Merge pull request #5169 from NikCharlebois/AADDomain

AADDomain - Initial Release
microsoft · Oct 9, 2024 · d14db36 · d14db36
2 parents b0a5b32 + 7434a6e
commit d14db36
Show file tree

Hide file tree

Showing 10 changed files with 1,356 additions and 31 deletions.
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADDomain/MSFT_AADDomain.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADDomain/MSFT_AADDomain.psm1
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADDomain/MSFT_AADDomain.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADDomain/MSFT_AADDomain.schema.mof
@@ -0,0 +1,22 @@
+[ClassVersion("1.0.0.0"), FriendlyName("AADDomain")]
+class MSFT_AADDomain : OMI_BaseResource
+{
+    [Key, Description("Custom domain name.")] String Id;
+    [Write, Description("Indicates the configured authentication type for the domain. The value is either Managed or Federated. Managed indicates a cloud managed domain where Microsoft Entra ID performs user authentication. Federated indicates authentication is federated with an identity provider such as the tenant's on-premises Active Directory via Active Directory Federation Services.")] String AuthenticationType;
+    [Write, Description("This property is always null except when the verify action is used. When the verify action is used, a domain entity is returned in the response. The availabilityStatus property of the domain entity in the response is either AvailableImmediately or EmailVerifiedDomainTakeoverScheduled.")] String AvailabilityStatus;
+    [Write, Description("The value of the property is false if the DNS record management of the domain is delegated to Microsoft 365. Otherwise, the value is true. Not nullable")] Boolean IsAdminManaged;
+    [Write, Description("True if this is the default domain that is used for user creation. There's only one default domain per company. Not nullable.")] Boolean IsDefault;
+    [Write, Description("True if the domain is a verified root domain. Otherwise, false if the domain is a subdomain or unverified. Not nullable.")] Boolean IsRoot;
+    [Write, Description("True if the domain completed domain ownership verification. Not nullable.")] Boolean IsVerified;
+    [Write, Description("Specifies the number of days before a user receives notification that their password expires. If the property isn't set, a default value of 14 days is used.")] UInt32 PasswordNotificationWindowInDays;
+    [Write, Description("Specifies the length of time that a password is valid before it must be changed. If the property isn't set, a default value of 90 days is used.")] UInt32 PasswordValidityPeriodInDays;
+    [Write, Description("The capabilities assigned to the domain. Can include 0, 1 or more of following values: Email, Sharepoint, EmailInternalRelayOnly, OfficeCommunicationsOnline, SharePointDefaultDomain, FullRedelegation, SharePointPublic, OrgIdAuthentication, Yammer, Intune. The values that you can add or remove using the API include: Email, OfficeCommunicationsOnline, Yammer. Not nullable.")] String SupportedServices[];
+
+    [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Absent","Present"}, Values{"Absent","Present"}] string Ensure;
+    [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
+    [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
+    [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;
+    [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint;
+    [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
+    [Write, Description("Access token used for authentication.")] String AccessTokens[];
+};
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADDomain/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_AADDomain/readme.md
@@ -0,0 +1,6 @@
+
+# AADDomain
+
+## Description
+
+Configures custom domain names in Entra Id.
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADDomain/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADDomain/settings.json
@@ -0,0 +1,28 @@
+{
+    "resourceName": "AADDomain",
+    "description": "Configures custom domain names in Entra Id.",
+    "roles": {
+        "read": [],
+        "update": []
+    },
+    "permissions": {
+        "graph": {
+            "delegated": {
+                "read": [],
+                "update": []
+            },
+            "application": {
+                "read": [
+                    {
+                        "name": "Domain.Read.All"
+                    }
+                ],
+                "update": [
+                    {
+                        "name": "Domain.ReadWrite.All"
+                    }
+                ]
+            }
+        }
+    }
+}
diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADDomain/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADDomain/1-Create.ps1
@@ -0,0 +1,40 @@
+<#
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+#>
+
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+    node localhost
+    {
+        AADDomain "AADDomain-Contoso"
+        {
+            ApplicationId                    = $ApplicationId;
+            AuthenticationType               = "Managed";
+            CertificateThumbprint            = $CertificateThumbprint;
+            Ensure                           = "Present";
+            Id                               = "contoso.com";
+            IsAdminManaged                   = $True;
+            IsDefault                        = $True;
+            IsRoot                           = $True;
+            IsVerified                       = $True;
+            PasswordNotificationWindowInDays = 14;
+            PasswordValidityPeriodInDays     = 2147483647;
+            TenantId                         = $TenantId;
+        }
+    }
+}
diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADDomain/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADDomain/2-Update.ps1
@@ -0,0 +1,40 @@
+<#
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+#>
+
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+    node localhost
+    {
+        AADDomain "AADDomain-Contoso"
+        {
+            ApplicationId                    = $ApplicationId;
+            AuthenticationType               = "Managed";
+            CertificateThumbprint            = $CertificateThumbprint;
+            Ensure                           = "Present";
+            Id                               = "contoso.com";
+            IsAdminManaged                   = $True;
+            IsDefault                        = $True;
+            IsRoot                           = $True;
+            IsVerified                       = $False; #Drift
+            PasswordNotificationWindowInDays = 14;
+            PasswordValidityPeriodInDays     = 2147483647;
+            TenantId                         = $TenantId;
+        }
+    }
+}
diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADDomain/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADDomain/3-Remove.ps1
@@ -0,0 +1,33 @@
+<#
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+#>
+
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+    node localhost
+    {
+        AADDomain "AADDomain-Contoso"
+        {
+            ApplicationId                    = $ApplicationId;
+            CertificateThumbprint            = $CertificateThumbprint;
+            Ensure                           = "Absent";
+            Id                               = "contoso.com";
+            TenantId                         = $TenantId;
+        }
+    }
+}
diff --git a/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1
@@ -19,7 +19,11 @@ function New-M365DSCStubFiles
 
