diff --git a/CHANGELOG.md b/CHANGELOG.md index 15a3f8fe6..e377310cd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -41,6 +41,10 @@ [new helper functions for localization](https://github.com/PowerShell/DscResources/blob/master/StyleGuidelines.md#helper-functions-for-localization) ([issue #316](https://github.com/PowerShell/ActiveDirectoryDsc/issues/316), [issue #317](https://github.com/PowerShell/ActiveDirectoryDsc/issues/317)). + - Removed the alias `DomainAdministratorCredential` from the parameter + `Credential` in the function `Restore-ADCommonObject` + - Removed the alias `DomainAdministratorCredential` from the parameter + `Credential` in the function `Get-ADCommonParameters` - Updated all the examples files to be prefixed with the resource name so they are more easily discovered in PowerShell Gallery and Azure Automation ([issue #416](https://github.com/PowerShell/ActiveDirectoryDsc/issues/416)). @@ -52,6 +56,9 @@ - BREAKING CHANGE: The previously made obsolete parameter `Enabled` has been removed and is now a read-only property. See resource documentation how to enforce the `Enabled` property. + - BREAKING CHANGE: Renamed the parameter `DomainAdministratorCredential` + to `Credential` to better indicate that it is possible to impersonate + any credential with enough permission to perform the task ([issue #269](https://github.com/PowerShell/ActiveDirectoryDsc/issues/269)). - Fixed the GUID in Example 3-AddComputerAccountSpecificPath_Config ([issue #410](https://github.com/PowerShell/ActiveDirectoryDsc/issues/410)). - Changes to ADOrganizationalUnit @@ -74,6 +81,9 @@ distinguished name and parameter Credential is used ([issue #451](https://github.com/PowerShell/ActiveDirectoryDsc/issues/451)). - Added integration tests ([issue #359](https://github.com/PowerShell/ActiveDirectoryDsc/issues/359)). - Changes to ADDomain + - BREAKING CHANGE: Renamed the parameter `DomainAdministratorCredential` + to `Credential` to better indicate that it is possible to impersonate + any credential with enough permission to perform the task ([issue #269](https://github.com/PowerShell/ActiveDirectoryDsc/issues/269)). - Updated tests and replaced `Write-Error` with `throw` ([issue #332](https://github.com/PowerShell/ActiveDirectoryDsc/pull/332)). - Added comment-based help ([issue #335](https://github.com/PowerShell/ActiveDirectoryDsc/issues/335)). @@ -86,6 +96,9 @@ - Minor change to the unit tests that did not correct assert the localized string when an account is not found. - Changes to ADDomainTrust + - BREAKING CHANGE: Renamed the parameter `TargetDomainAdministratorCredential` + to `TargetCredential` to better indicate that it is possible to impersonate + any credential with enough permission to perform the task ([issue #269](https://github.com/PowerShell/ActiveDirectoryDsc/issues/269)). - Refactored the resource to enable unit tests, and at the same time changed it to use the same code pattern as the resource xADObjectEnabledState. - Added unit tests ([issue #324](https://github.com/PowerShell/ActiveDirectoryDsc/issues/324)). @@ -94,6 +107,9 @@ - Changes to WaitForADDomain - Added comment-based help ([issue #341](https://github.com/PowerShell/ActiveDirectoryDsc/issues/341)) - Changes to ADDomainController + - BREAKING CHANGE: Renamed the parameter `DomainAdministratorCredential` + to `Credential` to better indicate that it is possible to impersonate + any credential with enough permission to perform the task ([issue #269](https://github.com/PowerShell/ActiveDirectoryDsc/issues/269)). - Add support for creating Read-Only Domain Controller (RODC) ([issue #40](https://github.com/PowerShell/ActiveDirectoryDsc/issues/40)). [Svilen @SSvilen](https://github.com/SSvilen) diff --git a/DSCResources/MSFT_ADComputer/MSFT_ADComputer.psm1 b/DSCResources/MSFT_ADComputer/MSFT_ADComputer.psm1 index 89c26b707..8084cbf23 100644 --- a/DSCResources/MSFT_ADComputer/MSFT_ADComputer.psm1 +++ b/DSCResources/MSFT_ADComputer/MSFT_ADComputer.psm1 @@ -81,7 +81,7 @@ $script:computerObjectPropertyMap = @( Used by Get-ADCommonParameters and is returned as a common parameter. - .PARAMETER DomainAdministratorCredential + .PARAMETER Credential Specifies the user account credentials to use to perform the task. Used by Get-ADCommonParameters and is returned as a common parameter. @@ -114,7 +114,7 @@ function Get-TargetResource [ValidateNotNull()] [System.Management.Automation.PSCredential] [System.Management.Automation.CredentialAttribute()] - $DomainAdministratorCredential, + $Credential, [Parameter()] [ValidateNotNull()] @@ -134,25 +134,25 @@ function Get-TargetResource Computer account object. #> $getTargetResourceReturnValue = @{ - Ensure = 'Absent' - ComputerName = $null - Location = $null - DnsHostName = $null - ServicePrincipalNames = $null - UserPrincipalName = $null - DisplayName = $null - Path = $null - Description = $null - Enabled = $false - Manager = $null - DomainController = $DomainController - DomainAdministratorCredential = $DomainAdministratorCredential - RequestFile = $RequestFile - RestoreFromRecycleBin = $RestoreFromRecycleBin - EnabledOnCreation = $EnabledOnCreation - DistinguishedName = $null - SID = $null - SamAccountName = $null + Ensure = 'Absent' + ComputerName = $null + Location = $null + DnsHostName = $null + ServicePrincipalNames = $null + UserPrincipalName = $null + DisplayName = $null + Path = $null + Description = $null + Enabled = $false + Manager = $null + DomainController = $DomainController + Credential = $Credential + RequestFile = $RequestFile + RestoreFromRecycleBin = $RestoreFromRecycleBin + EnabledOnCreation = $EnabledOnCreation + DistinguishedName = $null + SID = $null + SamAccountName = $null } $getADComputerResult = $null @@ -200,7 +200,7 @@ function Get-TargetResource $getTargetResourceReturnValue['Enabled'] = $getADComputerResult.Enabled $getTargetResourceReturnValue['Manager'] = $getADComputerResult.ManagedBy $getTargetResourceReturnValue['DomainController'] = $DomainController - $getTargetResourceReturnValue['DomainAdministratorCredential'] = $DomainAdministratorCredential + $getTargetResourceReturnValue['Credential'] = $Credential $getTargetResourceReturnValue['RequestFile'] = $RequestFile $getTargetResourceReturnValue['RestoreFromRecycleBin'] = $RestoreFromRecycleBin $getTargetResourceReturnValue['EnabledOnCreation'] = $EnabledOnCreation @@ -266,7 +266,7 @@ function Get-TargetResource .PARAMETER DomainController Specifies the Active Directory Domain Services instance to connect to perform the task. - .PARAMETER DomainAdministratorCredential + .PARAMETER Credential Specifies the user account credentials to use to perform the task. .PARAMETER RestoreFromRecycleBin @@ -351,7 +351,7 @@ function Test-TargetResource [ValidateNotNull()] [System.Management.Automation.PSCredential] [System.Management.Automation.CredentialAttribute()] - $DomainAdministratorCredential, + $Credential, [Parameter()] [ValidateNotNull()] @@ -369,12 +369,12 @@ function Test-TargetResource ) $getTargetResourceParameters = @{ - ComputerName = $ComputerName - RequestFile = $RequestFile - DomainController = $DomainController - DomainAdministratorCredential = $DomainAdministratorCredential - RestoreFromRecycleBin = $RestoreFromRecycleBin - EnabledOnCreation = $EnabledOnCreation + ComputerName = $ComputerName + RequestFile = $RequestFile + DomainController = $DomainController + Credential = $Credential + RestoreFromRecycleBin = $RestoreFromRecycleBin + EnabledOnCreation = $EnabledOnCreation } # Need the @() around this to get a new array to enumerate. @@ -512,7 +512,7 @@ function Test-TargetResource .PARAMETER DomainController Specifies the Active Directory Domain Services instance to connect to perform the task. - .PARAMETER DomainAdministratorCredential + .PARAMETER Credential Specifies the user account credentials to use to perform the task. .PARAMETER RestoreFromRecycleBin @@ -595,7 +595,7 @@ function Set-TargetResource [ValidateNotNull()] [System.Management.Automation.PSCredential] [System.Management.Automation.CredentialAttribute()] - $DomainAdministratorCredential, + $Credential, [Parameter()] [ValidateNotNull()] @@ -609,12 +609,12 @@ function Set-TargetResource ) $getTargetResourceParameters = @{ - ComputerName = $ComputerName - RequestFile = $RequestFile - DomainController = $DomainController - DomainAdministratorCredential = $DomainAdministratorCredential - RestoreFromRecycleBin = $RestoreFromRecycleBin - EnabledOnCreation = $EnabledOnCreation + ComputerName = $ComputerName + RequestFile = $RequestFile + DomainController = $DomainController + Credential = $Credential + RestoreFromRecycleBin = $RestoreFromRecycleBin + EnabledOnCreation = $EnabledOnCreation } # Need the @() around this to get a new array to enumerate. diff --git a/DSCResources/MSFT_ADComputer/MSFT_ADComputer.schema.mof b/DSCResources/MSFT_ADComputer/MSFT_ADComputer.schema.mof index 5ca159ffe..868a496ac 100644 --- a/DSCResources/MSFT_ADComputer/MSFT_ADComputer.schema.mof +++ b/DSCResources/MSFT_ADComputer/MSFT_ADComputer.schema.mof @@ -11,7 +11,7 @@ class MSFT_ADComputer : OMI_BaseResource [Write, Description("Specifies a description of the computer account.")] String Description; [Write, Description("Specifies the user or group Distinguished Name that manages the computer account. Valid values are the user's or group's DistinguishedName, ObjectGUID, SID or SamAccountName.")] String Manager; [Write, Description("Specifies the Active Directory Domain Services instance to connect to perform the task.")] String DomainController; - [Write, Description("Specifies the user account credentials to use to perform the task."), EmbeddedInstance("MSFT_Credential")] String DomainAdministratorCredential; + [Write, Description("Specifies the user account credentials to use to perform the task."), EmbeddedInstance("MSFT_Credential")] String Credential; [Write, Description("Specifies the full path to the Offline Domain Join Request file to create.")] String RequestFile; [Write, Description("Specifies whether the computer