Merge pull request #1 from desmay/AADMSGroup

Aadms group
microsoft · Apr 21, 2020 · 67059f4 · 67059f4
2 parents 58d7e41 + dc35670
commit 67059f4
Show file tree

Hide file tree

Showing 26 changed files with 1,026 additions and 100 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 ## UNRELEASED
 
+* Metadata
+  * Updated Microsoft.PowerApps.Administration.PowerShell to 2.0.57;
+
+## 1.0.4.39
+
 * Re-branding to Microsoft365DSC
   * All components re-branded;
 * AADMSGroupLifecyclePolicy
@@ -12,6 +17,24 @@
   * Initial Release;
 * AADMSGroupLifecyclePolicy
   * Initial Release;
+* SCAuditConfigurationPolicy
+  * Fix issue with the Remove scenario;
+* SCDLPCompliancePolicy
+  * Fix issue with the Remove scenario;
+* SCFilePropertyAuthority
+  * Fix issue with the Remove scenario;
+* SCFilePlanPropertyCategory
+  * Fix issue with the Remove scenario;
+* SCFilePlanPropertyCitation
+  * Fix issue with the Remove scenario;
+* SCFilePlanPropertyDepartment
+  * Fix issue with the Remove scenario;
+* SCFilePlanPropertyReferenceId
+  * Fix issue with the Remove scenario;
+* SCFilePlanPropertySubCategory
+  * Fix issue with the Remove scenario;
+* SCRetentionCompliancePolicy
+  * Fix issue with Teams Policy in the Get;
 * SPOPropertyBag
   * Fixed an issue where false positive drifts were being detected;
 * SPOSiteAuditSettings
@@ -38,7 +61,7 @@
   * Updated Microsoft.PowerApps.Administration.PowerShell to 2.0.56;
   * Updated MicrosoftTeams dependency to 1.0.5;
   * Updated MSCloudLoginAssistant dependency to 1.0.6;
-  * Updated SharePointPnPPowerShellOnline dependency to 3.19.2003.0;
+  * Updated SharePointPnPPowerShellOnline dependency to 3.20.2004.0;
 
