceAccount_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 4ab7581b-8729-4262-ae01-b04d1af51ab2 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create a standalone managed service account in the default 'Managed Service Accounts' 20 | container. 21 | #> 22 | Configuration ADManagedServiceAccount_CreateManagedServiceAccount_Config 23 | { 24 | Import-DscResource -Module ActiveDirectoryDsc 25 | 26 | Node localhost 27 | { 28 | ADManagedServiceAccount 'ExampleStandaloneMSA' 29 | { 30 | Ensure = 'Present' 31 | ServiceAccountName = 'Service01' 32 | AccountType = 'Standalone' 33 | } 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADManagedServiceAccount/2-ADManagedServiceAccount_CreateGroupManagedServiceAccount_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 9736d8e5-f4e6-4ae9-9e3f-41267f4026a5 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create a group managed service account in the default 'Managed Service Accounts' 20 | container. 21 | #> 22 | Configuration ADManagedServiceAccount_CreateGroupManagedServiceAccount_Config 23 | { 24 | Import-DscResource -Module ActiveDirectoryDsc 25 | 26 | Node localhost 27 | { 28 | ADManagedServiceAccount 'ExampleGroupMSA' 29 | { 30 | Ensure = 'Present' 31 | ServiceAccountName = 'Service01' 32 | AccountType = 'Group' 33 | } 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADManagedServiceAccount/3-ADManagedServiceAccount_CreateGroupManagedServiceAccountWithMembers_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID b743c31a-6db6-4aad-93fb-7f209042d8c1 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create a group managed service account with members in the default 'Managed Service 20 | Accounts' container. 21 | #> 22 | Configuration ADManagedServiceAccount_CreateGroupManagedServiceAccountWithMembers_Config 23 | { 24 | Import-DscResource -Module ActiveDirectoryDsc 25 | 26 | Node localhost 27 | { 28 | ADManagedServiceAccount 'AddingMembersUsingSamAccountName' 29 | { 30 | Ensure = 'Present' 31 | ServiceAccountName = 'Service01' 32 | AccountType = 'Group' 33 | ManagedPasswordPrincipals = 'User01', 'Computer01$' 34 | } 35 | 36 | ADManagedServiceAccount 'AddingMembersUsingDN' 37 | { 38 | Ensure = 'Present' 39 | ServiceAccountName = 'Service02' 40 | AccountType = 'Group' 41 | ManagedPasswordPrincipals = 'CN=User01,OU=Users,DC=contoso,DC=com', 'CN=Computer01,OU=Computers,DC=contoso,DC=com' 42 | } 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADManagedServiceAccount/4-ADManagedServiceAccount_CreateGroupManagedServiceAccountCustomPath_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID f758390b-0576-416a-9110-a0b26263415e 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create a group managed service account in the specified path. 20 | #> 21 | Configuration ADManagedServiceAccount_CreateGroupManagedServiceAccountCustomPath_Config 22 | { 23 | Import-DscResource -Module ActiveDirectoryDsc 24 | 25 | Node localhost 26 | { 27 | Node localhost 28 | { 29 | ADManagedServiceAccount 'ExampleGroupMSA' 30 | { 31 | Ensure = 'Present' 32 | ServiceAccountName = 'Service01' 33 | AccountType = 'Group' 34 | Path = 'OU=ServiceAccounts,DC=contoso,DC=com' 35 | } 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADObjectEnabledState/1-ADObjectEnabledState_EnabledComputerAccount_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID d2dfbf17-b113-42f7-9abe-f6c6dc5ea086 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create a computer account disabled, and 20 | enforcing the account to be enabled. 21 | #> 22 | Configuration ADObjectEnabledState_EnabledComputerAccount_Config 23 | { 24 | Import-DscResource -ModuleName ActiveDirectoryDsc 25 | 26 | node localhost 27 | { 28 | ADComputer 'CreateDisabled' 29 | { 30 | ComputerName = 'CLU_CNO01' 31 | EnabledOnCreation = $false 32 | } 33 | 34 | ADObjectEnabledState 'EnforceEnabledPropertyToEnabled' 35 | { 36 | Identity = 'CLU_CNO01' 37 | ObjectClass = 'Computer' 38 | Enabled = $true 39 | 40 | DependsOn = '[ADComputer]CreateDisabled' 41 | } 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADObjectEnabledState/2-ADObjectEnabledState_CreateClusterComputerAccount_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID b4d414dc-e230-4055-bdc3-fae268493881 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | #Requires -Module xFailoverCluster 17 | 18 | <# 19 | .DESCRIPTION 20 | This configuration will create a computer account disabled, configure 21 | a cluster using the disabled computer account, and enforcing the 22 | computer account to be enabled. 23 | #> 24 | Configuration ADObjectEnabledState_CreateClusterComputerAccount_Config 25 | { 26 | param 27 | ( 28 | [Parameter(Mandatory = $true)] 29 | [ValidateNotNullOrEmpty()] 30 | [System.Management.Automation.PSCredential] 31 | $Credential 32 | ) 33 | 34 | Import-DscResource -ModuleName ActiveDirectoryDsc 35 | Import-DscResource -ModuleName xFailoverCluster -ModuleVersion '1.14.1' 36 | 37 | node localhost 38 | { 39 | ADComputer 'ClusterAccount' 40 | { 41 | ComputerName = 'CLU_CNO01' 42 | EnabledOnCreation = $false 43 | } 44 | 45 | xCluster 'CreateCluster' 46 | { 47 | Name = 'CLU_CNO01' 48 | StaticIPAddress = '192.168.100.20/24' 49 | DomainAdministratorCredential = $Credential 50 | 51 | DependsOn = '[ADComputer]ClusterAccount' 52 | } 53 | 54 | ADObjectEnabledState 'EnforceEnabledPropertyToEnabled' 55 | { 56 | Identity = 'CLU_CNO01' 57 | ObjectClass = 'Computer' 58 | Enabled = $true 59 | 60 | DependsOn = '[xCluster]CreateCluster' 61 | } 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADObjectEnabledState/3-ADObjectEnabledState_EnabledPrestagedClusterComputerAccount_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 1da557bb-07a1-4461-8f64-df0d62b30305 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | #Requires -Module xFailoverCluster 17 | 18 | <# 19 | .DESCRIPTION 20 | This configuration will configure a cluster using a pre-staged computer 21 | account, and enforcing the pre-staged computer account to be enabled. 22 | #> 23 | Configuration ADObjectEnabledState_EnabledPrestagedClusterComputerAccount_Config 24 | { 25 | param 26 | ( 27 | [Parameter(Mandatory = $true)] 28 | [ValidateNotNullOrEmpty()] 29 | [System.Management.Automation.PSCredential] 30 | $Credential 31 | ) 32 | 33 | Import-DscResource -ModuleName ActiveDirectoryDsc 34 | Import-DscResource -ModuleName xFailoverCluster -ModuleVersion '1.14.1' 35 | 36 | node localhost 37 | { 38 | xCluster 'CreateCluster' 39 | { 40 | Name = 'CLU_CNO01' 41 | StaticIPAddress = '192.168.100.20/24' 42 | DomainAdministratorCredential = $Credential 43 | } 44 | 45 | ADObjectEnabledState 'EnforceEnabledPropertyToEnabled' 46 | { 47 | Identity = 'CLU_CNO01' 48 | ObjectClass = 'Computer' 49 | Enabled = $true 50 | 51 | DependsOn = @( 52 | '[xCluster]CreateCluster' 53 | ) 54 | } 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADObjectPermissionEntry/1-ADObjectPermissionEntry_DelegateFullControl_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID c096de91-61ee-41e9-917a-069c62b34d50 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will add full control (GenericAll) permissions to 20 | the virtual computer object (VCO) ROLE01 for a cluster name object (CNO) 21 | CONTOSO\CLUSTER01$. This is used so that the Windows Failover Cluster 22 | can control the roles AD objects. 23 | #> 24 | Configuration ADObjectPermissionEntry_DelegateFullControl_Config 25 | { 26 | Import-DscResource -Module ActiveDirectoryDsc 27 | 28 | Node localhost 29 | { 30 | ADObjectPermissionEntry 'ADObjectPermissionEntry' 31 | { 32 | Ensure = 'Present' 33 | Path = 'CN=ROLE01,CN=Computers,DC=contoso,DC=com' 34 | IdentityReference = 'CONTOSO\CLUSTER01$' 35 | ActiveDirectoryRights = 'GenericAll' 36 | AccessControlType = 'Allow' 37 | ObjectType = '00000000-0000-0000-0000-000000000000' 38 | ActiveDirectorySecurityInheritance = 'None' 39 | InheritedObjectType = '00000000-0000-0000-0000-000000000000' 40 | } 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADObjectPermissionEntry/2-ADObjectPermissionEntry_CreateDeleteComputerObject_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID cb962ab5-6694-43a7-a207-425c23682995 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will add a group permission to create and delete 20 | (CreateChild,DeleteChild) computer objects in an OU and any sub-OUs that 21 | may get created. 22 | #> 23 | Configuration ADObjectPermissionEntry_CreateDeleteComputerObject_Config 24 | { 25 | Import-DscResource -Module ActiveDirectoryDsc 26 | 27 | Node localhost 28 | { 29 | ADObjectPermissionEntry 'ADObjectPermissionEntry' 30 | { 31 | Ensure = 'Present' 32 | Path = 'OU=ContosoComputers,DC=contoso,DC=com' 33 | IdentityReference = 'CONTOSO\ComputerAdminGroup' 34 | ActiveDirectoryRights = 'CreateChild', 'DeleteChild' 35 | AccessControlType = 'Allow' 36 | ObjectType = 'bf967a86-0de6-11d0-a285-00aa003049e2' # Computer objects 37 | ActiveDirectorySecurityInheritance = 'All' 38 | InheritedObjectType = '00000000-0000-0000-0000-000000000000' 39 | } 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADObjectPermissionEntry/3-ADObjectPermissionEntry_ReadWriteComputerObjectProperties_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 2b2ad944-0a4f-457e-b8ad-98e86767d77c 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will add a group permission to allow read and write 20 | (ReadProperty, WriteProperty) of all properties of computer objects in 21 | an OU and any sub-OUs that may get created. 