account is present or absent. Default value is 'Present'."), ValueMap{"Present", "Absent"},Values{"Present", "Absent"}] String Ensure; [Write, Description("Try to restore the computer account from the recycle bin before creating a new one.")] Boolean RestoreFromRecycleBin; diff --git a/DSCResources/MSFT_ADComputer/en-US/about_ADComputer.help.txt b/DSCResources/MSFT_ADComputer/en-US/about_ADComputer.help.txt index 681fada5a..ebe5b7e28 100644 --- a/DSCResources/MSFT_ADComputer/en-US/about_ADComputer.help.txt +++ b/DSCResources/MSFT_ADComputer/en-US/about_ADComputer.help.txt @@ -1,4 +1,4 @@ -.NAME +.NAME ADComputer .DESCRIPTION @@ -57,7 +57,7 @@ Write - String Specifies the Active Directory Domain Services instance to connect to perform the task. -.PARAMETER DomainAdministratorCredential +.PARAMETER Credential Write - String Specifies the user account credentials to use to perform the task. @@ -106,7 +106,7 @@ Configuration ADComputer_AddComputerAccount_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -116,12 +116,16 @@ Configuration ADComputer_AddComputerAccount_Config ADComputer 'CreateEnabled_SQL01' { ComputerName = 'SQL01' + + PsDscRunAsCredential = $Credential } ADComputer 'CreateEnabled_SQL02' { ComputerName = 'SQL02' EnabledOnCreation = $true + + PsDscRunAsCredential = $Credential } } } @@ -138,7 +142,7 @@ Configuration ADComputer_AddComputerAccountDisabled_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -149,6 +153,8 @@ Configuration ADComputer_AddComputerAccountDisabled_Config { ComputerName = 'CLU_CNO01' EnabledOnCreation = $false + + PsDscRunAsCredential = $Credential } } } @@ -166,7 +172,7 @@ Configuration ADComputer_AddComputerAccountSpecificPath_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -175,10 +181,10 @@ Configuration ADComputer_AddComputerAccountSpecificPath_Config { ADComputer 'CreateComputerAccount' { - DomainController = 'DC01' - ComputerName = 'SQL01' - Path = 'OU=Servers,DC=contoso,DC=com' - DomainAdministratorCredential = $DomainAdministratorCredential + DomainController = 'DC01' + ComputerName = 'SQL01' + Path = 'OU=Servers,DC=contoso,DC=com' + Credential = $Credential } } } @@ -197,7 +203,7 @@ Configuration ADComputer_AddComputerAccountAndCreateODJRequest_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -206,11 +212,11 @@ Configuration ADComputer_AddComputerAccountAndCreateODJRequest_Config { ADComputer 'CreateComputerAccount' { - DomainController = 'DC01' - ComputerName = 'NANO-200' - Path = 'OU=Servers,DC=contoso,DC=com' - RequestFile = 'D:\ODJFiles\NANO-200.txt' - DomainAdministratorCredential = $DomainAdministratorCredential + DomainController = 'DC01' + ComputerName = 'NANO-200' + Path = 'OU=Servers,DC=contoso,DC=com' + RequestFile = 'D:\ODJFiles\NANO-200.txt' + Credential = $Credential } } } diff --git a/DSCResources/MSFT_ADDomain/MSFT_ADDomain.psm1 b/DSCResources/MSFT_ADDomain/MSFT_ADDomain.psm1 index c0bf49cce..c2894616c 100644 --- a/DSCResources/MSFT_ADDomain/MSFT_ADDomain.psm1 +++ b/DSCResources/MSFT_ADDomain/MSFT_ADDomain.psm1 @@ -53,8 +53,9 @@ function Get-TrackingFilename .PARAMETER DomainName The fully qualified domain name (FQDN) of the new domain. - .PARAMETER DomainAdministratorCredential - Credentials used to query for domain existence. + .PARAMETER Credential + Specifies the user name and password that corresponds to the account + used to install the domain controller. .PARAMETER SafemodeAdministratorPassword Password for the administrator account when the computer is started in Safe Mode. @@ -95,7 +96,7 @@ function Get-TargetResource [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential, + $Credential, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] @@ -164,8 +165,8 @@ function Get-TargetResource else { Write-Verbose ($script:localizedData.QueryDomainWithCredential -f $domainFQDN) - $domain = Get-ADDomain -Identity $domainFQDN -Credential $DomainAdministratorCredential -ErrorAction Stop - $forest = Get-ADForest -Identity $domain.Forest -Credential $DomainAdministratorCredential -ErrorAction Stop + $domain = Get-ADDomain -Identity $domainFQDN -Credential $Credential -ErrorAction Stop + $forest = Get-ADForest -Identity $domain.Forest -Credential $Credential -ErrorAction Stop } <# @@ -237,8 +238,9 @@ function Get-TargetResource .PARAMETER DomainName The fully qualified domain name (FQDN) of the new domain. - .PARAMETER DomainAdministratorCredential - Credentials used to query for domain existence. + .PARAMETER Credential + Specifies the user name and password that corresponds to the account + used to install the domain controller. .PARAMETER SafemodeAdministratorPassword Password for the administrator account when the computer is started in Safe Mode. @@ -279,7 +281,7 @@ function Test-TargetResource [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential, + $Credential, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] @@ -376,8 +378,9 @@ function Test-TargetResource .PARAMETER DomainName The fully qualified domain name (FQDN) of the new domain. - .PARAMETER DomainAdministratorCredential - Credentials used to query for domain existence. + .PARAMETER Credential + Specifies the user name and password that corresponds to the account + used to install the domain controller. .PARAMETER SafemodeAdministratorPassword Password for the administrator account when the computer is started in Safe Mode. @@ -429,7 +432,7 @@ function Set-TargetResource [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential, + $Credential, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] @@ -517,7 +520,7 @@ function Set-TargetResource if ($PSBoundParameters.ContainsKey('ParentDomainName')) { Write-Verbose -Message ($script:localizedData.CreatingChildDomain -f $DomainName, $ParentDomainName) - $installADDSParams['Credential'] = $DomainAdministratorCredential + $installADDSParams['Credential'] = $Credential $installADDSParams['NewDomainName'] = $DomainName $installADDSParams['ParentDomainName'] = $ParentDomainName $installADDSParams['DomainType'] = 'ChildDomain' diff --git a/DSCResources/MSFT_ADDomain/MSFT_ADDomain.schema.mof b/DSCResources/MSFT_ADDomain/MSFT_ADDomain.schema.mof index 56c1de216..99488a5fe 100644 --- a/DSCResources/MSFT_ADDomain/MSFT_ADDomain.schema.mof +++ b/DSCResources/MSFT_ADDomain/MSFT_ADDomain.schema.mof @@ -2,7 +2,7 @@ class MSFT_ADDomain : OMI_BaseResource { [Key, Description("The fully qualified domain name (FQDN) of the new domain.")] String DomainName; - [Required, Description("Credentials used to query for domain existence."), EmbeddedInstance("MSFT_Credential")] String DomainAdministratorCredential; + [Required, Description("Specifies the user name and password that corresponds to the account used to install the domain controller."), EmbeddedInstance("MSFT_Credential")] String Credential; [Required, Description("Password for the administrator account when the computer is started in Safe Mode."), EmbeddedInstance("MSFT_Credential")] String SafemodeAdministratorPassword; [Write, Description("Fully qualified domain name (FQDN) of the parent domain.")] String ParentDomainName; [Write, Description("NetBIOS name for the new domain.")] String DomainNetbiosName; diff --git a/DSCResources/MSFT_ADDomain/en-US/about_ADDomain.help.txt b/DSCResources/MSFT_ADDomain/en-US/about_ADDomain.help.txt index 75f1bfd3a..7675b8f66 100644 --- a/DSCResources/MSFT_ADDomain/en-US/about_ADDomain.help.txt +++ b/DSCResources/MSFT_ADDomain/en-US/about_ADDomain.help.txt @@ -1,4 +1,4 @@ -.NAME +.NAME ADDomain .DESCRIPTION @@ -12,9 +12,9 @@ Key - String The fully qualified domain name (FQDN) of the new domain. -.PARAMETER DomainAdministratorCredential +.PARAMETER Credential Required - String - Credentials used to query for domain existence. + Specifies the user name and password that corresponds to the account used to install the domain controller. .PARAMETER SafemodeAdministratorPassword Required - String @@ -66,13 +66,18 @@ Configuration ADDomain_NewForest_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources Import-DscResource -ModuleName ActiveDirectoryDsc - node $AllNodes.NodeName + node 'localhost' { WindowsFeature 'ADDS' { @@ -86,26 +91,16 @@ Configuration ADDomain_NewForest_Config Ensure = 'Present' } - ADDomain $Node.DomainName + ADDomain 'contoso.com' { - DomainName = $Node.DomainName - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential - ForestMode = $Node.FFL + DomainName = 'contoso.com' + Credential = $Credential + SafemodeAdministratorPassword = $SafeModePassword + ForestMode = 'WinThreshold' } } } -$ConfigurationData = @{ - AllNodes = @( - @{ - NodeName = 'localhost' - FFL = 'WinThreshold' - DomainName = 'contoso.com' - } - ) -} - .EXAMPLE 2 This configuration will create a new child domain in an existing forest with @@ -118,13 +113,18 @@ Configuration ADDomain_NewChildDomain_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources Import-DscResource -ModuleName ActiveDirectoryDsc - node $AllNodes.NodeName + node 'localhost' { WindowsFeature 'ADDS' { @@ -138,263 +138,15 @@ Configuration ADDomain_NewChildDomain_Config Ensure = 'Present' } - ADDomain $Node.DomainName + ADDomain 'child' { - DomainName = $Node.DomainName - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential - DomainMode = $Node.DFL - ParentDomainName = $node.ParentDomain + DomainName = 'child' + Credential = $Credential + SafemodeAdministratorPassword = $SafeModePassword + DomainMode = 'Win2012R2' + ParentDomainName = 'contoso.com' } } } -$ConfigurationData = @{ - AllNodes = @( - @{ - NodeName = 'localhost' - DFL = 'Win2012R2' - DomainName = 'child' - ParentDomain = 'contoso.com' - } - ) -} - -.EXAMPLE 3 - -This configuration will create a domain, and then create a child domain on -another node. - -Configuration ADDomain_NewForestWithParentAndChildDomain_Config -{ - param - ( - [Parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $SafemodeAdministratorCred, - - [Parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $DomainCred, - - [Parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $DnsDelegationCred, - - [Parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $NewADUserCred - ) - - Import-DscResource -ModuleName ActiveDirectoryDsc - - Node $AllNodes.Where{ $_.Role -eq 'Parent DC' }.NodeName - { - WindowsFeature 'ADDSInstall' - { - Ensure = 'Present' - Name = 'AD-Domain-Services' - } - - ADDomain 'FirstDS' - { - DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $SafemodeAdministratorCred - DnsDelegationCredential = $DnsDelegationCred - DependsOn = '[WindowsFeature]ADDSInstall' - } - - WaitForADDomain 'DscForestWait' - { - DomainName = $Node.DomainName - DomainUserCredential = $domainCred - RetryCount = $Node.RetryCount - RetryIntervalSec = $Node.RetryIntervalSec - DependsOn = '[ADDomain]FirstDS' - } - - ADUser 'FirstUser' - { - DomainName = $Node.DomainName - DomainAdministratorCredential = $domaincred - UserName = 'dummy' - Password = $NewADUserCred - Ensure = 'Present' - DependsOn = '[WaitForADDomain]DscForestWait' - } - - } - - Node $AllNodes.Where{ $_.Role -eq 'Child DC' }.NodeName - { - WindowsFeature 'ADDSInstall' - { - Ensure = 'Present' - Name = 'AD-Domain-Services' - } - - WaitForADDomain 'DscForestWait' - { - DomainName = $Node.ParentDomainName - DomainUserCredential = $domainCred - RetryCount = $Node.RetryCount - RetryIntervalSec = $Node.RetryIntervalSec - DependsOn = '[WindowsFeature]ADDSInstall' - } - - ADDomain 'ChildDS' - { - DomainName = $Node.DomainName - ParentDomainName = $Node.ParentDomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $SafemodeAdministratorCred - DependsOn = '[WaitForADDomain]DscForestWait' - } - } -} - -$ConfigurationData = @{ - AllNodes = @( - @{ - NodeName = 'dsc-testNode1' - Role = 'Parent DC' - DomainName = 'dsc-test.contoso.com' - CertificateFile = 'C:\publicKeys\targetNode.cer' - Thumbprint = 'AC23EA3A9E291A75757A556D0B71CBBF8C4F6FD8' - RetryCount = 50 - RetryIntervalSec = 30 - }, - - @{ - NodeName = 'dsc-testNode2' - Role = 'Child DC' - DomainName = 'dsc-child' - ParentDomainName = 'dsc-test.contoso.com' - CertificateFile = 'C:\publicKeys\targetNode.cer' - Thumbprint = 'AC23EA3A9E291A75757A556D0B71CBBF8C4F6FD8' - RetryCount = 50 - RetryIntervalSec = 30 - } - ) -} - -.EXAMPLE 4 - -This configuration will create a highly available domain by adding -a second domain controller to the newly created domain. -The WaitForDomain resource is used to ensure that the domain is -present before the second domain controller is added. - -Configuration ADDomain_NewDomainWithTwoDCs_Config -{ - param - ( - [Parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $SafemodeAdministratorCred, - - [Parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $domainCred, - - [Parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $DNSDelegationCred, - - [Parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $NewADUserCred - ) - - Import-DscResource -ModuleName ActiveDirectoryDsc - - Node $AllNodes.Where{ $_.Role -eq 'Primary DC' }.NodeName - { - WindowsFeature 'ADDSInstall' - { - Ensure = 'Present' - Name = 'AD-Domain-Services' - } - - ADDomain 'FirstDS' - { - DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $SafemodeAdministratorCred - DnsDelegationCredential = $DNSDelegationCred - DependsOn = '[WindowsFeature]ADDSInstall' - } - - WaitForADDomain 'DscForestWait' - { - DomainName = $Node.DomainName - DomainUserCredential = $domainCred - RetryCount = $Node.RetryCount - RetryIntervalSec = $Node.RetryIntervalSec - DependsOn = '[ADDomain]FirstDS' - } - - ADUser 'FirstUser' - { - DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - UserName = 'dummy' - Password = $NewADUserCred - Ensure = 'Present' - DependsOn = '[WaitForADDomain]DscForestWait' - } - } - - Node $AllNodes.Where{ $_.Role -eq 'Replica DC' }.NodeName - { - WindowsFeature 'ADDSInstall' - { - Ensure = 'Present' - Name = 'AD-Domain-Services' - } - - WaitForADDomain 'DscForestWait' - { - DomainName = $Node.DomainName - DomainUserCredential = $domainCred - RetryCount = $Node.RetryCount - RetryIntervalSec = $Node.RetryIntervalSec - DependsOn = '[WindowsFeature]ADDSInstall' - } - - ADDomainController 'SecondDC' - { - DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $SafemodeAdministratorCred - DependsOn = '[WaitForADDomain]DscForestWait' - } - } -} - -# Configuration Data for AD -$ConfigurationData = @{ - AllNodes = @( - @{ - NodeName = 'dsc-testNode1' - Role = 'Primary DC' - DomainName = 'dsc-test.contoso.com' - CertificateFile = 'C:\publicKeys\targetNode.cer' - Thumbprint = 'AC23EA3A9E291A75757A556D0B71CBBF8C4F6FD8' - RetryCount = 20 - RetryIntervalSec = 30 - }, - @{ - NodeName = 'dsc-testNode2' - Role = 'Replica DC' - DomainName = 'dsc-test.contoso.com' - CertificateFile = 'C:\publicKeys\targetNode.cer' - Thumbprint = 'AC23EA3A9E291A75757A556D0B71CBBF8C4F6FD8' - RetryCount = 20 - RetryIntervalSec = 30 - } - ) -} - diff --git a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 index e3a3bb484..259b875c3 100644 --- a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 +++ b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.psm1 @@ -13,7 +13,7 @@ $script:localizedData = Get-LocalizedData -ResourceName 'MSFT_ADDomainController .PARAMETER DomainName Provide the FQDN of the domain the Domain Controller is being added to. - .PARAMETER DomainAdministrationCredential + .PARAMETER Credential Specifies the credential for the account used to install the domain controller. This account must have permission to access the other domain controllers in the domain to be able replicate domain information. @@ -45,7 +45,7 @@ function Get-TargetResource [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential, + $Credential, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] @@ -72,7 +72,7 @@ function Get-TargetResource $getTargetResourceResult = @{ DomainName = $DomainName - DomainAdministratorCredential = $DomainAdministratorCredential + Credential = $Credential SafemodeAdministratorPassword = $SafemodeAdministratorPassword Ensure = $false IsGlobalCatalog = $false @@ -87,7 +87,7 @@ function Get-TargetResource try { - $domain = Get-ADDomain -Identity $DomainName -Credential $DomainAdministratorCredential + $domain = Get-ADDomain -Identity $DomainName -Credential $Credential } catch { @@ -99,7 +99,7 @@ function Get-TargetResource $script:localizedData.DomainPresent -f $DomainName ) - $domainControllerObject = Get-DomainControllerObject -DomainName $DomainName -ComputerName $env:COMPUTERNAME -Credential $DomainAdministratorCredential + $domainControllerObject = Get-DomainControllerObject -DomainName $DomainName -ComputerName $env:COMPUTERNAME -Credential $Credential if ($domainControllerObject) { Write-Verbose -Message ( @@ -143,7 +143,7 @@ function Get-TargetResource .PARAMETER DomainName Provide the FQDN of the domain the Domain Controller is being added to. - .PARAMETER DomainAdministrationCredential + .PARAMETER Credential Specifies the credential for the account used to install the domain controller. This account must have permission to access the other domain controllers in the domain to be able replicate domain information. @@ -203,7 +203,7 @@ function Set-TargetResource [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential, + $Credential, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] @@ -264,7 +264,7 @@ function Set-TargetResource $installADDSDomainControllerParameters = @{ DomainName = $DomainName SafeModeAdministratorPassword = $SafemodeAdministratorPassword.Password - Credential = $DomainAdministratorCredential + Credential = $Credential NoRebootOnCompletion = $true Force = $true } @@ -339,7 +339,7 @@ function Set-TargetResource $script:localizedData.IsDomainController -f $env:COMPUTERNAME, $DomainName ) - $domainControllerObject = Get-DomainControllerObject -DomainName $DomainName -ComputerName $env:COMPUTERNAME -Credential $DomainAdministratorCredential + $domainControllerObject = Get-DomainControllerObject -DomainName $DomainName -ComputerName $env:COMPUTERNAME -Credential $Credential # Check if Node Global Catalog state is correct if ($PSBoundParameters.ContainsKey('IsGlobalCatalog') -and $targetResource.IsGlobalCatalog -ne $IsGlobalCatalog) @@ -371,7 +371,7 @@ function Set-TargetResource # DC is not in correct site. Move it. Write-Verbose -Message ($script:localizedData.MovingDomainController -f $targetResource.SiteName, $SiteName) - Move-ADDirectoryServer -Identity $env:COMPUTERNAME -Site $SiteName -Credential $DomainAdministratorCredential + Move-ADDirectoryServer -Identity $env:COMPUTERNAME -Site $SiteName -Credential $Credential } if ($PSBoundParameters.ContainsKey('AllowPasswordReplicationAccountName')) @@ -478,7 +478,7 @@ function Set-TargetResource .PARAMETER DomainName Provide the FQDN of the domain the Domain Controller is being added to. - .PARAMETER DomainAdministrationCredential + .PARAMETER Credential Specifies the credential for the account used to install the domain controller. This account must have permission to access the other domain controllers in the domain to be able replicate domain information. @@ -528,7 +528,7 @@ function Test-TargetResource [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential, + $Credential, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] @@ -585,7 +585,7 @@ function Test-TargetResource if ($PSBoundParameters.ContainsKey('SiteName')) { - if (-not (Test-ADReplicationSite -SiteName $SiteName -DomainName $DomainName -Credential $DomainAdministratorCredential)) + if (-not (Test-ADReplicationSite -SiteName $SiteName -DomainName $DomainName -Credential $Credential)) { $errorMessage = $script:localizedData.FailedToFindSite -f $SiteName, $DomainName New-ObjectNotFoundException -Message $errorMessage diff --git a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof index 2ed3e4f60..b443cc6cb 100644 --- a/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof +++ b/DSCResources/MSFT_ADDomainController/MSFT_ADDomainController.schema.mof @@ -2,7 +2,7 @@ class MSFT_ADDomainController : OMI_BaseResource { [Key, Description("The fully qualified domain name (FQDN) of the domain