         [Parameter()]
         [System.Collections.Hashtable[]]
-        $Workloads
+        $Workloads,
+
+        [Parameter()]
+        [String[]]
+        $CmdletsList
     )
 
     if ($null -eq $Credential)
@@ -75,46 +79,67 @@ function New-M365DSCStubFiles
             @{Name = 'MicrosoftTeams'; ModuleName = 'MicrosoftTeams'; }
         )
     }
+    if ($null -ne $CmdletsList -and $CmdletsList.Length -gt 0)
+    {
+        $workloads = @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Authentication'}
+    }
 
     foreach ($Module in $workloads)
     {
-        Write-Host "Connecting to {$($Module.Name)}"
-        $ConnectionMode = New-M365DSCConnection -Workload ($Module.Name) `
-            -InboundParameters $PSBoundParameters
-
-        Write-Host "Generating Stubs for {$($Module.ModuleName)}..."
-        $CurrentModuleName = $Module.ModuleName
-
-        if ($null -eq $CurrentModuleName -or $Module.CommandName)
-        {
-            Write-Host "Loading proxy for $($Module.ModuleName)"
-            $foundModule = Get-Module | Where-Object -FilterScript { $_.ExportedCommands.Values.Name -ccontains $Module.CommandName }
-            $CurrentModuleName = $foundModule.Name
-            Import-Module $CurrentModuleName -Force -Global -ErrorAction SilentlyContinue
-        }
-        else
+        if ($null -eq $CmdletsList -or $CmdletsList.Length -eq 0)
         {
-            Import-Module $CurrentModuleName -Force -Global -ErrorAction SilentlyContinue
-            $ConnectionMode = New-M365DSCConnection -Workload $Module.Name `
+            Write-Host "Connecting to {$($Module.Name)}"
+            $ConnectionMode = New-M365DSCConnection -Workload ($Module.Name) `
                 -InboundParameters $PSBoundParameters
-        }
 
-        $cmdlets = Get-Command -CommandType 'Cmdlet' | Where-Object -FilterScript { $_.Source -eq $CurrentModuleName }
-        if ($null -eq $cmdlets -or $Module.ModuleName -eq 'MicrosoftTeams')
-        {
-            $cmdlets += Get-Command -CommandType 'Function' -Module $CurrentModuleName
-        }
+            Write-Host "Generating Stubs for {$($Module.ModuleName)}..."
+            $CurrentModuleName = $Module.ModuleName
 
-        try
-        {
-            $aliases = Get-Command -CommandType 'Alias' | Where-Object -FilterScript { $_.Source -eq $CurrentModuleName }
-            $cmdlets += $aliases
-            $cmdlets = $cmdlets | Select-Object -Unique
+            if ($null -eq $CurrentModuleName -or $Module.CommandName)
+            {
+                Write-Host "Loading proxy for $($Module.ModuleName)"
+                $foundModule = Get-Module | Where-Object -FilterScript { $_.ExportedCommands.Values.Name -ccontains $Module.CommandName }
+                $CurrentModuleName = $foundModule.Name
+                Import-Module $CurrentModuleName -Force -Global -ErrorAction SilentlyContinue
+            }
+            else
+            {
+                Import-Module $CurrentModuleName -Force -Global -ErrorAction SilentlyContinue
+                $ConnectionMode = New-M365DSCConnection -Workload $Module.Name `
+                    -InboundParameters $PSBoundParameters
+            }
+
+            $cmdlets = Get-Command -CommandType 'Cmdlet' | Where-Object -FilterScript { $_.Source -eq $CurrentModuleName }
+            if ($null -eq $cmdlets -or $Module.ModuleName -eq 'MicrosoftTeams')
+            {
+                $cmdlets += Get-Command -CommandType 'Function' -Module $CurrentModuleName
+            }
+
+            try
+            {
+                $aliases = Get-Command -CommandType 'Alias' | Where-Object -FilterScript { $_.Source -eq $CurrentModuleName }
+                $cmdlets += $aliases
+                $cmdlets = $cmdlets | Select-Object -Unique
+            }
+            catch
+            {
+                Write-Verbose -Message $_
+            }
         }
-        catch
+        else
         {
-            Write-Verbose -Message $_
+            $cmdlets = @()
+            foreach ($entry in $CmdletsList)
+            {
+                $command = Get-Command $entry -ErrorAction SilentlyContinue
+                if ($null -ne $command)
+                {
+                    $CurrentModuleName = $command.ModuleName
+                    $cmdlets += $command
+                }
+            }
         }
+
         $StubContent = [System.Text.StringBuilder]::New()
         $i = 1
         foreach ($cmdlet in $cmdlets)