22 | #> 23 | Configuration ADObjectPermissionEntry_ReadWriteComputerObjectProperties_Config 24 | { 25 | Import-DscResource -Module ActiveDirectoryDsc 26 | 27 | Node localhost 28 | { 29 | ADObjectPermissionEntry 'ADObjectPermissionEntry' 30 | { 31 | Ensure = 'Present' 32 | Path = 'OU=ContosoComputers,DC=contoso,DC=com' 33 | IdentityReference = 'CONTOSO\ComputerAdminGroup' 34 | ActiveDirectoryRights = 'ReadProperty', 'WriteProperty' 35 | AccessControlType = 'Allow' 36 | ObjectType = '00000000-0000-0000-0000-000000000000' 37 | ActiveDirectorySecurityInheritance = 'Descendents' 38 | InheritedObjectType = 'bf967a86-0de6-11d0-a285-00aa003049e2' # Computer objects 39 | } 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADOptionalFeature/1-ADOptionalFeature_EnableADRecycleBin_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 63447da7-3fe9-4d03-b680-2129a2e0318f 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will enable the Active Directory Recycle Bin for a 20 | specified Domain 21 | #> 22 | Configuration ADOptionalFeature_EnableADRecycleBin_Config 23 | { 24 | param 25 | ( 26 | [Parameter(Mandatory = $true)] 27 | [System.String] 28 | $ForestFQDN, 29 | 30 | [Parameter(Mandatory = $true)] 31 | [System.Management.Automation.PSCredential] 32 | $EnterpriseAdministratorCredential 33 | ) 34 | 35 | Import-DscResource -Module ActiveDirectoryDsc 36 | 37 | Node localhost 38 | { 39 | ADOptionalFeature RecycleBin 40 | { 41 | FeatureName = "Recycle Bin Feature" 42 | EnterpriseAdministratorCredential = $EnterpriseAdministratorCredential 43 | ForestFQDN = $ForestFQDN 44 | } 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADOrganizationalUnit/1-ADOrganizationalUnit_CreateADOU_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID e7ed876c-7a6b-46d7-bb89-8288680c1691 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will add an Active Directory organizational unit to the domain. 20 | #> 21 | Configuration ADOrganizationalUnit_CreateADOU_Config 22 | { 23 | param 24 | ( 25 | [Parameter(Mandatory = $true)] 26 | [System.String] 27 | $Name, 28 | 29 | [Parameter(Mandatory = $true)] 30 | [System.String] 31 | $Path, 32 | 33 | [Parameter()] 34 | [System.Boolean] 35 | $ProtectedFromAccidentalDeletion = $true, 36 | 37 | [Parameter()] 38 | [ValidateNotNull()] 39 | [System.String] 40 | $Description = '' 41 | ) 42 | 43 | Import-DscResource -Module ActiveDirectoryDsc 44 | 45 | Node localhost 46 | { 47 | ADOrganizationalUnit 'ExampleOU' 48 | { 49 | Name = $Name 50 | Path = $Path 51 | ProtectedFromAccidentalDeletion = $ProtectedFromAccidentalDeletion 52 | Description = $Description 53 | Ensure = 'Present' 54 | } 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADReplicationSite/1-ADReplicationSite_CreateADReplicationSite_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID db6e6810-76eb-464f-9514-92bc91ec28de 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create an Active Directory replication site 20 | called 'Seattle'. 21 | #> 22 | Configuration ADReplicationSite_CreateADReplicationSite_Config 23 | { 24 | Import-DscResource -Module ActiveDirectoryDsc 25 | 26 | Node localhost 27 | { 28 | ADReplicationSite 'SeattleSite' 29 | { 30 | Ensure = 'Present' 31 | Name = 'Seattle' 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADReplicationSite/2-ADReplicationSite_CreateADReplicationSiteRenameDefault_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID f486afc3-63c8-4809-a84a-34bd227023a3 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create an Active Directory replication site called 20 | 'Seattle'. If the 'Default-First-Site-Name' site exists, it will rename 21 | this site instead of create a new one. 22 | #> 23 | Configuration ADReplicationSite_CreateADReplicationSiteRenameDefault_Config 24 | { 25 | Import-DscResource -Module ActiveDirectoryDsc 26 | 27 | Node localhost 28 | { 29 | ADReplicationSite 'SeattleSite' 30 | { 31 | Ensure = 'Present' 32 | Name = 'Seattle' 33 | RenameDefaultFirstSiteName = $true 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADReplicationSite/3-ADReplicationSite_RemoveADReplicationSite_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 8fced2a6-bb34-400c-a44e-2c484e3bc9e3 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will remove the Active Directory replication site 20 | called 'Cupertino'. 21 | #> 22 | Configuration ADReplicationSite_RemoveADReplicationSite_Config 23 | { 24 | Import-DscResource -Module ActiveDirectoryDsc 25 | 26 | Node localhost 27 | { 28 | ADReplicationSite 'CupertinoSite' 29 | { 30 | Ensure = 'Absent' 31 | Name = 'Cupertino' 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADReplicationSiteLink/1-ADReplicationSiteLink_CreateReplicationSiteLink_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID c3f14177-bf96-4296-aa1c-4a9f08c8e34e 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create an AD Replication Site Link. 20 | #> 21 | Configuration ADReplicationSiteLink_CreateReplicationSiteLink_Config 22 | { 23 | Import-DscResource -Module ActiveDirectoryDsc 24 | 25 | Node localhost 26 | { 27 | ADReplicationSiteLink 'HQSiteLink' 28 | { 29 | Name = 'HQSiteLInk' 30 | SitesIncluded = @('site1', 'site2') 31 | Cost = 100 32 | ReplicationFrequencyInMinutes = 15 33 | Ensure = 'Present' 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADReplicationSiteLink/2-ADReplicationSiteLink_ModifyExistingReplicationSiteLink_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID cd618e81-b903-4ae9-9dd0-ab794931505c 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will modify an existing AD Replication Site Link. 20 | #> 21 | Configuration ADReplicationSiteLink_ModifyExistingReplicationSiteLink_Config 22 | { 23 | Import-DscResource -Module ActiveDirectoryDsc 24 | 25 | Node localhost 26 | { 27 | ADReplicationSiteLink 'HQSiteLink' 28 | { 29 | Name = 'HQSiteLInk' 30 | SitesIncluded = 'site1' 31 | SitesExcluded = 'site2' 32 | Cost = 100 33 | ReplicationFrequencyInMinutes = 20 34 | Ensure = 'Present' 35 | } 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADReplicationSiteLink/3-ADReplicationSiteLink_EnableOptions_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID c44c6907-d900-4cd8-b48a-2d39013a8bb9 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will modify an existing AD Replication Site Link by enabling Replication Options. 20 | #> 21 | Configuration ADReplicationSiteLink_EnableOptions_Config 22 | { 23 | Import-DscResource -Module ActiveDirectoryDsc 24 | 25 | Node localhost 26 | { 27 | ADReplicationSiteLink 'HQSiteLink' 28 | { 29 | Name = 'HQSiteLInk' 30 | SitesIncluded = 'site1' 31 | SitesExcluded = 'site2' 32 | Cost = 100 33 | ReplicationFrequencyInMinutes = 20 34 | OptionChangeNotification = $true 35 | OptionTwoWaySync = $true 36 | OptionDisableCompression = $true 37 | Ensure = 'Present' 38 | } 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADReplicationSubnet/1-ADReplicationSubnet_CreateReplicationSubnet_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 3d2af0ab-3470-4da7-a38b-1c05ef384e05 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create an AD Replication Subnet. 20 | #> 21 | Configuration ADReplicationSubnet_CreateReplicationSubnet_Config 22 | { 23 | Import-DscResource -Module ActiveDirectoryDsc 24 | 25 | Node localhost 26 | { 27 | ADReplicationSubnet 'LondonSubnet' 28 | { 29 | Name = '10.0.0.0/24' 30 | Site = 'London' 31 | Location = 'Datacenter 3' 32 | Description = 'Datacenter Management Subnet' 33 | } 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADServicePrincipalName/1-ADServicePrincipalName_AddUserServicePrincipalName_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 0c29d71c-5787-49e6-97e9-c74583028f63 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will add a Service Principal Name to a user account. 20 | #> 21 | Configuration ADServicePrincipalName_AddUserServicePrincipalName_Config 22 | { 23 | Import-DscResource -Module ActiveDirectoryDsc 24 | 25 | Node localhost 26 | { 27 | ADServicePrincipalName 'SQL01Svc' 28 | { 29 | ServicePrincipalName = 'MSSQLSvc/sql01.contoso.com:1433' 30 | Account = 'SQL01Svc' 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADServicePrincipalName/2-ADServicePrincipalName_AddComputerServicePrincipalName_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 634194bb-189a-4b26-bd80-7c01270026ea 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will add a Service Principal Name to a computer account. 20 | #> 21 | Configuration ADServicePrincipalName_AddComputerServicePrincipalName_Config 22 | { 23 | Import-DscResource -Module ActiveDirectoryDsc 24 | 25 | Node localhost 26 | { 27 | ADServicePrincipalName 'web.contoso.com' 28 | { 29 | ServicePrincipalName = 'HTTP/web.contoso.com' 30 | Account = 'IIS01$' 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADUser/1-ADUser_CreateUserAndManagePassword_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID b293f599-2660-424d-8200-61d399e44257 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create a user with a managed password. 