the Domain Controller will be joining.")] String DomainName; - [Required, Description("The credentials (as a 'PSCredential' object) of a user that has Domain Administrator rights to add the Domain Controller to the domain."), EmbeddedInstance("MSFT_Credential")] String DomainAdministratorCredential; + [Required, Description("The credentials (as a 'PSCredential' object) of a user that has Domain Administrator rights to add the Domain Controller to the domain."), EmbeddedInstance("MSFT_Credential")] String Credential; [Required, Description("The 'PSCredential' object containing the password to use for Directory Services Restore Mode (DSRM)."), EmbeddedInstance("MSFT_Credential")] String SafemodeAdministratorPassword; [Write, Description("The path where the database will be stored.")] String DatabasePath; [Write, Description("The path where the logs will be stored.")] String LogPath; diff --git a/DSCResources/MSFT_ADDomainController/README.md b/DSCResources/MSFT_ADDomainController/README.md index 765f418dc..ec4e78de9 100644 --- a/DSCResources/MSFT_ADDomainController/README.md +++ b/DSCResources/MSFT_ADDomainController/README.md @@ -4,13 +4,13 @@ The ADDomainController DSC resource will install and configure domain controllers in Active Directory. Installation of Read-Only Domain Controllers (RODC) is also supported. ->**Note:** If the account used for the parameter `DomainAdministratorCredential` +>**Note:** If the account used for the parameter `Credential` >cannot connect to another domain controller, for example using a credential >without the domain name, then the cmdlet `Install-ADDSDomainController` will >seemingly halt (without reporting an error) when trying to replicate >information from another domain controller. >Make sure to use a correct domain account with the correct permission as ->the account for the parameter `DomainAdministratorCredential`. +>the account for the parameter `Credential`. ## Requirements diff --git a/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt b/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt index 0e6114666..1a84944ed 100644 --- a/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt +++ b/DSCResources/MSFT_ADDomainController/en-US/about_ADDomainController.help.txt @@ -1,4 +1,4 @@ -.NAME +.NAME ADDomainController .DESCRIPTION @@ -6,13 +6,13 @@ controllers in Active Directory. Installation of Read-Only Domain Controllers (RODC) is also supported. - >**Note:** If the account used for the parameter `DomainAdministratorCredential` + >**Note:** If the account used for the parameter `Credential` >cannot connect to another domain controller, for example using a credential >without the domain name, then the cmdlet `Install-ADDSDomainController` will >seemingly halt (without reporting an error) when trying to replicate >information from another domain controller. >Make sure to use a correct domain account with the correct permission as - >the account for the parameter `DomainAdministratorCredential`. + >the account for the parameter `Credential`. ## Requirements @@ -22,7 +22,7 @@ Key - String The fully qualified domain name (FQDN) of the domain the Domain Controller will be joining. -.PARAMETER DomainAdministratorCredential +.PARAMETER Credential Required - String The credentials (as a 'PSCredential' object) of a user that has Domain Administrator rights to add the Domain Controller to the domain. @@ -82,7 +82,12 @@ Configuration ADDomainController_AddDomainControllerToDomainMinimal_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -107,7 +112,7 @@ Configuration ADDomainController_AddDomainControllerToDomainMinimal_Config WaitForADDomain 'WaitForestAvailability' { DomainName = 'contoso.com' - DomainUserCredential = $DomainAdministratorCredential + DomainUserCredential = $Credential RetryCount = 10 RetryIntervalSec = 120 @@ -117,8 +122,8 @@ Configuration ADDomainController_AddDomainControllerToDomainMinimal_Config ADDomainController 'DomainControllerMinimal' { DomainName = 'contoso.com' - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword DependsOn = '[WaitForADDomain]WaitForestAvailability' } @@ -137,7 +142,12 @@ Configuration ADDomainController_AddDomainControllerToDomainAllProperties_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -162,7 +172,7 @@ Configuration ADDomainController_AddDomainControllerToDomainAllProperties_Config WaitForADDomain 'WaitForestAvailability' { DomainName = 'contoso.com' - DomainUserCredential = $DomainAdministratorCredential + DomainUserCredential = $Credential RetryCount = 10 RetryIntervalSec = 120 @@ -172,8 +182,8 @@ Configuration ADDomainController_AddDomainControllerToDomainAllProperties_Config ADDomainController 'DomainControllerAllProperties' { DomainName = 'contoso.com' - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword DatabasePath = 'C:\Windows\NTDS' LogPath = 'C:\Windows\Logs' SysvolPath = 'C:\Windows\SYSVOL' @@ -197,7 +207,12 @@ Configuration ADDomainController_AddDomainControllerToDomainUsingIFM_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -222,7 +237,7 @@ Configuration ADDomainController_AddDomainControllerToDomainUsingIFM_Config WaitForADDomain 'WaitForestAvailability' { DomainName = 'contoso.com' - DomainUserCredential = $DomainAdministratorCredential + DomainUserCredential = $Credential RetryCount = 10 RetryIntervalSec = 120 @@ -232,8 +247,8 @@ Configuration ADDomainController_AddDomainControllerToDomainUsingIFM_Config ADDomainController 'DomainControllerWithIFM' { DomainName = 'contoso.com' - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword InstallationMediaPath = 'F:\IFM' DependsOn = '[WaitForADDomain]WaitForestAvailability' @@ -253,7 +268,12 @@ Configuration ADDomainController_AddReadOnlyDomainController_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -278,7 +298,7 @@ Configuration ADDomainController_AddReadOnlyDomainController_Config WaitForADDomain 'WaitForestAvailability' { DomainName = 'contoso.com' - DomainUserCredential = $DomainAdministratorCredential + DomainUserCredential = $Credential RetryCount = 10 RetryIntervalSec = 120 @@ -288,8 +308,8 @@ Configuration ADDomainController_AddReadOnlyDomainController_Config ADDomainController 'Read-OnlyDomainController(RODC)' { DomainName = 'contoso.com' - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword ReadOnlyReplica = $true SiteName = 'Default-First-Site-Name' AllowPasswordReplicationAccountName = @('pvdi.test1', 'pvdi.test') diff --git a/DSCResources/MSFT_ADDomainDefaultPasswordPolicy/en-US/about_ADDomainDefaultPasswordPolicy.help.txt b/DSCResources/MSFT_ADDomainDefaultPasswordPolicy/en-US/about_ADDomainDefaultPasswordPolicy.help.txt index 57b477794..f18206efd 100644 --- a/DSCResources/MSFT_ADDomainDefaultPasswordPolicy/en-US/about_ADDomainDefaultPasswordPolicy.help.txt +++ b/DSCResources/MSFT_ADDomainDefaultPasswordPolicy/en-US/about_ADDomainDefaultPasswordPolicy.help.txt @@ -1,4 +1,4 @@ -.NAME +.NAME ADDomainDefaultPasswordPolicy .DESCRIPTION @@ -65,15 +65,15 @@ Configuration ADDomainDefaultPasswordPolicy_ConfigureDefaultPasswordPolicy_Confi { Param ( - [parameter(Mandatory = $true)] + [Parameter(Mandatory = $true)] [System.String] $DomainName, - [parameter(Mandatory = $true)] + [Parameter(Mandatory = $true)] [System.Boolean] $ComplexityEnabled, - [parameter(Mandatory = $true)] + [Parameter(Mandatory = $true)] [System.Int32] $MinPasswordLength ) diff --git a/DSCResources/MSFT_ADDomainTrust/MSFT_ADDomainTrust.psm1 b/DSCResources/MSFT_ADDomainTrust/MSFT_ADDomainTrust.psm1 index 67a8766e5..51252549c 100644 --- a/DSCResources/MSFT_ADDomainTrust/MSFT_ADDomainTrust.psm1 +++ b/DSCResources/MSFT_ADDomainTrust/MSFT_ADDomainTrust.psm1 @@ -17,7 +17,7 @@ $script:localizedData = Get-LocalizedData -ResourceName 'MSFT_ADDomainTrust' .PARAMETER TargetDomainName Specifies the name of the Active Directory domain that is being trusted. - .PARAMETER TargetDomainAdministratorCredential + .PARAMETER TargetCredential Specifies the credentials to authenticate to the target domain. .PARAMETER TrustType @@ -43,7 +43,7 @@ function Get-TargetResource [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $TargetDomainAdministratorCredential, + $TargetCredential, [Parameter(Mandatory = $true)] [ValidateSet('External', 'Forest')] @@ -57,19 +57,19 @@ function Get-TargetResource ) # Return a credential object without the password. - $cimCredentialInstance = New-CimCredentialInstance -Credential $TargetDomainAdministratorCredential + $cimCredentialInstance = New-CimCredentialInstance -Credential $TargetCredential $returnValue = @{ - SourceDomainName = $SourceDomainName - TargetDomainName = $TargetDomainName - TargetDomainAdministratorCredential = $cimCredentialInstance + SourceDomainName = $SourceDomainName + TargetDomainName = $TargetDomainName + TargetCredential = $cimCredentialInstance } $getTrustTargetAndSourceObject = @{ - SourceDomainName = $SourceDomainName - TargetDomainName = $TargetDomainName - TargetDomainAdministratorCredential = $TargetDomainAdministratorCredential - TrustType = $TrustType + SourceDomainName = $SourceDomainName + TargetDomainName = $TargetDomainName + TargetCredential = $TargetCredential + TrustType = $TrustType } $trustSource, $trustTarget = Get-TrustSourceAndTargetObject @getTrustTargetAndSourceObject @@ -114,7 +114,7 @@ function Get-TargetResource .PARAMETER TargetDomainName Specifies the name of the Active Directory domain that is being trusted. - .PARAMETER TargetDomainAdministratorCredential + .PARAMETER TargetCredential Specifies the credentials to authenticate to the target domain. .PARAMETER TrustType @@ -143,7 +143,7 @@ function Set-TargetResource [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $TargetDomainAdministratorCredential, + $TargetCredential, [Parameter(Mandatory = $true)] [ValidateSet('External', 'Forest')] @@ -162,10 +162,10 @@ function Set-TargetResource ) $getTrustTargetAndSourceObject = @{ - SourceDomainName = $SourceDomainName - TargetDomainName = $TargetDomainName - TargetDomainAdministratorCredential = $TargetDomainAdministratorCredential - TrustType = $TrustType + SourceDomainName = $SourceDomainName + TargetDomainName = $TargetDomainName + TargetCredential = $TargetCredential + TrustType = $TrustType } $trustSource, $trustTarget = Get-TrustSourceAndTargetObject @getTrustTargetAndSourceObject @@ -283,7 +283,7 @@ function Set-TargetResource .PARAMETER TargetDomainName Specifies the name of the Active Directory domain that is being trusted. - .PARAMETER TargetDomainAdministratorCredential + .PARAMETER TargetCredential Specifies the credentials to authenticate to the target domain. .PARAMETER TrustType @@ -313,7 +313,7 @@ function Test-TargetResource [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $TargetDomainAdministratorCredential, + $TargetCredential, [Parameter(Mandatory = $true)] [ValidateSet('External', 'Forest')] @@ -369,7 +369,7 @@ function Test-TargetResource .PARAMETER TargetDomainName Specifies the name of the Active Directory domain that is being trusted. - .PARAMETER TargetDomainAdministratorCredential + .PARAMETER TargetCredential Specifies the credentials to authenticate to the target domain. .PARAMETER TrustType @@ -398,7 +398,7 @@ function Compare-TargetResourceState [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $TargetDomainAdministratorCredential, + $TargetCredential, [Parameter(Mandatory = $true)] [ValidateSet('External', 'Forest')] @@ -417,11 +417,11 @@ function Compare-TargetResourceState ) $getTargetResourceParameters = @{ - SourceDomainName = $SourceDomainName - TargetDomainName = $TargetDomainName - TargetDomainAdministratorCredential = $TargetDomainAdministratorCredential - TrustType = $TrustType - TrustDirection = $TrustDirection + SourceDomainName = $SourceDomainName + TargetDomainName = $TargetDomainName + TargetCredential = $TargetCredential + TrustType = $TrustType + TrustDirection = $TrustDirection } $getTargetResourceResult = Get-TargetResource @getTargetResourceParameters @@ -604,7 +604,7 @@ function ConvertFrom-DirectoryContextType .PARAMETER TargetDomainName Specifies the name of the Active Directory domain that is being trusted. - .PARAMETER TargetDomainAdministratorCredential + .PARAMETER TargetCredential Specifies the credentials to authenticate to the target domain. .PARAMETER TrustType @@ -632,7 +632,7 @@ function Get-TrustSourceAndTargetObject [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $TargetDomainAdministratorCredential, + $TargetCredential, [Parameter(Mandatory = $true)] [ValidateSet('External', 'Forest')] @@ -646,7 +646,7 @@ function Get-TrustSourceAndTargetObject $getADDirectoryContextParameters = @{ DirectoryContextType = $directoryContextType Name = $TargetDomainName - Credential = $TargetDomainAdministratorCredential + Credential = $TargetCredential } $targetDirectoryContext = Get-ADDirectoryContext @getADDirectoryContextParameters diff --git a/DSCResources/MSFT_ADDomainTrust/MSFT_ADDomainTrust.schema.mof b/DSCResources/MSFT_ADDomainTrust/MSFT_ADDomainTrust.schema.mof index a67e340dc..0e6fd0b7e 100644 --- a/DSCResources/MSFT_ADDomainTrust/MSFT_ADDomainTrust.schema.mof +++ b/DSCResources/MSFT_ADDomainTrust/MSFT_ADDomainTrust.schema.mof @@ -2,7 +2,7 @@ class MSFT_ADDomainTrust : OMI_BaseResource { [Write, Description("Specifies whether the computer account is present or absent. Default value is 'Present'."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; - [Required, Description("Specifies the credentials to authenticate to the target domain."), EmbeddedInstance("MSFT_Credential")] String TargetDomainAdministratorCredential; + [Required, Description("Specifies the credentials to authenticate to the target domain."), EmbeddedInstance("MSFT_Credential")] String TargetCredential; [Key, Description("Specifies the name of the Active Directory domain that is being trusted.")] String TargetDomainName; [Required, Description("Specifies the type of trust. The value 'External' means the context Domain, while the value 'Forest' means the context 'Forest'."), ValueMap{"External","Forest"}, Values{"External","Forest"}] String TrustType; [Required, Description("Specifies the direction of the trust."), ValueMap{"Bidirectional","Inbound","Outbound"}, Values{"Bidirectional","Inbound","Outbound"}] String TrustDirection; diff --git a/DSCResources/MSFT_ADDomainTrust/en-US/about_ADDomainTrust.help.txt b/DSCResources/MSFT_ADDomainTrust/en-US/about_ADDomainTrust.help.txt index f0940d93c..c1b955a39 100644 --- a/DSCResources/MSFT_ADDomainTrust/en-US/about_ADDomainTrust.help.txt +++ b/DSCResources/MSFT_ADDomainTrust/en-US/about_ADDomainTrust.help.txt @@ -1,4 +1,4 @@ -.NAME +.NAME ADDomainTrust .DESCRIPTION @@ -13,7 +13,7 @@ Allowed values: Present, Absent Specifies whether the computer account is present or absent. Default value is 'Present'. -.PARAMETER TargetDomainAdministratorCredential +.PARAMETER TargetCredential Required - String Specifies the credentials to authenticate to the target domain. @@ -63,12 +63,12 @@ Configuration ADDomainTrust_NewOneWayTrust_Config { ADDomainTrust 'Trust' { - Ensure = 'Present' - SourceDomainName = $SourceDomain - TargetDomainName = $TargetDomain - TargetDomainAdministratorCredential = $TargetDomainAdminCred - TrustDirection = 'Inbound' - TrustType = 'External' + Ensure = 'Present' + SourceDomainName = $SourceDomain + TargetDomainName = $TargetDomain + TargetCredential = $TargetDomainAdminCred + TrustDirection = 'Inbound' + TrustType = 'External' } } } diff --git a/DSCResources/MSFT_ADForestProperties/en-US/about_ADForestProperties.help.txt b/DSCResources/MSFT_ADForestProperties/en-US/about_ADForestProperties.help.txt index 44a7a595c..6aaae6968 100644 --- a/DSCResources/MSFT_ADForestProperties/en-US/about_ADForestProperties.help.txt +++ b/DSCResources/MSFT_ADForestProperties/en-US/about_ADForestProperties.help.txt @@ -1,4 +1,4 @@ -.NAME +.NAME ADForestProperties .DESCRIPTION @@ -50,29 +50,17 @@ Configuration ADForestProperties_ReplaceForestProperties_Config { Import-DscResource -ModuleName ActiveDirectoryDsc - node $AllNodes.NodeName + node 'localhost' { ADForestProperties $Node.ForestName { - ForestName = $Node.ForestName - UserPrincipalNameSuffix = $Node.UserPrincipalNameSuffix - ServicePrincipalNameSuffix = $Node.ServicePrincipalNameSuffix - } - } -} - -$ConfigurationData = @{ - AllNodes = @( - @{ - NodeName = 'dc.contoso.com' ForestName = 'contoso.com' UserPrincipalNameSuffix = 'fabrikam.com', 'industry.com' ServicePrincipalNameSuffix = 'corporate.com' } - ) + } } - .EXAMPLE 2 This configuration will manage the Service and User Principal name suffixes in diff --git a/DSCResources/MSFT_ADGroup/en-US/about_ADGroup.help.txt b/DSCResources/MSFT_ADGroup/en-US/about_ADGroup.help.txt index 3b14cceee..b721b4159 100644 --- a/DSCResources/MSFT_ADGroup/en-US/about_ADGroup.help.txt +++ b/DSCResources/MSFT_ADGroup/en-US/about_ADGroup.help.txt @@ -1,4 +1,4 @@ -.NAME +.NAME ADGroup .DESCRIPTION diff --git a/DSCResources/MSFT_ADKDSKey/en-US/about_ADKDSKey.help.txt b/DSCResources/MSFT_ADKDSKey/en-US/about_ADKDSKey.help.txt index 04345999c..9d72ef3d1 100644 --- a/DSCResources/MSFT_ADKDSKey/en-US/about_ADKDSKey.help.txt +++ b/DSCResources/MSFT_ADKDSKey/en-US/about_ADKDSKey.help.txt @@ -1,4 +1,4 @@ -.NAME +.NAME ADKDSKey .DESCRIPTION diff --git a/DSCResources/MSFT_ADManagedServiceAccount/en-US/about_ADManagedServiceAccount.help.txt b/DSCResources/MSFT_ADManagedServiceAccount/en-US/about_ADManagedServiceAccount.help.txt index 08381fb7e..9eb5b9b97 100644 --- a/DSCResources/MSFT_ADManagedServiceAccount/en-US/about_ADManagedServiceAccount.help.txt +++ b/DSCResources/MSFT_ADManagedServiceAccount/en-US/about_ADManagedServiceAccount.help.txt @@ -1,4 +1,4 @@ -.NAME +.NAME ADManagedServiceAccount .DESCRIPTION diff --git a/DSCResources/MSFT_ADObjectEnabledState/en-US/about_ADObjectEnabledState.help.txt b/DSCResources/MSFT_ADObjectEnabledState/en-US/about_ADObjectEnabledState.help.txt index 98d7710c9..66cc24821 100644 --- a/DSCResources/MSFT_ADObjectEnabledState/en-US/about_ADObjectEnabledState.help.txt +++ b/DSCResources/MSFT_ADObjectEnabledState/en-US/about_ADObjectEnabledState.help.txt @@ -1,4 +1,4 @@ -.NAME +.NAME ADObjectEnabledState .DESCRIPTION @@ -78,7 +78,7 @@ Configuration ADObjectEnabledState_CreateClusterComputerAccount_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -96,7 +96,7 @@ Configuration ADObjectEnabledState_CreateClusterComputerAccount_Config { Name = 'CLU_CNO01' StaticIPAddress = '192.168.100.20/24' - DomainAdministratorCredential = $DomainAdministratorCredential + DomainAdministratorCredential = $Credential DependsOn = '[ADComputer]ClusterAccount' } @@ -124,7 +124,7 @@ Configuration ADObjectEnabledState_EnabledPrestagedClusterComputerAccount_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -136,7 +136,7 @@ Configuration ADObjectEnabledState_EnabledPrestagedClusterComputerAccount_Config { Name = 'CLU_CNO01' StaticIPAddress = '192.168.100.20/24' - DomainAdministratorCredential = $DomainAdministratorCredential + DomainAdministratorCredential = $Credential } ADObjectEnabledState 'EnforceEnabledPropertyToEnabled' diff --git a/DSCResources/MSFT_ADObjectPermissionEntry/en-US/about_ADObjectPermissionEntry.help.txt b/DSCResources/MSFT_ADObjectPermissionEntry/en-US/about_ADObjectPermissionEntry.help.txt index d502d19ba..9803a6454 100644 --- a/DSCResources/MSFT_ADObjectPermissionEntry/en-US/about_ADObjectPermissionEntry.help.txt +++ b/DSCResources/MSFT_ADObjectPermissionEntry/en-US/about_ADObjectPermissionEntry.help.txt @@ -1,4 +1,4 @@ -.NAME +.NAME ADObjectPermissionEntry .DESCRIPTION diff --git a/DSCResources/MSFT_ADOrganizationalUnit/en-US/about_ADOrganizationalUnit.help.txt b/DSCResources/MSFT_ADOrganizationalUnit/en-US/about_ADOrganizationalUnit.help.txt index 383604ac3..9abd8f88f 100644 --- a/DSCResources/MSFT_ADOrganizationalUnit/en-US/about_ADOrganizationalUnit.help.txt +++ b/DSCResources/MSFT_ADOrganizationalUnit/en-US/about_ADOrganizationalUnit.help.txt @@ -1,4 +1,4 @@ -.NAME +.NAME ADOrganizationalUnit .DESCRIPTION diff --git a/DSCResources/MSFT_ADRecycleBin/en-US/about_ADRecycleBin.help.txt