 ## 1.0.3.1723
 

diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADMSGroup/MSFT_AADMSGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADMSGroup/MSFT_AADMSGroup.psm1
@@ -0,0 +1,296 @@
+function Get-TargetResource
+{
+    [CmdletBinding()]
+    [OutputType([System.Collections.Hashtable])]
+    param
+    (
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $DisplayName,
+
+        [Parameter()]
+        [System.String]
+        $Description,
+
+        [Parameter()]
+        [System.String[]]
+        $GroupTypes,
+
+        [Parameter()]
+        [System.String]
+        $MembershipRule,
+
+        [Parameter()]
+        [ValidateSet('On', 'Paused')]
+        [System.String]
+        $MembershipRuleProcessingState,
+
+        [Parameter()]
+        [System.Boolean]
+        $SecurityEnabled,
+
+        [Parameter()]
+        [System.Boolean]
+        $MailEnabled,
+
+        [Parameter()]
+        [System.String]
+        $MailNickname,
+
+        [Parameter()]
+        [ValidateSet('Public', 'Private', 'HiddenMembership')]
+        [System.String]
+        $Visibility,
+
+        [Parameter()]
+        [ValidateSet('Present', 'Absent')]
+        [System.String]
+        $Ensure = 'Present',
+
+        [Parameter(Mandatory = $true)]
+        [System.Management.Automation.PSCredential]
+        $GlobalAdminAccount
+    )
+
+    Write-Verbose -Message "Getting configuration of AzureAD Group"
+    #region Telemetry
+    $data = [System.Collections.Generic.Dictionary[[String], [String]]]::new()
+    $data.Add("Resource", $MyInvocation.MyCommand.ModuleName)
+    $data.Add("Method", $MyInvocation.MyCommand)
+    Add-M365DSCTelemetryEvent -Data $data
+    #endregion
+
+    Test-MSCloudLogin -CloudCredential $GlobalAdminAccount `
+        -Platform AzureAD
+
+    $Group = Get-AzureADMSGroup -Filter "DisplayName eq '$DisplayName'"
+
+    if ($null -eq $Group)
+    {
+        $currentValues = $PSBoundParameters
+        $currentValues.Ensure = "Absent"
+        return $currentValues
+    }
+    else
+    {
+        Write-Verbose -Message "Found existing AzureAD Group"
+        $result = @{
+            DisplayName                   = $Group.DisplayName
+            Description                   = $Group.Description
+            GroupTypes                    = [System.String[]]$Group.GroupTypes
+            MembershipRule                = $Group.MembershipRule
+            MembershipRuleProcessingState = $Group.MembershipRuleProcessingState
+            SecurityEnabled               = $Group.SecurityEnabled
+            MailEnabled                   = $Group.MailEnabled
+            MailNickname                  = $Group.MailNickname
+            Visibility                    = $Group.Visibility
+            Ensure                        = "Present"
+            GlobalAdminAccount            = $GlobalAdminAccount
+        }
+
+        Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)"
+        return $result
+    }
+}
+
+function Set-TargetResource
+{
+    [CmdletBinding()]
+    param
+    (
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $DisplayName,
+
+        [Parameter()]
+        [System.String]
+        $Description,
+
+        [Parameter()]
+        [System.String[]]
+        $GroupTypes,
+
+        [Parameter()]
+        [System.String]
+        $MembershipRule,
+
+        [Parameter()]
+        [ValidateSet('On', 'Paused')]
+        [System.String]
+        $MembershipRuleProcessingState,
+
+        [Parameter()]
+        [System.Boolean]
+        $SecurityEnabled,
+
+        [Parameter()]
+        [System.Boolean]
+        $MailEnabled,
+
+        [Parameter()]
+        [System.String]
+        $MailNickname,
+
+        [Parameter()]
+        [ValidateSet('Public', 'Private', 'HiddenMembership')]
+        [System.String]
+        $Visibility,
+
+        [Parameter()]
+        [ValidateSet('Present', 'Absent')]
+        [System.String]
+        $Ensure = 'Present',
+
+        [Parameter(Mandatory = $true)]
+        [System.Management.Automation.PSCredential]
+        $GlobalAdminAccount
+    )
+
+    Write-Verbose -Message "Setting configuration of Azure AD Groups"
+    #region Telemetry
+    $data = [System.Collections.Generic.Dictionary[[String], [String]]]::new()
+    $data.Add("Resource", $MyInvocation.MyCommand.ModuleName)
+    $data.Add("Method", $MyInvocation.MyCommand)
+    Add-M365DSCTelemetryEvent -Data $data
+    #endregion
+
+    Test-MSCloudLogin -CloudCredential $GlobalAdminAccount `
+        -Platform AzureAD
+
+    $currentGroup = Get-TargetResource @PSBoundParameters
+    $currentParameters = $PSBoundParameters
+    $currentParameters.Remove("GlobalAdminAccount")
+    $currentParameters.Remove("Ensure")
+
+    if ($Ensure -eq 'Present' -and $currentGroup.Ensure -eq 'Present')
+    {
+        $Group = Get-AzureADMSGroup -Filter "DisplayName eq '$DisplayName'"
+        Set-AzureADMSGroup @currentParameters -id $Group.ID
+    }
+    elseif ($Ensure -eq 'Present' -and $currentGroup.Ensure -eq 'Absent')
+    {
+        New-AzureADMSGroup @currentParameters
+    }
+    elseif ($Ensure -eq 'Absent' -and $currentGroup.Ensure -eq 'Present')
+    {
+        $Group = Get-AzureADMSGroup -Filter "DisplayName eq '$DisplayName'"
+        Remove-AzureADMSGroup -Id $Group.ID
+    }
+}
+
+function Test-TargetResource
+{
+    [CmdletBinding()]
+    [OutputType([System.Boolean])]
+    param
+    (
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $DisplayName,
+
+        [Parameter()]
+        [System.String]
+        $Description,
+
+        [Parameter()]
+        [System.String[]]
+        $GroupTypes,
+
+        [Parameter()]
+        [System.String]
+        $MembershipRule,
+
+        [Parameter()]
+        [ValidateSet('On', 'Paused')]
+        [System.String]
+        $MembershipRuleProcessingState,
+
