-
Notifications
You must be signed in to change notification settings - Fork 491
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from desmay/AADMSGroup
Aadms group
- Loading branch information
Showing
26 changed files
with
1,026 additions
and
100 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
296 changes: 296 additions & 0 deletions
296
Modules/Microsoft365DSC/DSCResources/MSFT_AADMSGroup/MSFT_AADMSGroup.psm1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,296 @@ | ||
function Get-TargetResource | ||
{ | ||
[CmdletBinding()] | ||
[OutputType([System.Collections.Hashtable])] | ||
param | ||
( | ||
[Parameter(Mandatory = $true)] | ||
[System.String] | ||
$DisplayName, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$Description, | ||
|
||
[Parameter()] | ||
[System.String[]] | ||
$GroupTypes, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$MembershipRule, | ||
|
||
[Parameter()] | ||
[ValidateSet('On', 'Paused')] | ||
[System.String] | ||
$MembershipRuleProcessingState, | ||
|
||
[Parameter()] | ||
[System.Boolean] | ||
$SecurityEnabled, | ||
|
||
[Parameter()] | ||
[System.Boolean] | ||
$MailEnabled, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$MailNickname, | ||
|
||
[Parameter()] | ||
[ValidateSet('Public', 'Private', 'HiddenMembership')] | ||
[System.String] | ||
$Visibility, | ||
|
||
[Parameter()] | ||
[ValidateSet('Present', 'Absent')] | ||
[System.String] | ||
$Ensure = 'Present', | ||
|
||
[Parameter(Mandatory = $true)] | ||
[System.Management.Automation.PSCredential] | ||
$GlobalAdminAccount | ||
) | ||
|
||
Write-Verbose -Message "Getting configuration of AzureAD Group" | ||
#region Telemetry | ||
$data = [System.Collections.Generic.Dictionary[[String], [String]]]::new() | ||
$data.Add("Resource", $MyInvocation.MyCommand.ModuleName) | ||
$data.Add("Method", $MyInvocation.MyCommand) | ||
Add-M365DSCTelemetryEvent -Data $data | ||
#endregion | ||
|
||
Test-MSCloudLogin -CloudCredential $GlobalAdminAccount ` | ||
-Platform AzureAD | ||
|
||
$Group = Get-AzureADMSGroup -Filter "DisplayName eq '$DisplayName'" | ||
|
||
if ($null -eq $Group) | ||
{ | ||
$currentValues = $PSBoundParameters | ||
$currentValues.Ensure = "Absent" | ||
return $currentValues | ||
} | ||
else | ||
{ | ||
Write-Verbose -Message "Found existing AzureAD Group" | ||
$result = @{ | ||
DisplayName = $Group.DisplayName | ||
Description = $Group.Description | ||
GroupTypes = [System.String[]]$Group.GroupTypes | ||
MembershipRule = $Group.MembershipRule | ||
MembershipRuleProcessingState = $Group.MembershipRuleProcessingState | ||
SecurityEnabled = $Group.SecurityEnabled | ||
MailEnabled = $Group.MailEnabled | ||
MailNickname = $Group.MailNickname | ||
Visibility = $Group.Visibility | ||
Ensure = "Present" | ||
GlobalAdminAccount = $GlobalAdminAccount | ||
} | ||
|
||
Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" | ||
return $result | ||
} | ||
} | ||
|
||
function Set-TargetResource | ||
{ | ||
[CmdletBinding()] | ||
param | ||
( | ||
[Parameter(Mandatory = $true)] | ||
[System.String] | ||
$DisplayName, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$Description, | ||
|
||
[Parameter()] | ||
[System.String[]] | ||
$GroupTypes, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$MembershipRule, | ||
|
||
[Parameter()] | ||
[ValidateSet('On', 'Paused')] | ||
[System.String] | ||
$MembershipRuleProcessingState, | ||
|
||
[Parameter()] | ||
[System.Boolean] | ||
$SecurityEnabled, | ||
|
||
[Parameter()] | ||
[System.Boolean] | ||