20 | This might be used to manage the lifecycle of a service account. 21 | #> 22 | Configuration ADUser_CreateUserAndManagePassword_Config 23 | { 24 | param 25 | ( 26 | [Parameter(Mandatory = $true)] 27 | [ValidateNotNullOrEmpty()] 28 | [System.Management.Automation.PSCredential] 29 | $Password 30 | ) 31 | 32 | Import-DscResource -Module ActiveDirectoryDsc 33 | 34 | Node localhost 35 | { 36 | ADUser 'Contoso\ExampleUser' 37 | { 38 | Ensure = 'Present' 39 | UserName = 'ExampleUser' 40 | Password = $Password 41 | DomainName = 'contoso.com' 42 | Path = 'CN=Users,DC=contoso,DC=com' 43 | } 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADUser/2-ADUser_CreateUserAndIgnorePasswordChanges_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 3bf5100b-238e-435a-8a98-67d756c5cdeb 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will create a user with a password and then ignore 20 | when the password has changed. This might be used with a traditional 21 | user account where a managed password is not desired. 22 | #> 23 | Configuration ADUser_CreateUserAndIgnorePasswordChanges_Config 24 | { 25 | param 26 | ( 27 | [Parameter(Mandatory = $true)] 28 | [ValidateNotNullOrEmpty()] 29 | [System.Management.Automation.PSCredential] 30 | $Password 31 | ) 32 | 33 | Import-DscResource -Module ActiveDirectoryDsc 34 | 35 | Node localhost 36 | { 37 | ADUser 'Contoso\ExampleUser' 38 | { 39 | Ensure = 'Present' 40 | UserName = 'ExampleUser' 41 | Password = $Password 42 | PasswordNeverResets = $true 43 | DomainName = 'contoso.com' 44 | Path = 'CN=Users,DC=contoso,DC=com' 45 | } 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADUser/3-ADUser_UpdateThumbnailPhotoAsBase64_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 697115a8-3004-4eca-b400-f861c6914279 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will update a user with a thumbnail photo using 20 | a jpeg image encoded as a Base64 string. 21 | #> 22 | Configuration ADUser_UpdateThumbnailPhotoAsBase64_Config 23 | { 24 | Import-DscResource -Module ActiveDirectoryDsc 25 | 26 | Node localhost 27 | { 28 | ADUser 'Contoso\ExampleUser' 29 | { 30 | UserName = 'ExampleUser' 31 | DomainName = 'contoso.com' 32 | ThumbnailPhoto = '/9j/4AAQSkZJRgABAQEAYABgAAD/4QB .... STRING TRUNCATED FOR LENGTH' 33 | } 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADUser/4-ADUser_UpdateThumbnailPhotoFromFile_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 7282b5a1-93e4-4ec7-8aea-8ec63f5bab2b 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will update a user with a thumbnail photo using 20 | a jpeg file. 21 | #> 22 | Configuration ADUser_UpdateThumbnailPhotoFromFile_Config 23 | { 24 | Import-DscResource -Module ActiveDirectoryDsc 25 | 26 | Node localhost 27 | { 28 | ADUser 'Contoso\ExampleUser' 29 | { 30 | UserName = 'ExampleUser' 31 | DomainName = 'contoso.com' 32 | ThumbnailPhoto = 'C:\ThumbnailPhotos\ExampleUser.jpg' 33 | } 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /source/Examples/Resources/ADUser/5-ADUser_RemoveThumbnailPhoto_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 3115fbc7-ed1b-4218-a5a5-855b79259c5a 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will remove the thumbnail photo from the user. 20 | #> 21 | Configuration ADUser_RemoveThumbnailPhoto_Config 22 | { 23 | Import-DscResource -Module ActiveDirectoryDsc 24 | 25 | Node localhost 26 | { 27 | ADUser 'Contoso\ExampleUser' 28 | { 29 | UserName = 'ExampleUser' 30 | DomainName = 'contoso.com' 31 | ThumbnailPhoto = '' 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /source/Examples/Resources/WaitForADDomain/1-WaitForADDomain_WaitForDomainController_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 5f105122-a318-46f4-a7e9-7dc745c57878 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will wait for an Active Directory domain controller 20 | to respond within 300 seconds (default) in the domain 'contoso.com' 21 | before returning and allowing the configuration to continue to run. 22 | If the timeout is reached an error will be thrown. 23 | This will use the current user when determining if the domain is available, 24 | if run though LCM this will use SYSTEM (which might not have access). 25 | #> 26 | Configuration WaitForADDomain_WaitForDomainController_Config 27 | { 28 | Import-DscResource -Module ActiveDirectoryDsc 29 | 30 | Node localhost 31 | { 32 | WaitForADDomain 'contoso.com' 33 | { 34 | DomainName = 'contoso.com' 35 | } 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /source/Examples/Resources/WaitForADDomain/2-WaitForADDomain_WaitForDomainControllerUsingBuiltInCredential_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID ef167bdf-7f25-4d28-8ef3-68918eb2702c 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will wait for an Active Directory domain controller 20 | to respond within 300 seconds (default) in the domain 'contoso.com' 21 | before returning and allowing the configuration to continue to run. 22 | If the timeout is reached an error will be thrown. 23 | This will use the user credential passed in the built-in PsDscRunAsCredential 24 | parameter when determining if the domain is available. 25 | #> 26 | Configuration WaitForADDomain_WaitForDomainControllerUsingBuiltInCredential_Config 27 | { 28 | param 29 | ( 30 | [Parameter(Mandatory = $true)] 31 | [ValidateNotNullOrEmpty()] 32 | [System.Management.Automation.PSCredential] 33 | $Credential 34 | ) 35 | 36 | Import-DscResource -Module ActiveDirectoryDsc 37 | 38 | Node localhost 39 | { 40 | WaitForADDomain 'contoso.com' 41 | { 42 | DomainName = 'contoso.com' 43 | 44 | PsDscRunAsCredential = $Credential 45 | } 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /source/Examples/Resources/WaitForADDomain/3-WaitForADDomain_WaitForDomainControllerUsingCredential_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID d0713e4e-274b-4510-949e-39bce2ef2158 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will wait for an Active Directory domain controller 20 | to respond within 300 seconds (default) in the domain 'contoso.com' 21 | before returning and allowing the configuration to continue to run. 22 | If the timeout is reached an error will be thrown. 23 | This will use the user credential passed in the parameter Credential 24 | when determining if the domain is available. 25 | #> 26 | Configuration WaitForADDomain_WaitForDomainControllerUsingCredential_Config 27 | { 28 | param 29 | ( 30 | [Parameter(Mandatory = $true)] 31 | [ValidateNotNullOrEmpty()] 32 | [System.Management.Automation.PSCredential] 33 | $Credential 34 | ) 35 | 36 | Import-DscResource -Module ActiveDirectoryDsc 37 | 38 | Node localhost 39 | { 40 | WaitForADDomain 'contoso.com' 41 | { 42 | DomainName = 'contoso.com' 43 | Credential = $Credential 44 | } 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /source/Examples/Resources/WaitForADDomain/4-WaitForADDomain_WaitForDomainControllerInSite_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 20e1a154-1197-44e3-9c81-d1b9cc67defd 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will wait for an Active Directory domain controller 20 | in the site 'Europe' to respond within 300 seconds (default) in the 21 | domain 'contoso.com' before returning and allowing the configuration to 22 | continue to run. 23 | If the timeout is reached an error will be thrown. 24 | This will use the user credential passed in the built-in PsDscRunAsCredential 25 | parameter when determining if the domain is available. 26 | #> 27 | Configuration WaitForADDomain_WaitForDomainControllerInSite_Config 28 | { 29 | param 30 | ( 31 | [Parameter(Mandatory = $true)] 32 | [ValidateNotNullOrEmpty()] 33 | [System.Management.Automation.PSCredential] 34 | $Credential 35 | ) 36 | 37 | Import-DscResource -Module ActiveDirectoryDsc 38 | 39 | Node localhost 40 | { 41 | WaitForADDomain 'contoso.com' 42 | { 43 | DomainName = 'contoso.com' 44 | SiteName = 'Europe' 45 | 46 | PsDscRunAsCredential = $Credential 47 | } 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /source/Examples/Resources/WaitForADDomain/5-WaitForADDomain_WaitForDomainControllerWithReboot_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 2ada2ead-8736-4d5e-9587-e14bacc28761 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will wait for an Active Directory domain controller 20 | to respond within 300 seconds (default) in the domain 'contoso.com' 21 | before returning and allowing the configuration to continue to run. 22 | If the timeout is reached the node will be restarted up to two times 23 | and again wait after each restart. If no domain controller is found 24 | after the second restart an error will be thrown. 25 | This will use the user credential passed in the built-in PsDscRunAsCredential 26 | parameter when determining if the domain is available. 