b/DSCResources/MSFT_ADRecycleBin/en-US/about_ADRecycleBin.help.txt index d9be4cfc3..b9622ee9d 100644 --- a/DSCResources/MSFT_ADRecycleBin/en-US/about_ADRecycleBin.help.txt +++ b/DSCResources/MSFT_ADRecycleBin/en-US/about_ADRecycleBin.help.txt @@ -1,4 +1,4 @@ -.NAME +.NAME ADRecycleBin .DESCRIPTION diff --git a/DSCResources/MSFT_ADReplicationSite/en-US/about_ADReplicationSite.help.txt b/DSCResources/MSFT_ADReplicationSite/en-US/about_ADReplicationSite.help.txt index 02ed977f6..bfe0abf62 100644 --- a/DSCResources/MSFT_ADReplicationSite/en-US/about_ADReplicationSite.help.txt +++ b/DSCResources/MSFT_ADReplicationSite/en-US/about_ADReplicationSite.help.txt @@ -1,4 +1,4 @@ -.NAME +.NAME ADReplicationSite .DESCRIPTION diff --git a/DSCResources/MSFT_ADReplicationSiteLink/en-US/about_ADReplicationSiteLink.help.txt b/DSCResources/MSFT_ADReplicationSiteLink/en-US/about_ADReplicationSiteLink.help.txt index dd806ba52..d8d342cb4 100644 --- a/DSCResources/MSFT_ADReplicationSiteLink/en-US/about_ADReplicationSiteLink.help.txt +++ b/DSCResources/MSFT_ADReplicationSiteLink/en-US/about_ADReplicationSiteLink.help.txt @@ -1,4 +1,4 @@ -.NAME +.NAME ADReplicationSiteLink .DESCRIPTION diff --git a/DSCResources/MSFT_ADReplicationSubnet/en-US/about_ADReplicationSubnet.help.txt b/DSCResources/MSFT_ADReplicationSubnet/en-US/about_ADReplicationSubnet.help.txt index fa955a402..204f84423 100644 --- a/DSCResources/MSFT_ADReplicationSubnet/en-US/about_ADReplicationSubnet.help.txt +++ b/DSCResources/MSFT_ADReplicationSubnet/en-US/about_ADReplicationSubnet.help.txt @@ -1,4 +1,4 @@ -.NAME +.NAME ADReplicationSubnet .DESCRIPTION diff --git a/DSCResources/MSFT_ADServicePrincipalName/en-US/about_ADServicePrincipalName.help.txt b/DSCResources/MSFT_ADServicePrincipalName/en-US/about_ADServicePrincipalName.help.txt index 929c087d2..4d070b48b 100644 --- a/DSCResources/MSFT_ADServicePrincipalName/en-US/about_ADServicePrincipalName.help.txt +++ b/DSCResources/MSFT_ADServicePrincipalName/en-US/about_ADServicePrincipalName.help.txt @@ -1,4 +1,4 @@ -.NAME +.NAME ADServicePrincipalName .DESCRIPTION diff --git a/DSCResources/MSFT_ADUser/en-US/about_ADUser.help.txt b/DSCResources/MSFT_ADUser/en-US/about_ADUser.help.txt index 1c053b8d2..9e83a95e0 100644 --- a/DSCResources/MSFT_ADUser/en-US/about_ADUser.help.txt +++ b/DSCResources/MSFT_ADUser/en-US/about_ADUser.help.txt @@ -1,4 +1,4 @@ -.NAME +.NAME ADUser .DESCRIPTION @@ -197,7 +197,7 @@ Write - String Specifies the Active Directory Domain Services instance to use to perform the task. -.PARAMETER DomainAdministratorCredential +.PARAMETER Credential Write - String Specifies the user account credentials to use to perform this task. diff --git a/DSCResources/MSFT_WaitForADDomain/en-US/about_WaitForADDomain.help.txt b/DSCResources/MSFT_WaitForADDomain/en-US/about_WaitForADDomain.help.txt index 7726bd166..84b091723 100644 --- a/DSCResources/MSFT_WaitForADDomain/en-US/about_WaitForADDomain.help.txt +++ b/DSCResources/MSFT_WaitForADDomain/en-US/about_WaitForADDomain.help.txt @@ -1,4 +1,4 @@ -.NAME +.NAME WaitForADDomain .DESCRIPTION diff --git a/Examples/Resources/ADComputer/1-ADComputer_AddComputerAccount_Config.ps1 b/Examples/Resources/ADComputer/1-ADComputer_AddComputerAccount_Config.ps1 index 7003335cb..d0f2604a9 100644 --- a/Examples/Resources/ADComputer/1-ADComputer_AddComputerAccount_Config.ps1 +++ b/Examples/Resources/ADComputer/1-ADComputer_AddComputerAccount_Config.ps1 @@ -29,7 +29,7 @@ Configuration ADComputer_AddComputerAccount_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -39,12 +39,16 @@ Configuration ADComputer_AddComputerAccount_Config ADComputer 'CreateEnabled_SQL01' { ComputerName = 'SQL01' + + PsDscRunAsCredential = $Credential } ADComputer 'CreateEnabled_SQL02' { ComputerName = 'SQL02' EnabledOnCreation = $true + + PsDscRunAsCredential = $Credential } } } diff --git a/Examples/Resources/ADComputer/2-ADComputer_AddComputerAccountDisabled_Config.ps1 b/Examples/Resources/ADComputer/2-ADComputer_AddComputerAccountDisabled_Config.ps1 index a10c6cc9a..953b73b76 100644 --- a/Examples/Resources/ADComputer/2-ADComputer_AddComputerAccountDisabled_Config.ps1 +++ b/Examples/Resources/ADComputer/2-ADComputer_AddComputerAccountDisabled_Config.ps1 @@ -29,7 +29,7 @@ Configuration ADComputer_AddComputerAccountDisabled_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -40,6 +40,8 @@ Configuration ADComputer_AddComputerAccountDisabled_Config { ComputerName = 'CLU_CNO01' EnabledOnCreation = $false + + PsDscRunAsCredential = $Credential } } } diff --git a/Examples/Resources/ADComputer/3-ADComputer_AddComputerAccountSpecificPath_Config.ps1 b/Examples/Resources/ADComputer/3-ADComputer_AddComputerAccountSpecificPath_Config.ps1 index f5f026fc5..b00ade1c4 100644 --- a/Examples/Resources/ADComputer/3-ADComputer_AddComputerAccountSpecificPath_Config.ps1 +++ b/Examples/Resources/ADComputer/3-ADComputer_AddComputerAccountSpecificPath_Config.ps1 @@ -30,7 +30,7 @@ Configuration ADComputer_AddComputerAccountSpecificPath_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -39,10 +39,10 @@ Configuration ADComputer_AddComputerAccountSpecificPath_Config { ADComputer 'CreateComputerAccount' { - DomainController = 'DC01' - ComputerName = 'SQL01' - Path = 'OU=Servers,DC=contoso,DC=com' - DomainAdministratorCredential = $DomainAdministratorCredential + DomainController = 'DC01' + ComputerName = 'SQL01' + Path = 'OU=Servers,DC=contoso,DC=com' + Credential = $Credential } } } diff --git a/Examples/Resources/ADComputer/4-ADComputer_AddComputerAccountAndCreateODJRequest_Config.ps1 b/Examples/Resources/ADComputer/4-ADComputer_AddComputerAccountAndCreateODJRequest_Config.ps1 index 2767668ed..427aec7c6 100644 --- a/Examples/Resources/ADComputer/4-ADComputer_AddComputerAccountAndCreateODJRequest_Config.ps1 +++ b/Examples/Resources/ADComputer/4-ADComputer_AddComputerAccountAndCreateODJRequest_Config.ps1 @@ -31,7 +31,7 @@ Configuration ADComputer_AddComputerAccountAndCreateODJRequest_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -40,11 +40,11 @@ Configuration ADComputer_AddComputerAccountAndCreateODJRequest_Config { ADComputer 'CreateComputerAccount' { - DomainController = 'DC01' - ComputerName = 'NANO-200' - Path = 'OU=Servers,DC=contoso,DC=com' - RequestFile = 'D:\ODJFiles\NANO-200.txt' - DomainAdministratorCredential = $DomainAdministratorCredential + DomainController = 'DC01' + ComputerName = 'NANO-200' + Path = 'OU=Servers,DC=contoso,DC=com' + RequestFile = 'D:\ODJFiles\NANO-200.txt' + Credential = $Credential } } } diff --git a/Examples/Resources/ADDomain/1-ADDomain_NewForest_Config.ps1 b/Examples/Resources/ADDomain/1-ADDomain_NewForest_Config.ps1 index 500480ca9..ba9094e36 100644 --- a/Examples/Resources/ADDomain/1-ADDomain_NewForest_Config.ps1 +++ b/Examples/Resources/ADDomain/1-ADDomain_NewForest_Config.ps1 @@ -29,13 +29,18 @@ Configuration ADDomain_NewForest_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources Import-DscResource -ModuleName ActiveDirectoryDsc - node $AllNodes.NodeName + node 'localhost' { WindowsFeature 'ADDS' { @@ -49,22 +54,12 @@ Configuration ADDomain_NewForest_Config Ensure = 'Present' } - ADDomain $Node.DomainName + ADDomain 'contoso.com' { - DomainName = $Node.DomainName - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential - ForestMode = $Node.FFL + DomainName = 'contoso.com' + Credential = $Credential + SafemodeAdministratorPassword = $SafeModePassword + ForestMode = 'WinThreshold' } } } - -$ConfigurationData = @{ - AllNodes = @( - @{ - NodeName = 'localhost' - FFL = 'WinThreshold' - DomainName = 'contoso.com' - } - ) -} diff --git a/Examples/Resources/ADDomain/2-ADDomain_NewChildDomain_Config.ps1 b/Examples/Resources/ADDomain/2-ADDomain_NewChildDomain_Config.ps1 index 425d7ec85..14cc80feb 100644 --- a/Examples/Resources/ADDomain/2-ADDomain_NewChildDomain_Config.ps1 +++ b/Examples/Resources/ADDomain/2-ADDomain_NewChildDomain_Config.ps1 @@ -29,13 +29,18 @@ Configuration ADDomain_NewChildDomain_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources Import-DscResource -ModuleName ActiveDirectoryDsc - node $AllNodes.NodeName + node 'localhost' { WindowsFeature 'ADDS' { @@ -49,24 +54,13 @@ Configuration ADDomain_NewChildDomain_Config Ensure = 'Present' } - ADDomain $Node.DomainName + ADDomain 'child' { - DomainName = $Node.DomainName - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential - DomainMode = $Node.DFL - ParentDomainName = $node.ParentDomain + DomainName = 'child' + Credential = $Credential + SafemodeAdministratorPassword = $SafeModePassword + DomainMode = 'Win2012R2' + ParentDomainName = 'contoso.com' } } } - -$ConfigurationData = @{ - AllNodes = @( - @{ - NodeName = 'localhost' - DFL = 'Win2012R2' - DomainName = 'child' - ParentDomain = 'contoso.com' - } - ) -} diff --git a/Examples/Resources/ADDomain/3-ADDomain_NewForestwithParentAndChildDomain_Config.ps1 b/Examples/Resources/ADDomain/3-ADDomain_NewForestwithParentAndChildDomain_Config.ps1 deleted file mode 100644 index f702a56c9..000000000 --- a/Examples/Resources/ADDomain/3-ADDomain_NewForestwithParentAndChildDomain_Config.ps1 +++ /dev/null @@ -1,137 +0,0 @@ -<#PSScriptInfo -.VERSION 1.0 -.GUID aad067ec-0e7a-4a41-874d-432a3ff73437 -.AUTHOR Microsoft Corporation -.COMPANYNAME Microsoft Corporation -.COPYRIGHT (c) Microsoft Corporation. All rights reserved. -.TAGS DSCConfiguration -.LICENSEURI https://github.com/PowerShell/ActiveDirectoryDsc/blob/master/LICENSE -.PROJECTURI https://github.com/PowerShell/ActiveDirectoryDsc -.ICONURI -.EXTERNALMODULEDEPENDENCIES -.REQUIREDSCRIPTS -.EXTERNALSCRIPTDEPENDENCIES -.RELEASENOTES -.PRIVATEDATA -#> - -#Requires -module ActiveDirectoryDsc - -$ConfigurationData = @{ - AllNodes = @( - @{ - NodeName = 'dsc-testNode1' - Role = 'Parent DC' - DomainName = 'dsc-test.contoso.com' - CertificateFile = 'C:\publicKeys\targetNode.cer' - Thumbprint = 'AC23EA3A9E291A75757A556D0B71CBBF8C4F6FD8' - RetryCount = 50 - RetryIntervalSec = 30 - }, - - @{ - NodeName = 'dsc-testNode2' - Role = 'Child DC' - DomainName = 