+        [Parameter()]
+        [System.Boolean]
+        $SecurityEnabled,
+
+        [Parameter()]
+        [System.Boolean]
+        $MailEnabled,
+
+        [Parameter()]
+        [System.String]
+        $MailNickname,
+
+        [Parameter()]
+        [ValidateSet('Public', 'Private', 'HiddenMembership')]
+        [System.String]
+        $Visibility,
+
+        [Parameter()]
+        [ValidateSet('Present', 'Absent')]
+        [System.String]
+        $Ensure = 'Present',
+
+        [Parameter(Mandatory = $true)]
+        [System.Management.Automation.PSCredential]
+        $GlobalAdminAccount
+    )
+
+    Write-Verbose -Message "Testing configuration of AzureAD Groups"
+
+    $CurrentValues = Get-TargetResource @PSBoundParameters
+
+    Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)"
+
+    $ValuesToCheck = $PSBoundParameters
+    $ValuesToCheck.Remove('GlobalAdminAccount') | Out-Null
+
+    $TestResult = Test-Microsoft365DSCParameterState -CurrentValues $CurrentValues `
+        -Source $($MyInvocation.MyCommand.Source) `
+        -DesiredValues $PSBoundParameters `
+        -ValuesToCheck $ValuesToCheck.Keys
+
+    Write-Verbose -Message "Test-TargetResource returned $TestResult"
+
+    return $TestResult
+}
+
+function Export-TargetResource
+{
+    [CmdletBinding()]
+    [OutputType([System.String])]
+    param
+    (
+        [Parameter(Mandatory = $true)]
+        [System.Management.Automation.PSCredential]
+        $GlobalAdminAccount
+    )
+    $InformationPreference = 'Continue'
+    #region Telemetry
+    $data = [System.Collections.Generic.Dictionary[[String], [String]]]::new()
+    $data.Add("Resource", $MyInvocation.MyCommand.ModuleName)
+    $data.Add("Method", $MyInvocation.MyCommand)
+    Add-M365DSCTelemetryEvent -Data $data
+    #endregion
+
+    Test-MSCloudLogin -CloudCredential $GlobalAdminAccount `
+    -Platform AzureAD
+
+    $groups = Get-AzureADMSGroup
+    $i = 1
+    $content = ''
+    foreach ($group in $groups)
+    {
+        $params = @{
+            GlobalAdminAccount = $GlobalAdminAccount
+            DisplayName        = $group.DisplayName
+        }
+        $result = Get-TargetResource @params
+        $result.GlobalAdminAccount = Resolve-Credentials -UserName "globaladmin"
+        $content += "        AADMSGroup " + (New-GUID).ToString() + "`r`n"
+        $content += "        {`r`n"
+        $currentDSCBlock = Get-DSCBlock -Params $result -ModulePath $PSScriptRoot
+        $content += Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "GlobalAdminAccount"
+        $content += "        }`r`n"
+        $i++
+    }
+    return $content
+}
+
+Export-ModuleMember -Function *-TargetResource
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADMSGroup/MSFT_AADMSGroup.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADMSGroup/MSFT_AADMSGroup.schema.mof
@@ -0,0 +1,15 @@
+[ClassVersion("1.0.0.0"), FriendlyName("AADMSGroup")]
+class MSFT_AADMSGroup : OMI_BaseResource
+{
+    [Key, Description("DisplayName of the AADMS Group")] String DisplayName;
+    [Write, Description("Specifies a description for the group.")] String Description;
+    [Write, Description("Specifies that the group is a dynamic group. To create a dynamic group, specify a value of DynamicMembership.")] String GroupTypes[];
+    [Write, Description("Specifies the membership rule for a dynamic group.")] String MembershipRule;
+    [Write, Description("Specifies the rule processing state. The acceptable values for this parameter are: On. Process the group rule or Paused. Stop processing the group rule."), ValueMap{"On","Paused"}, Values{"On","Paused"}] String MembershipRuleProcessingState;
+    [Write, Description("Specifies whether the group is security enabled. For security groups, this value must be $True.")] Boolean SecurityEnabled;
+    [Write, Description("Specifies whether this group is mail enabled. Currently, you cannot create mail enabled groups in Azure AD.")] Boolean MailEnabled;
+    [Write, Description("Specifies a mail nickname for the group. If MailEnabled is $False you must still specify a mail nickname.")] String MailNickname;
+    [Write, Description("This parameter determines the visibility of the group's content and members list."), ValueMap{"Public","Private","HiddenMembership"}, Values{"Public","Private","HiddenMembership"}] String Visibility;
+    [Write, Description("Specify if the Azure AD Group should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
+    [Required, Description("Credentials of the Azure Active Directory Admin"), EmbeddedInstance("MSFT_Credential")] String GlobalAdminAccount;
+};
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADMSGroup/Readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_AADMSGroup/Readme.md
@@ -0,0 +1,5 @@
+# AADMSGroup
+
+## Description
+
+This resource configures an Azure Active Directory Group.
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1
@@ -282,6 +282,27 @@ function Set-TargetResource
             }
         }
     }
+    elseif($Ensure -eq "Absent")
+    {
+        try 
+        {
+            [array]$existingO365Group = Get-UnifiedGroup -Identity $currentGroup.MailNickName
+        }
+        catch 
+        {
+            Write-Error -Message "Could not find group $($currrentGroup.MailNickName)"
+        }
+        if($existingO365Group.Length -eq 1)
+        {
+            Write-Verbose -Message "Removing O365Group $($existingO365Group.Name)"
+            Remove-UnifiedGroup -Identity $existingO365Group.Name -confirm:$false -Force
+        }
+        else
+        {
+            Write-Verbose -Message "There was more than one group identified with the name $($currentGroup.MailNickName)."
+            Write-Verbose -Message "No action taken. Please remove the group manually."
+        }
+    }
 }
 
 function Test-TargetResource