27 | #> 28 | Configuration WaitForADDomain_WaitForDomainControllerWithReboot_Config 29 | { 30 | param 31 | ( 32 | [Parameter(Mandatory = $true)] 33 | [ValidateNotNullOrEmpty()] 34 | [System.Management.Automation.PSCredential] 35 | $Credential 36 | ) 37 | 38 | Import-DscResource -Module ActiveDirectoryDsc 39 | 40 | Node localhost 41 | { 42 | WaitForADDomain 'contoso.com' 43 | { 44 | DomainName = 'contoso.com' 45 | RestartCount = 2 46 | 47 | PsDscRunAsCredential = $Credential 48 | } 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /source/Examples/Resources/WaitForADDomain/6-WaitForADDomain_WaitForDomainControllerWithLongerDelay_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 0d9d34c3-c750-45f8-8611-74087e958fe1 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will wait for an Active Directory domain controller 20 | to respond within 600 seconds in the domain 'contoso.com' before 21 | returning and allowing the configuration to continue to run. If the timeout 22 | is reached an error will be thrown. 23 | This will use the user credential passed in the built-in PsDscRunAsCredential 24 | parameter when determining if the domain is available. 25 | #> 26 | Configuration WaitForADDomain_WaitForDomainControllerWithLongerDelay_Config 27 | { 28 | param 29 | ( 30 | [Parameter(Mandatory = $true)] 31 | [ValidateNotNullOrEmpty()] 32 | [System.Management.Automation.PSCredential] 33 | $Credential 34 | ) 35 | 36 | Import-DscResource -Module ActiveDirectoryDsc 37 | 38 | Node localhost 39 | { 40 | WaitForADDomain 'contoso.com' 41 | { 42 | DomainName = 'contoso.com' 43 | WaitTimeout = 600 44 | 45 | PsDscRunAsCredential = $Credential 46 | } 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /source/Examples/Resources/WaitForADDomain/7-WaitForADDomain_WaitForDomainControllerIgnoringAuthenticationErrors_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.1 3 | .GUID 6b60ca02-019b-481a-ac34-a2f24df09ffd 4 | .AUTHOR DSC Community 5 | .COMPANYNAME DSC Community 6 | .COPYRIGHT DSC Community contributors. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE 9 | .PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc 10 | .ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png 11 | .RELEASENOTES 12 | Updated author, copyright notice, and URLs. 13 | #> 14 | 15 | #Requires -Module ActiveDirectoryDsc 16 | 17 | <# 18 | .DESCRIPTION 19 | This configuration will wait for an Active Directory domain controller 20 | to respond within the default period, and ignore any authentication 21 | errors. 22 | #> 23 | Configuration WaitForADDomain_WaitForDomainControllerIgnoringAuthenticationErrors_Config 24 | { 25 | param 26 | ( 27 | [Parameter(Mandatory = $true)] 28 | [ValidateNotNullOrEmpty()] 29 | [System.Management.Automation.PSCredential] 30 | $Credential 31 | ) 32 | 33 | Import-DscResource -Module ActiveDirectoryDsc 34 | 35 | Node localhost 36 | { 37 | WaitForADDomain 'contoso.com' 38 | { 39 | DomainName = 'contoso.com' 40 | WaitForValidCredentials = $true 41 | 42 | PsDscRunAsCredential = $Credential 43 | } 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/Add-TypeAssembly.md: -------------------------------------------------------------------------------- 1 | 2 | # Add-TypeAssembly 3 | 4 | ## SYNOPSIS 5 | Adds the assembly to the PowerShell session. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | Add-TypeAssembly [-AssemblyName] [[-TypeName] ] [] 11 | ``` 12 | 13 | ## DESCRIPTION 14 | The Add-TypeAssembly function is used to Add the assembly to the PowerShell session, optionally after a check 15 | if the type is missing. 16 | 17 | ## EXAMPLES 18 | 19 | ### EXAMPLE 1 20 | ``` 21 | Add-TypeAssembly -AssemblyName 'System.DirectoryServices.AccountManagement' -TypeName 'System.DirectoryServices.AccountManagement.PrincipalContext' 22 | ``` 23 | 24 | ## PARAMETERS 25 | 26 | ### -AssemblyName 27 | Specifies the assembly to load into the PowerShell session. 28 | 29 | ```yaml 30 | Type: System.String 31 | Parameter Sets: (All) 32 | Aliases: 33 | 34 | Required: True 35 | Position: 1 36 | Default value: None 37 | Accept pipeline input: False 38 | Accept wildcard characters: False 39 | ``` 40 | 41 | ### -TypeName 42 | Specifies an optional parameter to check if the type exist, if it exist then the assembly is not loaded again. 43 | 44 | ```yaml 45 | Type: System.String 46 | Parameter Sets: (All) 47 | Aliases: 48 | 49 | Required: False 50 | Position: 2 51 | Default value: None 52 | Accept pipeline input: False 53 | Accept wildcard characters: False 54 | ``` 55 | 56 | ### CommonParameters 57 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 58 | 59 | ## INPUTS 60 | 61 | ### None 62 | ## OUTPUTS 63 | 64 | ### None 65 | ## NOTES 66 | 67 | ## RELATED LINKS 68 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/Assert-ADPSDrive.md: -------------------------------------------------------------------------------- 1 | 2 | # Assert-ADPSDrive 3 | 4 | ## SYNOPSIS 5 | Asserts if the AD PS Drive has been created, and creates one if not. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | Assert-ADPSDrive [[-Root] ] [] 11 | ``` 12 | 13 | ## DESCRIPTION 14 | The Assert-ADPSDrive function is used to assert if the AD PS Drive has been created, and creates one if not. 15 | 16 | ## EXAMPLES 17 | 18 | ### EXAMPLE 1 19 | ``` 20 | Assert-ADPSDrive 21 | ``` 22 | 23 | ## PARAMETERS 24 | 25 | ### -Root 26 | Specifies the AD path to which the drive is mapped. 27 | 28 | ```yaml 29 | Type: System.String 30 | Parameter Sets: (All) 31 | Aliases: 32 | 33 | Required: False 34 | Position: 1 35 | Default value: //RootDSE/ 36 | Accept pipeline input: False 37 | Accept wildcard characters: False 38 | ``` 39 | 40 | ### CommonParameters 41 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 42 | 43 | ## INPUTS 44 | 45 | ### None 46 | ## OUTPUTS 47 | 48 | ### None 49 | ## NOTES 50 | Throws an exception if the PS Drive cannot be created. 51 | 52 | ## RELATED LINKS 53 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/Assert-MemberParameters.md: -------------------------------------------------------------------------------- 1 | 2 | # Assert-MemberParameters 3 | 4 | ## SYNOPSIS 5 | Assert the Members, MembersToInclude and MembersToExclude combination is valid. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | Assert-MemberParameters [[-Members] ] [[-MembersToInclude] ] 11 | [[-MembersToExclude] ] [] 12 | ``` 13 | 14 | ## DESCRIPTION 15 | The Assert-MemberParameters function is used to assert the Members, MembersToInclude and MembersToExclude 16 | combination is valid. 17 | If the combination is invalid, an InvalidArgumentError is raised. 18 | 19 | ## EXAMPLES 20 | 21 | ### EXAMPLE 1 22 | ``` 23 | Assert-MemberParameters -Members fred, bill 24 | ``` 25 | 26 | ## PARAMETERS 27 | 28 | ### -Members 29 | Specifies the Members to validate. 30 | 31 | ```yaml 32 | Type: System.String[] 33 | Parameter Sets: (All) 34 | Aliases: 35 | 36 | Required: False 37 | Position: 1 38 | Default value: None 39 | Accept pipeline input: False 40 | Accept wildcard characters: False 41 | ``` 42 | 43 | ### -MembersToExclude 44 | Specifies the MembersToExclude to validate. 45 | 46 | ```yaml 47 | Type: System.String[] 48 | Parameter Sets: (All) 49 | Aliases: 50 | 51 | Required: False 52 | Position: 3 53 | Default value: None 54 | Accept pipeline input: False 55 | Accept wildcard characters: False 56 | ``` 57 | 58 | ### -MembersToInclude 59 | Specifies the MembersToInclude to validate. 60 | 61 | ```yaml 62 | Type: System.String[] 63 | Parameter Sets: (All) 64 | Aliases: 65 | 66 | Required: False 67 | Position: 2 68 | Default value: None 69 | Accept pipeline input: False 70 | Accept wildcard characters: False 71 | ``` 72 | 73 | ### CommonParameters 74 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 75 | 76 | ## INPUTS 77 | 78 | ### None 79 | ## OUTPUTS 80 | 81 | ### None 82 | ## NOTES 83 | 84 | ## RELATED LINKS 85 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/Convert-PropertyMapToObjectProperties.md: -------------------------------------------------------------------------------- 1 | 2 | # Convert-PropertyMapToObjectProperties 3 | 4 | ## SYNOPSIS 5 | Converts a hashtable containing the parameter to property mappings to an array of properties. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | Convert-PropertyMapToObjectProperties [-PropertyMap] [] 11 | ``` 12 | 13 | ## DESCRIPTION 14 | The Convert-PropertyMapToObjectProperties function is used to convert a hashtable containing the parameter to 15 | property mappings to an array of properties that can be used to call cmdlets that supports the parameter 16 | Properties. 17 | 18 | ## EXAMPLES 19 | 20 | ### EXAMPLE 1 21 | ``` 22 | Convert-PropertyMapToObjectProperties -PropertyMap $computerObjectPropertyMap 23 | ``` 24 | 25 | ## PARAMETERS 26 | 27 | ### -PropertyMap 28 | Specifies the property map, as an array of hashtables, to convert to a properties array. 29 | 30 | ```yaml 31 | Type: System.Array 32 | Parameter Sets: (All) 33 | Aliases: 34 | 35 | Required: True 36 | Position: 1 37 | Default value: None 38 | Accept pipeline input: False 39 | Accept wildcard characters: False 40 | ``` 41 | 42 | ### CommonParameters 43 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 44 | 45 | ## INPUTS 46 | 47 | ### None 48 | ## OUTPUTS 49 | 50 | ### System.Array 51 | ## NOTES 52 | 53 | ## RELATED LINKS 54 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/ConvertFrom-TimeSpan.md: -------------------------------------------------------------------------------- 1 | 2 | # ConvertFrom-TimeSpan 3 | 4 | ## SYNOPSIS 5 | Converts a TimeSpan object into the number of seconds, minutes, hours or days. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | ConvertFrom-TimeSpan [-TimeSpan] [-TimeSpanType] [] 11 | ``` 12 | 13 | ## DESCRIPTION 14 | The ConvertFrom-TimeSpan function is used to Convert a TimeSpan object into an Integer containing the number of 15 | seconds, minutes, hours or days within the timespan. 16 | 17 | ## EXAMPLES 18 | 19 | ### EXAMPLE 1 20 | ``` 21 | ConvertFrom-TimeSpan -TimeSpan (New-TimeSpan -Days 15) -TimeSpanType Seconds 22 | ``` 23 | 24 | Returns the number of seconds in 15 days. 25 | 26 | ## PARAMETERS 27 | 28 | ### -TimeSpan 29 | Specifies the TimeSpan object to convert into an integer. 30 | 31 | ```yaml 32 | Type: System.TimeSpan 33 | Parameter Sets: (All) 34 | Aliases: 35 | 36 | Required: True 37 | Position: 1 38 | Default value: None 39 | Accept pipeline input: False 40 | Accept wildcard characters: False 41 | ``` 42 | 43 | ### -TimeSpanType 44 | Specifies the unit of measure to be used in the conversion. 45 | 46 | ```yaml 47 | Type: System.String 48 | Parameter Sets: (All) 49 | Aliases: 50 | 51 | Required: True 52 | Position: 2 53 | Default value: None 54 | Accept pipeline input: False 55 | Accept wildcard characters: False 56 | ``` 57 | 58 | ### CommonParameters 59 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 60 | 61 | ## INPUTS 62 | 63 | ### None 64 | ## OUTPUTS 65 | 66 | ### System.Int32 67 | ## NOTES 68 | 69 | ## RELATED LINKS 70 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/ConvertTo-DeploymentDomainMode.md: -------------------------------------------------------------------------------- 1 | 2 | # ConvertTo-DeploymentDomainMode 3 | 4 | ## SYNOPSIS 5 | Converts a ModeId or ADDomainMode object to a DomainMode object. 6 | 7 | ## SYNTAX 8 | 9 | ### ById 10 | ``` 11 | ConvertTo-DeploymentDomainMode -ModeId [] 12 | ``` 13 | 14 | ### ByName 15 | ``` 16 | ConvertTo-DeploymentDomainMode -Mode [] 17 | ``` 18 | 19 | ## DESCRIPTION 20 | The ConvertTo-DeploymentDomainMode function is used to convert a 21 | Microsoft.ActiveDirectory.Management.ADDomainMode object or a ModeId to a 22 | Microsoft.DirectoryServices.Deployment.Types.DomainMode object. 23 | 24 | ## EXAMPLES 25 | 26 | ### EXAMPLE 1 27 | ``` 28 | ConvertTo-DeploymentDomainMode -Mode $adDomainMode 29 | ``` 30 | 31 | ## PARAMETERS 32 | 33 | ### -Mode 34 | Specifies the Microsoft.ActiveDirectory.Management.ADDomainMode value to convert to a 35 | Microsoft.DirectoryServices.Deployment.Types.DomainMode type. 36 | 37 | ```yaml 38 | Type: System.Nullable`1[Microsoft.ActiveDirectory.Management.ADDomainMode] 39 | Parameter Sets: ByName 40 | Aliases: 41 | 42 | Required: True 43 | Position: Named 44 | Default value: None 45 | Accept pipeline input: False 46 | Accept wildcard characters: False 47 | ``` 48 | 49 | ### -ModeId 50 | Specifies the ModeId value to convert to a Microsoft.DirectoryServices.Deployment.Types.DomainMode type. 51 | 52 | ```yaml 53 | Type: System.UInt16 54 | Parameter Sets: ById 55 | Aliases: 56 | 57 | Required: True 58 | Position: Named 59 | Default value: 0 60 | Accept pipeline input: False 61 | Accept wildcard characters: False 62 | ``` 63 | 64 | ### CommonParameters 65 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 66 | 67 | ## INPUTS 68 | 69 | ### None 70 | ## OUTPUTS 71 | 72 | ### Microsoft.DirectoryServices.Deployment.Types.DomainMode 73 | ## NOTES 74 | 75 | ## RELATED LINKS 76 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/ConvertTo-DeploymentForestMode.md: -------------------------------------------------------------------------------- 1 | 2 | # ConvertTo-DeploymentForestMode 3 | 4 | ## SYNOPSIS 5 | Converts a ModeId or ADForestMode object to a ForestMode object. 6 | 7 | ## SYNTAX 8 | 9 | ### ById 10 | ``` 11 | ConvertTo-DeploymentForestMode -ModeId [] 12 | ``` 13 | 14 | ### ByName 15 | ``` 16 | ConvertTo-DeploymentForestMode -Mode [] 17 | ``` 18 | 19 | ## DESCRIPTION 20 | The ConvertTo-DeploymentForestMode function is used to convert a 21 | Microsoft.ActiveDirectory.Management.ADForestMode object or a ModeId to a 22 | Microsoft.DirectoryServices.Deployment.Types.ForestMode object. 23 | 24 | ## EXAMPLES 25 | 26 | ### EXAMPLE 1 27 | ``` 28 | ConvertTo-DeploymentForestMode -Mode $adForestMode 29 | ``` 30 | 31 | ## PARAMETERS 32 | 33 | ### -Mode 34 | Specifies the Microsoft.ActiveDirectory.Management.ADForestMode value to convert to a 35 | Microsoft.DirectoryServices.Deployment.Types.ForestMode type. 36 | 37 | ```yaml 38 | Type: System.Nullable`1[Microsoft.ActiveDirectory.Management.ADForestMode] 39 | Parameter Sets: ByName 40 | Aliases: 41 | 42 | Required: True 43 | Position: Named 44 | Default value: None 45 | Accept pipeline input: False 46 | Accept wildcard characters: False 47 | ``` 48 | 49 | ### -ModeId 50 | Specifies the ModeId value to convert to a Microsoft.DirectoryServices.Deployment.Types.ForestMode type. 51 | 52 | ```yaml 53 | Type: System.UInt16 54 | Parameter Sets: ById 55 | Aliases: 56 | 57 | Required: True 58 | Position: Named 59 | Default value: 0 60 | Accept pipeline input: False 61 | Accept wildcard characters: False 62 | ``` 63 | 64 | ### CommonParameters 65 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 66 | 67 | ## INPUTS 68 | 69 | ### None 70 | ## OUTPUTS 71 | 72 | ### Microsoft.DirectoryServices.Deployment.Types.ForestMode 73 | ## NOTES 74 | 75 | ## RELATED LINKS 76 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/ConvertTo-TimeSpan.md: -------------------------------------------------------------------------------- 1 | 2 | # ConvertTo-TimeSpan 3 | 4 | ## SYNOPSIS 5 | Converts a specified time period into a TimeSpan object. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | ConvertTo-TimeSpan [-TimeSpan] [-TimeSpanType] [] 11 | ``` 12 | 13 | ## DESCRIPTION 14 | The ConvertTo-TimeSpan function is used to convert a specified time period in seconds, minutes, hours or days 15 | into a TimeSpan object. 16 | 17 | ## EXAMPLES 18 | 19 | ### EXAMPLE 1 20 | ``` 21 | ConvertTo-TimeSpan -TimeSpan 60 -TimeSpanType Minutes 22 | ``` 23 | 24 | ## PARAMETERS 25 | 26 | ### -TimeSpan 27 | Specifies the length of time to use for the time span. 28 | 29 | ```yaml 30 | Type: System.UInt32 31 | Parameter Sets: (All) 32 | Aliases: 33 | 34 | Required: True 35 | Position: 1 36 | Default value: 0 37 | Accept pipeline input: False 38 | Accept wildcard characters: False 39 | ``` 40 | 41 | ### -TimeSpanType 42 | Specifies the units of measure in the TimeSpan parameter. 43 | 44 | ```yaml 45 | Type: System.String 46 | Parameter Sets: (All) 47 | Aliases: 48 | 49 | Required: True 50 | Position: 2 51 | Default value: None 52 | Accept pipeline input: False 53 | Accept wildcard characters: False 54 | ``` 55 | 56 | ### CommonParameters 57 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 58 | 59 | ## INPUTS 60 | 61 | ### None 62 | ## OUTPUTS 63 | 64 | ### System.TimeSpan 65 | ## NOTES 66 | 67 | ## RELATED LINKS 68 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/Get-ADDomainNameFromDistinguishedName.md: -------------------------------------------------------------------------------- 1 | 2 | # Get-ADDomainNameFromDistinguishedName 3 | 4 | ## SYNOPSIS 5 | Converts an Active Directory distinguished name into a fully qualified domain name. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | Get-ADDomainNameFromDistinguishedName [[-DistinguishedName] ] [] 11 | ``` 12 | 13 | ## DESCRIPTION 14 | The Get-ADDomainNameFromDistinguishedName function is used to convert an Active Directory distinguished name 15 | into a fully qualified domain name. 16 | 17 | ## EXAMPLES 18 | 19 | ### EXAMPLE 1 20 | ``` 21 | Get-ADDomainNameFromDistinguishedName -DistinguishedName 'CN=ExampleObject,OU=ExampleOU,DC=example,DC=com' 22 | ``` 23 | 24 | ## PARAMETERS 25 | 26 | ### -DistinguishedName 27 | Specifies the distinguished name to convert into the FQDN. 28 | 29 | ```yaml 30 | Type: System.String 31 | Parameter Sets: (All) 32 | Aliases: 33 | 34 | Required: False 35 | Position: 1 36 | Default value: None 37 | Accept pipeline input: False 38 | Accept wildcard characters: False 39 | ``` 40 | 41 | ### CommonParameters 42 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 43 | 44 | ## INPUTS 45 | 46 | ### None 47 | ## OUTPUTS 48 | 49 | ### System.String 50 | ## NOTES 51 | Author: Robert D. 52 | Biddle (https://github.com/RobBiddle) 53 | 54 | ## RELATED LINKS 55 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/Get-ADObjectParentDN.md: -------------------------------------------------------------------------------- 1 | 2 | # Get-ADObjectParentDN 3 | 4 | ## SYNOPSIS 5 | Get an Active Directory object's parent distinguished name. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | Get-ADObjectParentDN [-DN] [] 11 | ``` 12 | 13 | ## DESCRIPTION 14 | The Get-ADObjectParentDN function is used to get an Active Directory object parent's distinguished name. 15 | 16 | ## EXAMPLES 17 | 18 | ### EXAMPLE 1 19 | ``` 20 | Get-ADObjectParentDN -DN CN=User1,CN=Users,DC=contoso,DC=com 21 | ``` 22 | 23 | Returns CN=Users,DC=contoso,DC=com 24 | 25 | ## PARAMETERS 26 | 27 | ### -DN 28 | Specifies the distinguished name of the object to return the parent from. 29 | 30 | ```yaml 31 | Type: System.String 32 | Parameter Sets: (All) 33 | Aliases: 34 | 35 | Required: True 36 | Position: 1 37 | Default value: None 38 | Accept pipeline input: False 39 | Accept wildcard characters: False 40 | ``` 41 | 42 | ### CommonParameters 43 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 44 | 45 | ## INPUTS 46 | 47 | ### None 48 | ## OUTPUTS 49 | 50 | ### System.String 51 | ## NOTES 52 | 53 | ## RELATED LINKS 54 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/Get-ActiveDirectoryDomain.md: -------------------------------------------------------------------------------- 1 | 2 | # Get-ActiveDirectoryDomain 3 | 4 | ## SYNOPSIS 5 | Gets a Domain object for the specified context. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | Get-ActiveDirectoryDomain [-DirectoryContext] [] 11 | ``` 12 | 13 | ## DESCRIPTION 14 | The Get-ActiveDirectoryDomain function is used to get a System.DirectoryServices.ActiveDirectory.Domain object 15 | for the specified context, which is a class that represents an Active Directory Domain Services domain. 16 | 17 | ## EXAMPLES 18 | 19 | ### EXAMPLE 1 20 | ``` 21 | Get-ActiveDirectoryDomain -DirectoryContext $context 22 | ``` 23 | 24 | ## PARAMETERS 25 | 26 | ### -DirectoryContext 27 | Specifies the Active Directory context from which the domain object is returned. 28 | Calling the 29 | Get-ADDirectoryContext gets a value that can be provided in this parameter. 30 | 31 | ```yaml 32 | Type: System.DirectoryServices.ActiveDirectory.DirectoryContext 33 | Parameter Sets: (All) 34 | Aliases: 35 | 36 | Required: True 37 | Position: 1 38 | Default value: None 39 | Accept pipeline input: False 40 | Accept wildcard characters: False 41 | ``` 42 | 43 | ### CommonParameters 44 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 45 | 46 | ## INPUTS 47 | 48 | ### None 49 | ## OUTPUTS 50 | 51 | ### System.DirectoryServices.ActiveDirectory.Domain 52 | ## NOTES 53 | This is a wrapper to allow test mocking of the calling function. 54 | See issue https://github.com/PowerShell/ActiveDirectoryDsc/issues/324 for more information. 55 | 56 | ## RELATED LINKS 57 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/Get-ActiveDirectoryForest.md: -------------------------------------------------------------------------------- 1 | 2 | # Get-ActiveDirectoryForest 3 | 4 | ## SYNOPSIS 5 | Gets a Forest object for the specified context. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | Get-ActiveDirectoryForest [-DirectoryContext] [] 11 | ``` 12 | 13 | ## DESCRIPTION 14 | The Get-ActiveDirectoryForest function is used to get a System.DirectoryServices.ActiveDirectory.Forest object 15 | for the specified context. 16 | which is a class that represents an Active Directory Domain Services forest. 17 | 18 | ## EXAMPLES 19 | 20 | ### EXAMPLE 1 21 | ``` 22 | Get-ActiveDirectoryForest -DirectoryContext $context 23 | ``` 24 | 25 | ## PARAMETERS 26 | 27 | ### -DirectoryContext 28 | Specifies the Active Directory context from which the forest object is returned. 29 | Calling the 30 | Get-ADDirectoryContext gets a value that can be provided in this parameter. 31 | 32 | ```yaml 33 | Type: System.DirectoryServices.ActiveDirectory.DirectoryContext 34 | Parameter Sets: (All) 35 | Aliases: 36 | 37 | Required: True 38 | Position: 1 39 | Default value: None 40 | Accept pipeline input: False 41 | Accept wildcard characters: False 42 | ``` 43 | 44 | ### CommonParameters 45 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 46 | 47 | ## INPUTS 48 | 49 | ### None 50 | ## OUTPUTS 51 | 52 | ### System.DirectoryServices.ActiveDirectory.Forest 53 | ## NOTES 54 | This is a wrapper to allow test mocking of the calling function. 55 | See issue https://github.com/PowerShell/ActiveDirectoryDsc/issues/324 for more information. 56 | 57 | ## RELATED LINKS 58 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/Get-ByteContent.md: -------------------------------------------------------------------------------- 1 | 2 | # Get-ByteContent 3 | 4 | ## SYNOPSIS 5 | Gets the contents of a file as a byte array. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | Get-ByteContent [-Path] [] 11 | ``` 12 | 13 | ## DESCRIPTION 14 | The Get-ByteContent function is used to get the contents of a file as a byte array. 15 | 16 | ## EXAMPLES 17 | 18 | ### EXAMPLE 1 19 | ``` 20 | Get-ByteContent -Path $path 21 | ``` 22 | 23 | ## PARAMETERS 24 | 25 | ### -Path 26 | Specifies the path to an item. 27 | 28 | ```yaml 29 | Type: System.String 30 | Parameter Sets: (All) 31 | Aliases: 32 | 33 | Required: True 34 | Position: 1 35 | Default value: None 36 | Accept pipeline input: False 37 | Accept wildcard characters: False 38 | ``` 39 | 40 | ### CommonParameters 41 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 42 | 43 | ## INPUTS 44 | 45 | ### none 46 | ## OUTPUTS 47 | 48 | ### System.Byte[] 49 | ## NOTES 50 | 51 | ## RELATED LINKS 52 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/Get-CurrentUser.md: -------------------------------------------------------------------------------- 1 | 2 | # Get-CurrentUser 3 | 4 | ## SYNOPSIS 5 | Gets the current user identity. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | Get-CurrentUser [] 11 | ``` 12 | 13 | ## DESCRIPTION 14 | The Get-CurrentUser function is used to get the current user identity. 15 | A WindowsIdentity object is returned 16 | that represents the current user. 17 | 18 | ## EXAMPLES 19 | 20 | ### EXAMPLE 1 21 | ``` 22 | Get-CurrentUser 23 | ``` 24 | 25 | ## PARAMETERS 26 | 27 | ### CommonParameters 28 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 29 | 30 | ## INPUTS 31 | 32 | ### None 33 | ## OUTPUTS 34 | 35 | ### System.Security.Principal.WindowsIdentity 36 | ## NOTES 37 | This is a wrapper to allow test mocking of the calling function. 38 | 39 | ## RELATED LINKS 40 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/Get-DomainName.md: -------------------------------------------------------------------------------- 1 | 2 | # Get-DomainName 3 | 4 | ## SYNOPSIS 5 | Gets the domain name of this computer. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | Get-DomainName [] 11 | ``` 12 | 13 | ## DESCRIPTION 14 | The Get-DomainName function is used to get the name of the Active Directory domain that the computer is a 15 | member of. 16 | 17 | ## EXAMPLES 18 | 19 | ### EXAMPLE 1 20 | ``` 21 | Get-DomainName 22 | ``` 23 | 24 | ## PARAMETERS 25 | 26 | ### CommonParameters 27 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 28 | 29 | ## INPUTS 30 | 31 | ### None 32 | ## OUTPUTS 33 | 34 | ### System.String 35 | ## NOTES 36 | 37 | ## RELATED LINKS 38 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/New-CimCredentialInstance.md: -------------------------------------------------------------------------------- 1 | 2 | # New-CimCredentialInstance 3 | 4 | ## SYNOPSIS 5 | Creates a new MSFT_Credential CIM instance credential object. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | New-CimCredentialInstance [-Credential] [] 11 | ``` 12 | 13 | ## DESCRIPTION 14 | The New-CimCredentialInstance function is used to create a new MSFT_Credential CIM instance credential object 15 | to be used when returning credential objects from Get-TargetResource. 16 | This creates a credential object without 17 | the password. 18 | 19 | ## EXAMPLES 20 | 21 | ### EXAMPLE 1 22 | ``` 23 | New-CimCredentialInstance -Credential $Cred 24 | ``` 25 | 26 | ## PARAMETERS 27 | 28 | ### -Credential 29 | Specifies the PSCredential object to return as a MSFT_Credential CIM instance credential object. 30 | 31 | ```yaml 32 | Type: System.Management.Automation.PSCredential 33 | Parameter Sets: (All) 34 | Aliases: 35 | 36 | Required: True 37 | Position: 1 38 | Default value: None 39 | Accept pipeline input: False 40 | Accept wildcard characters: False 41 | ``` 42 | 43 | ### CommonParameters 44 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 45 | 46 | ## INPUTS 47 | 48 | ### None 49 | ## OUTPUTS 50 | 51 | ### Microsoft.Management.Infrastructure.CimInstance 52 | ## NOTES 53 | When returning a PSCredential object from Get-TargetResource, the credential object does not contain the 54 | username. 55 | The object is empty. 56 | 57 | | Password | UserName | PSComputerName | 58 | | -------- | -------- | -------------- | 59 | | | | localhost | 60 | 61 | When the MSFT_Credential CIM instance credential object is returned by the Get-TargetResource then the 62 | credential object contains the values provided in the object. 63 | 64 | | Password | UserName | PSComputerName | 65 | | -------- | ------------------ | -------------- | 66 | | |COMPANY\TestAccount | localhost | 67 | 68 | ## RELATED LINKS 69 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/Remove-DuplicateMembers.md: -------------------------------------------------------------------------------- 1 | 2 | # Remove-DuplicateMembers 3 | 4 | ## SYNOPSIS 5 | Removes duplicate members from a string array. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | Remove-DuplicateMembers [[-Members] ] [] 11 | ``` 12 | 13 | ## DESCRIPTION 14 | The Remove-DuplicateMembers function is used to remove duplicate members from a string array. 15 | The comparison 16 | is case insensitive. 17 | A string array is returned containing the resultant members. 18 | 19 | ## EXAMPLES 20 | 21 | ### EXAMPLE 1 22 | ``` 23 | Remove-DuplicateMembers -Members fred, bill, bill 24 | ``` 25 | 26 | ## PARAMETERS 27 | 28 | ### -Members 29 | Specifies the array of members to remove duplicates from. 30 | 31 | ```yaml 32 | Type: System.String[] 33 | Parameter Sets: (All) 34 | Aliases: 35 | 36 | Required: False 37 | Position: 1 38 | Default value: None 39 | Accept pipeline input: False 40 | Accept wildcard characters: False 41 | ``` 42 | 43 | ### CommonParameters 44 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 45 | 46 | ## INPUTS 47 | 48 | ### None 49 | ## OUTPUTS 50 | 51 | ### System.String[] 52 | ## NOTES 53 | 54 | ## RELATED LINKS 55 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/Resolve-SamAccountName.md: -------------------------------------------------------------------------------- 1 | 2 | # Resolve-SamAccountName 3 | 4 | ## SYNOPSIS 5 | Resolves the SamAccountName of an Active Directory object based on a supplied ObjectSid. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | Resolve-SamAccountName [-ObjectSid] [] 11 | ``` 12 | 13 | ## DESCRIPTION 14 | The Resolve-SamAccountName function is used to get a System.String object representing the SamAccountName 15 | translated from the specified ObjectSid. 16 | If a System.Security.Principal.IdentityNotMappedException exception 17 | is thrown, then we assume it is an orphaned ForeignSecurityPrincipal and the ObjectSid value is returned back. 18 | 19 | ## EXAMPLES 20 | 21 | ### EXAMPLE 1 22 | ``` 23 | Resolve-SamAccountName -ObjectSid $adObject.objectSid 24 | ``` 25 | 26 | ## PARAMETERS 27 | 28 | ### -ObjectSid 29 | Specifies the Active Directory object security identifier to use for translation to a SamAccountName. 30 | 31 | ```yaml 32 | Type: System.String 33 | Parameter Sets: (All) 34 | Aliases: 35 | 36 | Required: True 37 | Position: 1 38 | Default value: None 39 | Accept pipeline input: False 40 | Accept wildcard characters: False 41 | ``` 42 | 43 | ### CommonParameters 44 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 45 | 46 | ## INPUTS 47 | 48 | ### None 49 | ## OUTPUTS 50 | 51 | ### System.String 52 | ## NOTES 53 | This is a wrapper to allow test mocking of the calling function. 54 | See issue https://github.com/dsccommunity/ActiveDirectoryDsc/issues/616 for more information. 55 | 56 | ## RELATED LINKS 57 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/Resolve-SecurityIdentifier.md: -------------------------------------------------------------------------------- 1 | 2 | # Resolve-SecurityIdentifier 3 | 4 | ## SYNOPSIS 5 | Resolves the Security Identifier (SID) of an Active Directory object based on a supplied SamAccountName. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | Resolve-SecurityIdentifier [-SamAccountName] [] 11 | ``` 12 | 13 | ## DESCRIPTION 14 | The Resolve-SecurityIdentifier function is used to get a System.String object representing the Security Identifier 15 | (SID) translated from the specified SamAccountName. 16 | 17 | ## EXAMPLES 18 | 19 | ### EXAMPLE 1 20 | ``` 21 | Resolve-SecurityIdentifier -SamAccountName $adObject.SamAccountName 22 | ``` 23 | 24 | ## PARAMETERS 25 | 26 | ### -SamAccountName 27 | Specifies the Active Directory object SamAccountName to use for translation to a Security Identifier (SID). 28 | 29 | ```yaml 30 | Type: System.String 31 | Parameter Sets: (All) 32 | Aliases: 33 | 34 | Required: True 35 | Position: 1 36 | Default value: None 37 | Accept pipeline input: False 38 | Accept wildcard characters: False 39 | ``` 40 | 41 | ### CommonParameters 42 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 43 | 44 | ## INPUTS 45 | 46 | ### None 47 | ## OUTPUTS 48 | 49 | ### System.String 50 | ## NOTES 51 | This is a wrapper to allow test mocking of the calling function. 52 | See issue https://github.com/dsccommunity/ActiveDirectoryDsc/issues/619 for more information. 53 | 54 | ## RELATED LINKS 55 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/Start-ProcessWithTimeout.md: -------------------------------------------------------------------------------- 1 | 2 | # Start-ProcessWithTimeout 3 | 4 | ## SYNOPSIS 5 | Starts a process with a timeout. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | Start-ProcessWithTimeout [-FilePath] [[-ArgumentList] ] [-Timeout] 11 | [] 12 | ``` 13 | 14 | ## DESCRIPTION 15 | The Start-ProcessWithTimeout function is used to start a process with a timeout. 16 | An Int32 object is returned 17 | representing the exit code of the started process. 18 | 19 | ## EXAMPLES 20 | 21 | ### EXAMPLE 1 22 | ``` 23 | Start-ProcessWithTimeout -FilePath 'djoin.exe' -ArgumentList '/PROVISION /DOMAIN contoso.com /MACHINE SRV1' -Timeout 300 24 | ``` 25 | 26 | ## PARAMETERS 27 | 28 | ### -ArgumentList 29 | Specifies he arguments that should be passed to the executable. 30 | 31 | ```yaml 32 | Type: System.String[] 33 | Parameter Sets: (All) 34 | Aliases: 35 | 36 | Required: False 37 | Position: 2 38 | Default value: None 39 | Accept pipeline input: False 40 | Accept wildcard characters: False 41 | ``` 42 | 43 | ### -FilePath 44 | Specifies the path to the executable to start. 45 | 46 | ```yaml 47 | Type: System.String 48 | Parameter Sets: (All) 49 | Aliases: 50 | 51 | Required: True 52 | Position: 1 53 | Default value: None 54 | Accept pipeline input: False 55 | Accept wildcard characters: False 56 | ``` 57 | 58 | ### -Timeout 59 | Specifies the timeout in seconds to wait for the process to finish. 60 | 61 | ```yaml 62 | Type: System.UInt32 63 | Parameter Sets: (All) 64 | Aliases: 65 | 66 | Required: True 67 | Position: 3 68 | Default value: 0 69 | Accept pipeline input: False 70 | Accept wildcard characters: False 71 | ``` 72 | 73 | ### CommonParameters 74 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 75 | 76 | ## INPUTS 77 | 78 | ### None 79 | ## OUTPUTS 80 | 81 | ### System.Int32 82 | ## NOTES 83 | 84 | ## RELATED LINKS 85 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/Test-ADReplicationSite.md: -------------------------------------------------------------------------------- 1 | 2 | # Test-ADReplicationSite 3 | 4 | ## SYNOPSIS 5 | Tests Active Directory replication site availablity. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | Test-ADReplicationSite [-SiteName] [-DomainName] [-Credential] 11 | [] 12 | ``` 13 | 14 | ## DESCRIPTION 15 | The Test-ADReplicationSite function is used to test Active Directory replication site availablity. 16 | A boolean is 17 | returned that represents the replication site availability. 18 | 19 | ## EXAMPLES 20 | 21 | ### EXAMPLE 1 22 | ``` 23 | Test-ADReplicationSite -SiteName Default -DomainName contoso.com 24 | ``` 25 | 26 | ## PARAMETERS 27 | 28 | ### -Credential 29 | Specifies the credentials to use when accessing the domain, or use the current user if not specified. 30 | 31 | ```yaml 32 | Type: System.Management.Automation.PSCredential 33 | Parameter Sets: (All) 34 | Aliases: 35 | 36 | Required: True 37 | Position: 3 38 | Default value: None 39 | Accept pipeline input: False 40 | Accept wildcard characters: False 41 | ``` 42 | 43 | ### -DomainName 44 | Specifies the domain name containing the replication site. 45 | 46 | ```yaml 47 | Type: System.String 48 | Parameter Sets: (All) 49 | Aliases: 50 | 51 | Required: True 52 | Position: 2 53 | Default value: None 54 | Accept pipeline input: False 55 | Accept wildcard characters: False 56 | ``` 57 | 58 | ### -SiteName 59 | Specifies the replication site name to test the availability of. 60 | 61 | ```yaml 62 | Type: System.String 63 | Parameter Sets: (All) 64 | Aliases: 65 | 66 | Required: True 67 | Position: 1 68 | Default value: None 69 | Accept pipeline input: False 70 | Accept wildcard characters: False 71 | ``` 72 | 73 | ### CommonParameters 74 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 75 | 76 | ## INPUTS 77 | 78 | ### None 79 | ## OUTPUTS 80 | 81 | ### System.Boolean 82 | ## NOTES 83 | 84 | ## RELATED LINKS 85 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/Test-DomainMember.md: -------------------------------------------------------------------------------- 1 | 2 | # Test-DomainMember 3 | 4 | ## SYNOPSIS 5 | Tests whether this computer is a member of a domain. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | Test-DomainMember [] 11 | ``` 12 | 13 | ## DESCRIPTION 14 | The Test-DomainMember function is used to test whether this computer is a member of a domain. 15 | A boolean is 16 | returned indicating the domain membership of the computer. 