'dsc-child' - ParentDomainName = 'dsc-test.contoso.com' - CertificateFile = 'C:\publicKeys\targetNode.cer' - Thumbprint = 'AC23EA3A9E291A75757A556D0B71CBBF8C4F6FD8' - RetryCount = 50 - RetryIntervalSec = 30 - } - ) -} - -<# - .DESCRIPTION - This configuration will create a domain, and then create a child domain on - another node. -#> -Configuration ADDomain_NewForestWithParentAndChildDomain_Config -{ - param - ( - [Parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $SafemodeAdministratorCred, - - [Parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $DomainCred, - - [Parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $DnsDelegationCred, - - [Parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $NewADUserCred - ) - - Import-DscResource -ModuleName ActiveDirectoryDsc - - Node $AllNodes.Where{ $_.Role -eq 'Parent DC' }.NodeName - { - WindowsFeature 'ADDSInstall' - { - Ensure = 'Present' - Name = 'AD-Domain-Services' - } - - ADDomain 'FirstDS' - { - DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $SafemodeAdministratorCred - DnsDelegationCredential = $DnsDelegationCred - DependsOn = '[WindowsFeature]ADDSInstall' - } - - WaitForADDomain 'DscForestWait' - { - DomainName = $Node.DomainName - DomainUserCredential = $domainCred - RetryCount = $Node.RetryCount - RetryIntervalSec = $Node.RetryIntervalSec - DependsOn = '[ADDomain]FirstDS' - } - - ADUser 'FirstUser' - { - DomainName = $Node.DomainName - Credential = $domaincred - UserName = 'dummy' - Password = $NewADUserCred - Ensure = 'Present' - DependsOn = '[WaitForADDomain]DscForestWait' - } - - } - - Node $AllNodes.Where{ $_.Role -eq 'Child DC' }.NodeName - { - WindowsFeature 'ADDSInstall' - { - Ensure = 'Present' - Name = 'AD-Domain-Services' - } - - WaitForADDomain 'DscForestWait' - { - DomainName = $Node.ParentDomainName - DomainUserCredential = $domainCred - RetryCount = $Node.RetryCount - RetryIntervalSec = $Node.RetryIntervalSec - DependsOn = '[WindowsFeature]ADDSInstall' - } - - ADDomain 'ChildDS' - { - DomainName = $Node.DomainName - ParentDomainName = $Node.ParentDomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $SafemodeAdministratorCred - DependsOn = '[WaitForADDomain]DscForestWait' - } - } -} diff --git a/Examples/Resources/ADDomain/4-ADDomain_NewDomainWithTwoDCs_Config.ps1 b/Examples/Resources/ADDomain/4-ADDomain_NewDomainWithTwoDCs_Config.ps1 deleted file mode 100644 index bd519bb2d..000000000 --- a/Examples/Resources/ADDomain/4-ADDomain_NewDomainWithTwoDCs_Config.ps1 +++ /dev/null @@ -1,136 +0,0 @@ -<#PSScriptInfo -.VERSION 1.0 -.GUID 400370df-41bc-44d4-8730-0aa9a135383f -.AUTHOR Microsoft Corporation -.COMPANYNAME Microsoft Corporation -.COPYRIGHT (c) Microsoft Corporation. All rights reserved. -.TAGS DSCConfiguration -.LICENSEURI https://github.com/PowerShell/ActiveDirectoryDsc/blob/master/LICENSE -.PROJECTURI https://github.com/PowerShell/ActiveDirectoryDsc -.ICONURI -.EXTERNALMODULEDEPENDENCIES -.REQUIREDSCRIPTS -.EXTERNALSCRIPTDEPENDENCIES -.RELEASENOTES -.PRIVATEDATA -#> - -#Requires -module ActiveDirectoryDsc - -# Configuration Data for AD -$ConfigurationData = @{ - AllNodes = @( - @{ - NodeName = 'dsc-testNode1' - Role = 'Primary DC' - DomainName = 'dsc-test.contoso.com' - CertificateFile = 'C:\publicKeys\targetNode.cer' - Thumbprint = 'AC23EA3A9E291A75757A556D0B71CBBF8C4F6FD8' - RetryCount = 20 - RetryIntervalSec = 30 - }, - @{ - NodeName = 'dsc-testNode2' - Role = 'Replica DC' - DomainName = 'dsc-test.contoso.com' - CertificateFile = 'C:\publicKeys\targetNode.cer' - Thumbprint = 'AC23EA3A9E291A75757A556D0B71CBBF8C4F6FD8' - RetryCount = 20 - RetryIntervalSec = 30 - } - ) -} - -<# - .DESCRIPTION - This configuration will create a highly available domain by adding - a second domain controller to the newly created domain. - The WaitForDomain resource is used to ensure that the domain is - present before the second domain controller is added. -#> -Configuration ADDomain_NewDomainWithTwoDCs_Config -{ - param - ( - [Parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $SafemodeAdministratorCred, - - [Parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $domainCred, - - [Parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $DNSDelegationCred, - - [Parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $NewADUserCred - ) - - Import-DscResource -ModuleName ActiveDirectoryDsc - - Node $AllNodes.Where{ $_.Role -eq 'Primary DC' }.NodeName - { - WindowsFeature 'ADDSInstall' - { - Ensure = 'Present' - Name = 'AD-Domain-Services' - } - - ADDomain 'FirstDS' - { - DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $SafemodeAdministratorCred - DnsDelegationCredential = $DNSDelegationCred - DependsOn = '[WindowsFeature]ADDSInstall' - } - - WaitForADDomain 'DscForestWait' - { - DomainName = $Node.DomainName - DomainUserCredential = $domainCred - RetryCount = $Node.RetryCount - RetryIntervalSec = $Node.RetryIntervalSec - DependsOn = '[ADDomain]FirstDS' - } - - ADUser 'FirstUser' - { - DomainName = $Node.DomainName - Credential = $domainCred - UserName = 'dummy' - Password = $NewADUserCred - Ensure = 'Present' - DependsOn = '[WaitForADDomain]DscForestWait' - } - } - - Node $AllNodes.Where{ $_.Role -eq 'Replica DC' }.NodeName - { - WindowsFeature 'ADDSInstall' - { - Ensure = 'Present' - Name = 'AD-Domain-Services' - } - - WaitForADDomain 'DscForestWait' - { - DomainName = $Node.DomainName - DomainUserCredential = $domainCred - RetryCount = $Node.RetryCount - RetryIntervalSec = $Node.RetryIntervalSec - DependsOn = '[WindowsFeature]ADDSInstall' - } - - ADDomainController 'SecondDC' - { - DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $SafemodeAdministratorCred - DependsOn = '[WaitForADDomain]DscForestWait' - } - } -} diff --git a/Examples/Resources/ADDomainController/1-ADDomainController_AddDomainControllerToDomainMinimal_Config.ps1 b/Examples/Resources/ADDomainController/1-ADDomainController_AddDomainControllerToDomainMinimal_Config.ps1 index 20a8ba37b..eddf198c8 100644 --- a/Examples/Resources/ADDomainController/1-ADDomainController_AddDomainControllerToDomainMinimal_Config.ps1 +++ b/Examples/Resources/ADDomainController/1-ADDomainController_AddDomainControllerToDomainMinimal_Config.ps1 @@ -29,7 +29,12 @@ Configuration ADDomainController_AddDomainControllerToDomainMinimal_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -54,7 +59,7 @@ Configuration ADDomainController_AddDomainControllerToDomainMinimal_Config WaitForADDomain 'WaitForestAvailability' { DomainName = 'contoso.com' - DomainUserCredential = $DomainAdministratorCredential + DomainUserCredential = $Credential RetryCount = 10 RetryIntervalSec = 120 @@ -64,8 +69,8 @@ Configuration ADDomainController_AddDomainControllerToDomainMinimal_Config ADDomainController 'DomainControllerMinimal' { DomainName = 'contoso.com' - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword DependsOn = '[WaitForADDomain]WaitForestAvailability' } diff --git a/Examples/Resources/ADDomainController/2-ADDomainController_AddDomainControllerToDomainAllProperties_Config.ps1 b/Examples/Resources/ADDomainController/2-ADDomainController_AddDomainControllerToDomainAllProperties_Config.ps1 index 75e283431..da7f2649f 100644 --- a/Examples/Resources/ADDomainController/2-ADDomainController_AddDomainControllerToDomainAllProperties_Config.ps1 +++ b/Examples/Resources/ADDomainController/2-ADDomainController_AddDomainControllerToDomainAllProperties_Config.ps1 @@ -29,7 +29,12 @@ Configuration ADDomainController_AddDomainControllerToDomainAllProperties_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -54,7 +59,7 @@ Configuration ADDomainController_AddDomainControllerToDomainAllProperties_Config WaitForADDomain 'WaitForestAvailability' { DomainName = 'contoso.com' - DomainUserCredential = $DomainAdministratorCredential + DomainUserCredential = $Credential RetryCount = 10 RetryIntervalSec = 120 @@ -64,8 +69,8 @@ Configuration ADDomainController_AddDomainControllerToDomainAllProperties_Config ADDomainController 'DomainControllerAllProperties' { DomainName = 'contoso.com' - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword DatabasePath = 'C:\Windows\NTDS' LogPath = 'C:\Windows\Logs' SysvolPath = 'C:\Windows\SYSVOL' diff --git a/Examples/Resources/ADDomainController/3-ADDomainController_AddDomainControllerToDomainUsingIFM_Config.ps1 b/Examples/Resources/ADDomainController/3-ADDomainController_AddDomainControllerToDomainUsingIFM_Config.ps1 index 87c7b9945..6709511e9 100644 --- a/Examples/Resources/ADDomainController/3-ADDomainController_AddDomainControllerToDomainUsingIFM_Config.ps1 +++ b/Examples/Resources/ADDomainController/3-ADDomainController_AddDomainControllerToDomainUsingIFM_Config.ps1 @@ -29,7 +29,12 @@ Configuration ADDomainController_AddDomainControllerToDomainUsingIFM_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -54,7 +59,7 @@ Configuration ADDomainController_AddDomainControllerToDomainUsingIFM_Config WaitForADDomain 'WaitForestAvailability' { DomainName = 'contoso.com' - DomainUserCredential = $DomainAdministratorCredential + DomainUserCredential = $Credential RetryCount = 10 RetryIntervalSec = 120 @@ -64,8 +69,8 @@ Configuration ADDomainController_AddDomainControllerToDomainUsingIFM_Config ADDomainController 'DomainControllerWithIFM' { DomainName = 'contoso.com' - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword InstallationMediaPath = 'F:\IFM' DependsOn = '[WaitForADDomain]WaitForestAvailability' diff --git a/Examples/Resources/ADDomainController/4-ADDomainController_AddReadOnlyDomainController_Config.ps1 b/Examples/Resources/ADDomainController/4-ADDomainController_AddReadOnlyDomainController_Config.ps1 index 1f617c9b0..8bacbd6aa 100644 --- a/Examples/Resources/ADDomainController/4-ADDomainController_AddReadOnlyDomainController_Config.ps1 +++ b/Examples/Resources/ADDomainController/4-ADDomainController_AddReadOnlyDomainController_Config.ps1 @@ -29,7 +29,12 @@ Configuration ADDomainController_AddReadOnlyDomainController_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -54,7 +59,7 @@ Configuration