$MailEnabled, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$MailNickname, | ||
|
||
[Parameter()] | ||
[ValidateSet('Public', 'Private', 'HiddenMembership')] | ||
[System.String] | ||
$Visibility, | ||
|
||
[Parameter()] | ||
[ValidateSet('Present', 'Absent')] | ||
[System.String] | ||
$Ensure = 'Present', | ||
|
||
[Parameter(Mandatory = $true)] | ||
[System.Management.Automation.PSCredential] | ||
$GlobalAdminAccount | ||
) | ||
|
||
Write-Verbose -Message "Setting configuration of Azure AD Groups" | ||
#region Telemetry | ||
$data = [System.Collections.Generic.Dictionary[[String], [String]]]::new() | ||
$data.Add("Resource", $MyInvocation.MyCommand.ModuleName) | ||
$data.Add("Method", $MyInvocation.MyCommand) | ||
Add-M365DSCTelemetryEvent -Data $data | ||
#endregion | ||
|
||
Test-MSCloudLogin -CloudCredential $GlobalAdminAccount ` | ||
-Platform AzureAD | ||
|
||
$currentGroup = Get-TargetResource @PSBoundParameters | ||
$currentParameters = $PSBoundParameters | ||
$currentParameters.Remove("GlobalAdminAccount") | ||
$currentParameters.Remove("Ensure") | ||
|
||
if ($Ensure -eq 'Present' -and $currentGroup.Ensure -eq 'Present') | ||
{ | ||
$Group = Get-AzureADMSGroup -Filter "DisplayName eq '$DisplayName'" | ||
Set-AzureADMSGroup @currentParameters -id $Group.ID | ||
} | ||
elseif ($Ensure -eq 'Present' -and $currentGroup.Ensure -eq 'Absent') | ||
{ | ||
New-AzureADMSGroup @currentParameters | ||
} | ||
elseif ($Ensure -eq 'Absent' -and $currentGroup.Ensure -eq 'Present') | ||
{ | ||
$Group = Get-AzureADMSGroup -Filter "DisplayName eq '$DisplayName'" | ||
Remove-AzureADMSGroup -Id $Group.ID | ||
} | ||
} | ||
|
||
function Test-TargetResource | ||
{ | ||
[CmdletBinding()] | ||
[OutputType([System.Boolean])] | ||
param | ||
( | ||
[Parameter(Mandatory = $true)] | ||
[System.String] | ||
$DisplayName, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$Description, | ||
|
||
[Parameter()] | ||
[System.String[]] | ||
$GroupTypes, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$MembershipRule, | ||
|
||
[Parameter()] | ||
[ValidateSet('On', 'Paused')] | ||
[System.String] | ||
$MembershipRuleProcessingState, | ||
|
||
[Parameter()] | ||
[System.Boolean] | ||
$SecurityEnabled, | ||
|
||
[Parameter()] | ||
[System.Boolean] | ||
$MailEnabled, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$MailNickname, | ||
|
||
[Parameter()] | ||
[ValidateSet('Public', 'Private', 'HiddenMembership')] | ||
[System.String] | ||
$Visibility, | ||
|
||
[Parameter()] | ||
[ValidateSet('Present', 'Absent')] | ||
[System.String] | ||
$Ensure = 'Present', | ||
|
||
[Parameter(Mandatory = $true)] | ||
[System.Management.Automation.PSCredential] | ||
$GlobalAdminAccount | ||
) | ||
|
||
Write-Verbose -Message "Testing configuration of AzureAD Groups" | ||
|
||
$CurrentValues = Get-TargetResource @PSBoundParameters | ||
|
||
Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" | ||
|
||
$ValuesToCheck = $PSBoundParameters | ||
$ValuesToCheck.Remove('GlobalAdminAccount') | Out-Null | ||
|
||
$TestResult = Test-Microsoft365DSCParameterState -CurrentValues $CurrentValues ` | ||
-Source $($MyInvocation.MyCommand.Source) ` | ||
-DesiredValues $PSBoundParameters ` | ||
-ValuesToCheck $ValuesToCheck.Keys | ||
|
||
Write-Verbose -Message "Test-TargetResource returned $TestResult" | ||
|
||
return $TestResult | ||
} | ||
|
||
function Export-TargetResource | ||
{ | ||
[CmdletBinding()] | ||
[OutputType([System.String])] | ||
param | ||
( | ||