17 | 18 | ## EXAMPLES 19 | 20 | ### EXAMPLE 1 21 | ``` 22 | Test-DomainMember 23 | ``` 24 | 25 | ## PARAMETERS 26 | 27 | ### CommonParameters 28 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 29 | 30 | ## INPUTS 31 | 32 | ### None 33 | ## OUTPUTS 34 | 35 | ### System.Boolean 36 | ## NOTES 37 | 38 | ## RELATED LINKS 39 | -------------------------------------------------------------------------------- /source/Modules/ActiveDirectoryDsc.Common/docs/Test-IsDomainController.md: -------------------------------------------------------------------------------- 1 | 2 | # Test-IsDomainController 3 | 4 | ## SYNOPSIS 5 | Tests if the computer is a domain controller. 6 | 7 | ## SYNTAX 8 | 9 | ``` 10 | Test-IsDomainController [] 11 | ``` 12 | 13 | ## DESCRIPTION 14 | The Test-IsDomainController function tests if the computer is a domain controller. 15 | A boolean is returned that 16 | represents whether the computer is a domain controller. 17 | 18 | ## EXAMPLES 19 | 20 | ### EXAMPLE 1 21 | ``` 22 | Test-IsDomainController 23 | ``` 24 | 25 | ## PARAMETERS 26 | 27 | ### CommonParameters 28 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 29 | 30 | ## INPUTS 31 | 32 | ### None 33 | ## OUTPUTS 34 | 35 | ### System.Boolean 36 | ## NOTES 37 | 38 | ## RELATED LINKS 39 | -------------------------------------------------------------------------------- /source/en-US/ActiveDirectoryDsc.strings.psd1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | The localized resource strings in English (en-US) for the 4 | resource ActiveDirectoryDsc module. This file should only contain 5 | localized strings for private functions, public command, and 6 | classes (that are not a DSC resource). 7 | #> 8 | 9 | ConvertFrom-StringData @' 10 | '@ 11 | -------------------------------------------------------------------------------- /source/en-US/about_ActiveDirectoryDsc.help.txt: -------------------------------------------------------------------------------- 1 | TOPIC 2 | about_ActiveDirectoryDsc 3 | 4 | SHORT DESCRIPTION 5 | DSC Resources for deployment and configuration of Active Directory Domain Services. 6 | 7 | LONG DESCRIPTION 8 | This module contains DSC Resources for deployment and configuration of Active Directory Domain Services. 9 | 10 | EXAMPLES 11 | PS C:\> Get-DscResource -Module ActiveDirectoryDsc 12 | 13 | NOTE: 14 | Thank you to all those who contributed to this module, by writing code, sharing opinions, and provided feedback. 15 | 16 | TROUBLESHOOTING NOTE: 17 | Look out on the Github repository for issues and new releases. 18 | 19 | SEE ALSO 20 | - https://github.com/dsccommunity/ActiveDirectoryDsc 21 | 22 | KEYWORDS 23 | DSC, DscResource, ActiveDirectory 24 | -------------------------------------------------------------------------------- /tests/Integration/MSFT_ADDomainControllerProperties.config.ps1: -------------------------------------------------------------------------------- 1 | #region HEADER 2 | # Integration Test Config Template Version: 1.2.0 3 | #endregion 4 | 5 | $configFile = [System.IO.Path]::ChangeExtension($MyInvocation.MyCommand.Path, 'json') 6 | if (Test-Path -Path $configFile) 7 | { 8 | <# 9 | Allows reading the configuration data from a JSON file, for real testing 10 | scenarios outside of the CI. 11 | #> 12 | $ConfigurationData = Get-Content -Path $configFile | ConvertFrom-Json 13 | } 14 | else 15 | { 16 | $ConfigurationData = @{ 17 | AllNodes = @( 18 | @{ 19 | NodeName = 'localhost' 20 | CertificateFile = $env:DscPublicCertificatePath 21 | } 22 | ) 23 | } 24 | } 25 | 26 | <# 27 | .SYNOPSIS 28 | Sets the supported property values. 29 | #> 30 | Configuration MSFT_ADDomainControllerProperties_SetPropertyValues_Config 31 | { 32 | Import-DscResource -ModuleName 'ActiveDirectoryDsc' 33 | 34 | node $AllNodes.NodeName 35 | { 36 | ADDomainControllerProperties 'Integration_Test' 37 | { 38 | IsSingleInstance = 'Yes' 39 | ContentFreshness = 100 40 | } 41 | } 42 | } 43 | 44 | <# 45 | .SYNOPSIS 46 | Restore domain controller properties to the default values. 47 | #> 48 | Configuration MSFT_ADDomainControllerProperties_RestoreDefaultValues_Config 49 | { 50 | Import-DscResource -ModuleName 'ActiveDirectoryDsc' 51 | 52 | node $AllNodes.NodeName 53 | { 54 | ADDomainControllerProperties 'Integration_Test' 55 | { 56 | IsSingleInstance = 'Yes' 57 | ContentFreshness = 60 58 | } 59 | } 60 | } 61 | -------------------------------------------------------------------------------- /tests/Integration/MSFT_ADForestFunctionalLevel.config.ps1: -------------------------------------------------------------------------------- 1 | #region HEADER 2 | # Integration Test Config Template Version: 1.2.0 3 | #endregion 4 | 5 | $configFile = [System.IO.Path]::ChangeExtension($MyInvocation.MyCommand.Path, 'json') 6 | if (Test-Path -Path $configFile) 7 | { 8 | <# 9 | Allows reading the configuration data from a JSON file, for real testing 10 | scenarios outside of the CI. 11 | #> 12 | $ConfigurationData = Get-Content -Path $configFile | ConvertFrom-Json 13 | } 14 | else 15 | { 16 | $ConfigurationData = @{ 17 | AllNodes = @( 18 | @{ 19 | NodeName = 'localhost' 20 | CertificateFile = $env:DscPublicCertificatePath 21 | } 22 | ) 23 | } 24 | } 25 | 26 | <# 27 | .SYNOPSIS 28 | Change the forest functional level to a Windows Server 2012 R2 Forest. 29 | #> 30 | Configuration MSFT_ADForestFunctionalLevel_ChangeForestLevelTo2012R2_Config 31 | { 32 | Import-DscResource -ModuleName 'ActiveDirectoryDsc' 33 | 34 | node $AllNodes.NodeName 35 | { 36 | ADForestFunctionalLevel 'Integration_Test' 37 | { 38 | ForestIdentity = 'contoso.com' 39 | ForestMode = 'Windows2012R2Forest' 40 | } 41 | } 42 | } 43 | 44 | <# 45 | .SYNOPSIS 46 | Change the forest functional level to a Windows Server 2016 Forest. 47 | #> 48 | Configuration MSFT_ADForestFunctionalLevel_ChangeForestLevelTo2016_Config 49 | { 50 | Import-DscResource -ModuleName 'ActiveDirectoryDsc' 51 | 52 | node $AllNodes.NodeName 53 | { 54 | ADForestFunctionalLevel 'Integration_Test' 55 | { 56 | ForestIdentity = 'contoso.com' 57 | ForestMode = 'Windows2016Forest' 58 | } 59 | } 60 | } 61 | -------------------------------------------------------------------------------- /tests/Integration/MSFT_ADKDSKey.config.ps1: -------------------------------------------------------------------------------- 1 | #region HEADER 2 | # Integration Test Config Template Version: 1.2.0 3 | #endregion 4 | 5 | $configFile = [System.IO.Path]::ChangeExtension($MyInvocation.MyCommand.Path, 'json') 6 | if (Test-Path -Path $configFile) 7 | { 8 | <# 9 | Allows reading the configuration data from a JSON file, for real testing 10 | scenarios outside of the CI. 11 | #> 12 | $ConfigurationData = Get-Content -Path $configFile | ConvertFrom-Json 13 | } 14 | else 15 | { 16 | $ConfigurationData = @{ 17 | AllNodes = @( 18 | @{ 19 | NodeName = 'localhost' 20 | CertificateFile = $env:DscPublicCertificatePath 21 | EffectiveTime = (Get-Date -year 1999 -month 1 -day 1 -hour 0 -Minute 0 -Second 0).ToString() 22 | } 23 | ) 24 | } 25 | } 26 | 27 | <# 28 | .SYNOPSIS 29 | Create a KDS root key in the past. This will allow the key to be used right away 30 | #> 31 | Configuration MSFT_ADKDSKey_CreateKDSRootKeyInPast_Config 32 | { 33 | Import-DscResource -ModuleName 'ActiveDirectoryDsc' 34 | 35 | node $AllNodes.NodeName 36 | { 37 | ADKDSKey 'Integration_Test' 38 | { 39 | Ensure = 'Present' 40 | EffectiveTime = $ConfigurationData.AllNodes.EffectiveTime 41 | AllowUnsafeEffectiveTime = $true 42 | } 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /tests/Integration/MSFT_ADReadOnlyDomainControllerAccount.config.ps1: -------------------------------------------------------------------------------- 1 | #region HEADER 2 | # Integration Test Config Template Version: 1.2.0 3 | #endregion 4 | 5 | $configFile = [System.IO.Path]::ChangeExtension($MyInvocation.MyCommand.Path, 'json') 6 | if (Test-Path -Path $configFile) 7 | { 8 | <# 9 | Allows reading the configuration data from a JSON file, for real testing 10 | scenarios outside of the CI. 11 | #> 12 | $ConfigurationData = Get-Content -Path $configFile | ConvertFrom-Json 13 | } 14 | else 15 | { 16 | $currentDomain = Get-ADDomain 17 | $dnsRoot = $currentDomain.DNSRoot 18 | $currentSite = Get-ADReplicationSite 19 | $siteName = $currentSite.Name 20 | 21 | $ConfigurationData = @{ 22 | AllNodes = @( 23 | @{ 24 | NodeName = 'localhost' 25 | DomainControllerAccountName = 'DSCINTTESTRODC1' 26 | DomainName = $dnsRoot 27 | SiteName = $siteName 28 | } 29 | ) 30 | } 31 | } 32 | 33 | <# 34 | .SYNOPSIS 35 | Pre-create a read only domain controller account. 36 | #> 37 | Configuration MSFT_ADKDSKey_CreateReadOnlyDomainControllerAccount 38 | { 39 | Import-DscResource -ModuleName 'ActiveDirectoryDsc' 40 | 41 | node $AllNodes.NodeName 42 | { 43 | ADReadOnlyDomainControllerAccount 'Integration_Test' 44 | { 45 | DomainControllerAccountName = $Node.DomainControllerAccountName 46 | DomainName = $Node.DomainName 47 | SiteName = $Node.SiteName 48 | } 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /tests/TestHelpers/DSC_Logo_96.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsccommunity/ActiveDirectoryDsc/89e90f04d8be7c55d841e40272e2b1277f1bfe2d/tests/TestHelpers/DSC_Logo_96.jpg --------------------------------------------------------------------------------