[Parameter(Mandatory = $true)] | ||
[System.Management.Automation.PSCredential] | ||
$GlobalAdminAccount | ||
) | ||
$InformationPreference = 'Continue' | ||
#region Telemetry | ||
$data = [System.Collections.Generic.Dictionary[[String], [String]]]::new() | ||
$data.Add("Resource", $MyInvocation.MyCommand.ModuleName) | ||
$data.Add("Method", $MyInvocation.MyCommand) | ||
Add-M365DSCTelemetryEvent -Data $data | ||
#endregion | ||
|
||
Test-MSCloudLogin -CloudCredential $GlobalAdminAccount ` | ||
-Platform AzureAD | ||
|
||
$groups = Get-AzureADMSGroup | ||
$i = 1 | ||
$content = '' | ||
foreach ($group in $groups) | ||
{ | ||
$params = @{ | ||
GlobalAdminAccount = $GlobalAdminAccount | ||
DisplayName = $group.DisplayName | ||
} | ||
$result = Get-TargetResource @params | ||
$result.GlobalAdminAccount = Resolve-Credentials -UserName "globaladmin" | ||
$content += " AADMSGroup " + (New-GUID).ToString() + "`r`n" | ||
$content += " {`r`n" | ||
$currentDSCBlock = Get-DSCBlock -Params $result -ModulePath $PSScriptRoot | ||
$content += Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "GlobalAdminAccount" | ||
$content += " }`r`n" | ||
$i++ | ||
} | ||
return $content | ||
} | ||
|
||
Export-ModuleMember -Function *-TargetResource |
15 changes: 15 additions & 0 deletions
15
Modules/Microsoft365DSC/DSCResources/MSFT_AADMSGroup/MSFT_AADMSGroup.schema.mof
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
[ClassVersion("1.0.0.0"), FriendlyName("AADMSGroup")] | ||
class MSFT_AADMSGroup : OMI_BaseResource | ||
{ | ||
[Key, Description("DisplayName of the AADMS Group")] String DisplayName; | ||
[Write, Description("Specifies a description for the group.")] String Description; | ||
[Write, Description("Specifies that the group is a dynamic group. To create a dynamic group, specify a value of DynamicMembership.")] String GroupTypes[]; | ||
[Write, Description("Specifies the membership rule for a dynamic group.")] String MembershipRule; | ||
[Write, Description("Specifies the rule processing state. The acceptable values for this parameter are: On. Process the group rule or Paused. Stop processing the group rule."), ValueMap{"On","Paused"}, Values{"On","Paused"}] String MembershipRuleProcessingState; | ||
[Write, Description("Specifies whether the group is security enabled. For security groups, this value must be $True.")] Boolean SecurityEnabled; | ||
[Write, Description("Specifies whether this group is mail enabled. Currently, you cannot create mail enabled groups in Azure AD.")] Boolean MailEnabled; | ||
[Write, Description("Specifies a mail nickname for the group. If MailEnabled is $False you must still specify a mail nickname.")] String MailNickname; | ||
[Write, Description("This parameter determines the visibility of the group's content and members list."), ValueMap{"Public","Private","HiddenMembership"}, Values{"Public","Private","HiddenMembership"}] String Visibility; | ||
[Write, Description("Specify if the Azure AD Group should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; | ||
[Required, Description("Credentials of the Azure Active Directory Admin"), EmbeddedInstance("MSFT_Credential")] String GlobalAdminAccount; | ||
}; |
5 changes: 5 additions & 0 deletions
5
Modules/Microsoft365DSC/DSCResources/MSFT_AADMSGroup/Readme.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
# AADMSGroup | ||
|
||
## Description | ||
|
||
This resource configures an Azure Active Directory Group. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.