ADDomainController_AddReadOnlyDomainController_Config WaitForADDomain 'WaitForestAvailability' { DomainName = 'contoso.com' - DomainUserCredential = $DomainAdministratorCredential + DomainUserCredential = $Credential RetryCount = 10 RetryIntervalSec = 120 @@ -64,8 +69,8 @@ Configuration ADDomainController_AddReadOnlyDomainController_Config ADDomainController 'Read-OnlyDomainController(RODC)' { DomainName = 'contoso.com' - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword ReadOnlyReplica = $true SiteName = 'Default-First-Site-Name' AllowPasswordReplicationAccountName = @('pvdi.test1', 'pvdi.test') diff --git a/Examples/Resources/ADDomainDefaultPasswordPolicy/1-ADDomainDefaultPasswordPolicy_ConfigureDefaultPasswordPolicy_Config.ps1 b/Examples/Resources/ADDomainDefaultPasswordPolicy/1-ADDomainDefaultPasswordPolicy_ConfigureDefaultPasswordPolicy_Config.ps1 index f881938b4..caf13014e 100644 --- a/Examples/Resources/ADDomainDefaultPasswordPolicy/1-ADDomainDefaultPasswordPolicy_ConfigureDefaultPasswordPolicy_Config.ps1 +++ b/Examples/Resources/ADDomainDefaultPasswordPolicy/1-ADDomainDefaultPasswordPolicy_ConfigureDefaultPasswordPolicy_Config.ps1 @@ -26,15 +26,15 @@ Configuration ADDomainDefaultPasswordPolicy_ConfigureDefaultPasswordPolicy_Confi { Param ( - [parameter(Mandatory = $true)] + [Parameter(Mandatory = $true)] [System.String] $DomainName, - [parameter(Mandatory = $true)] + [Parameter(Mandatory = $true)] [System.Boolean] $ComplexityEnabled, - [parameter(Mandatory = $true)] + [Parameter(Mandatory = $true)] [System.Int32] $MinPasswordLength ) diff --git a/Examples/Resources/ADDomainTrust/1-ADDomainTrust_NewOneWayTrust_Config.ps1 b/Examples/Resources/ADDomainTrust/1-ADDomainTrust_NewOneWayTrust_Config.ps1 index 679dede1b..ba52ad64f 100644 --- a/Examples/Resources/ADDomainTrust/1-ADDomainTrust_NewOneWayTrust_Config.ps1 +++ b/Examples/Resources/ADDomainTrust/1-ADDomainTrust_NewOneWayTrust_Config.ps1 @@ -45,12 +45,12 @@ Configuration ADDomainTrust_NewOneWayTrust_Config { ADDomainTrust 'Trust' { - Ensure = 'Present' - SourceDomainName = $SourceDomain - TargetDomainName = $TargetDomain - TargetDomainAdministratorCredential = $TargetDomainAdminCred - TrustDirection = 'Inbound' - TrustType = 'External' + Ensure = 'Present' + SourceDomainName = $SourceDomain + TargetDomainName = $TargetDomain + TargetCredential = $TargetDomainAdminCred + TrustDirection = 'Inbound' + TrustType = 'External' } } } diff --git a/Examples/Resources/ADForestProperties/1-ADForestProperties_ReplaceForestProperties_Config.ps1 b/Examples/Resources/ADForestProperties/1-ADForestProperties_ReplaceForestProperties_Config.ps1 index 22cdc4532..34d1d128f 100644 --- a/Examples/Resources/ADForestProperties/1-ADForestProperties_ReplaceForestProperties_Config.ps1 +++ b/Examples/Resources/ADForestProperties/1-ADForestProperties_ReplaceForestProperties_Config.ps1 @@ -27,25 +27,13 @@ Configuration ADForestProperties_ReplaceForestProperties_Config { Import-DscResource -ModuleName ActiveDirectoryDsc - node $AllNodes.NodeName + node 'localhost' { - ADForestProperties $Node.ForestName + ADForestProperties 'contoso.com' { - ForestName = $Node.ForestName - UserPrincipalNameSuffix = $Node.UserPrincipalNameSuffix - ServicePrincipalNameSuffix = $Node.ServicePrincipalNameSuffix - } - } -} - -$ConfigurationData = @{ - AllNodes = @( - @{ - NodeName = 'dc.contoso.com' ForestName = 'contoso.com' UserPrincipalNameSuffix = 'fabrikam.com', 'industry.com' ServicePrincipalNameSuffix = 'corporate.com' } - ) + } } - diff --git a/Examples/Resources/ADObjectEnabledState/2-ADObjectEnabledState_CreateClusterComputerAccount_Config.ps1 b/Examples/Resources/ADObjectEnabledState/2-ADObjectEnabledState_CreateClusterComputerAccount_Config.ps1 index e93baea61..9c39a66a6 100644 --- a/Examples/Resources/ADObjectEnabledState/2-ADObjectEnabledState_CreateClusterComputerAccount_Config.ps1 +++ b/Examples/Resources/ADObjectEnabledState/2-ADObjectEnabledState_CreateClusterComputerAccount_Config.ps1 @@ -31,7 +31,7 @@ Configuration ADObjectEnabledState_CreateClusterComputerAccount_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -49,7 +49,7 @@ Configuration ADObjectEnabledState_CreateClusterComputerAccount_Config { Name = 'CLU_CNO01' StaticIPAddress = '192.168.100.20/24' - DomainAdministratorCredential = $DomainAdministratorCredential + DomainAdministratorCredential = $Credential DependsOn = '[ADComputer]ClusterAccount' } diff --git a/Examples/Resources/ADObjectEnabledState/3-ADObjectEnabledState_EnabledPrestagedClusterComputerAccount_Config.ps1 b/Examples/Resources/ADObjectEnabledState/3-ADObjectEnabledState_EnabledPrestagedClusterComputerAccount_Config.ps1 index 2ce211243..9f40aa0f3 100644 --- a/Examples/Resources/ADObjectEnabledState/3-ADObjectEnabledState_EnabledPrestagedClusterComputerAccount_Config.ps1 +++ b/Examples/Resources/ADObjectEnabledState/3-ADObjectEnabledState_EnabledPrestagedClusterComputerAccount_Config.ps1 @@ -30,7 +30,7 @@ Configuration ADObjectEnabledState_EnabledPrestagedClusterComputerAccount_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -42,7 +42,7 @@ Configuration ADObjectEnabledState_EnabledPrestagedClusterComputerAccount_Config { Name = 'CLU_CNO01' StaticIPAddress = '192.168.100.20/24' - DomainAdministratorCredential = $DomainAdministratorCredential + DomainAdministratorCredential = $Credential } ADObjectEnabledState 'EnforceEnabledPropertyToEnabled' diff --git a/Modules/ActiveDirectoryDsc.Common/ActiveDirectoryDsc.Common.psm1 b/Modules/ActiveDirectoryDsc.Common/ActiveDirectoryDsc.Common.psm1 index fac2b9437..4f9cc7cb9 100644 --- a/Modules/ActiveDirectoryDsc.Common/ActiveDirectoryDsc.Common.psm1 +++ b/Modules/ActiveDirectoryDsc.Common/ActiveDirectoryDsc.Common.psm1 @@ -1073,7 +1073,6 @@ function Get-ADCommonParameters [Parameter()] [ValidateNotNull()] - [Alias('DomainAdministratorCredential')] [System.Management.Automation.PSCredential] [System.Management.Automation.CredentialAttribute()] $Credential, @@ -1322,7 +1321,6 @@ function Restore-ADCommonObject [Parameter()] [ValidateNotNull()] - [Alias('DomainAdministratorCredential')] [System.Management.Automation.PSCredential] [System.Management.Automation.CredentialAttribute()] $Credential, diff --git a/Tests/Integration/MSFT_ADComputer.Integration.Tests.ps1 b/Tests/Integration/MSFT_ADComputer.Integration.Tests.ps1 index d4e030555..e8825cf58 100644 --- a/Tests/Integration/MSFT_ADComputer.Integration.Tests.ps1 +++ b/Tests/Integration/MSFT_ADComputer.Integration.Tests.ps1 @@ -84,7 +84,7 @@ try $resourceCurrentState.Enabled | Should -BeTrue $resourceCurrentState.EnabledOnCreation | Should -BeFalse $resourceCurrentState.DomainController | Should -BeNullOrEmpty - $resourceCurrentState.DomainAdministratorCredential | Should -BeNullOrEmpty + $resourceCurrentState.Credential | Should -BeNullOrEmpty $resourceCurrentState.RequestFile | Should -BeNullOrEmpty $resourceCurrentState.RestoreFromRecycleBin | Should -BeFalse $resourceCurrentState.DistinguishedName | Should -Match ('^CN={0}' -f $ConfigurationData.AllNodes.ComputerName1) @@ -340,7 +340,7 @@ try $resourceCurrentState.Enabled | Should -BeTrue $resourceCurrentState.EnabledOnCreation | Should -BeFalse $resourceCurrentState.DomainController | Should -BeNullOrEmpty - $resourceCurrentState.DomainAdministratorCredential | Should -BeNullOrEmpty + $resourceCurrentState.Credential | Should -BeNullOrEmpty $resourceCurrentState.RequestFile | Should -BeNullOrEmpty $resourceCurrentState.RestoreFromRecycleBin | Should -BeFalse $resourceCurrentState.DistinguishedName | Should -Match ('^CN={0}' -f $ConfigurationData.AllNodes.ComputerName1) diff --git a/Tests/Integration/MSFT_ADDomainTrust.Integration.Tests.ps1 b/Tests/Integration/MSFT_ADDomainTrust.Integration.Tests.ps1 index 552cf53a7..ea56fc1a8 100644 --- a/Tests/Integration/MSFT_ADDomainTrust.Integration.Tests.ps1 +++ b/Tests/Integration/MSFT_ADDomainTrust.Integration.Tests.ps1 @@ -75,7 +75,7 @@ try $resourceCurrentState.Ensure | Should -Be 'Present' $resourceCurrentState.SourceDomainName | Should -Be $configurationData.AllNodes.SourceDomain $resourceCurrentState.TargetDomainName | Should -Be $configurationData.AllNodes.TargetDomain - $resourceCurrentState.TargetDomainAdministratorCredential.UserName | Should -Be $configurationData.AllNodes.TargetUserName + $resourceCurrentState.TargetCredential.UserName | Should -Be $configurationData.AllNodes.TargetUserName $resourceCurrentState.TrustType | Should -Be 'External' $resourceCurrentState.TrustDirection | Should -Be 'Outbound' } @@ -126,7 +126,7 @@ try $resourceCurrentState.Ensure | Should -Be 'Present' $resourceCurrentState.SourceDomainName | Should -Be $configurationData.AllNodes.SourceDomain $resourceCurrentState.TargetDomainName | Should -Be $configurationData.AllNodes.TargetDomain - $resourceCurrentState.TargetDomainAdministratorCredential.UserName | Should -Be $configurationData.AllNodes.TargetUserName + $resourceCurrentState.TargetCredential.UserName | Should -Be $configurationData.AllNodes.TargetUserName $resourceCurrentState.TrustType | Should -Be 'External' $resourceCurrentState.TrustDirection | Should -Be 'Inbound' } @@ -177,7 +177,7 @@ try $resourceCurrentState.Ensure | Should -Be 'Absent' $resourceCurrentState.SourceDomainName | Should -Be $configurationData.AllNodes.SourceDomain $resourceCurrentState.TargetDomainName | Should -Be $configurationData.AllNodes.TargetDomain - $resourceCurrentState.TargetDomainAdministratorCredential.UserName | Should -Be $configurationData.AllNodes.TargetUserName + $resourceCurrentState.TargetCredential.UserName | Should -Be $configurationData.AllNodes.TargetUserName $resourceCurrentState.TrustType | Should -BeNullOrEmpty $resourceCurrentState.TrustDirection | Should -BeNullOrEmpty } @@ -228,7 +228,7 @@ try $resourceCurrentState.Ensure | Should -Be 'Present' $resourceCurrentState.SourceDomainName | Should -Be $configurationData.AllNodes.SourceForest $resourceCurrentState.TargetDomainName | Should -Be $configurationData.AllNodes.TargetForest - $resourceCurrentState.TargetDomainAdministratorCredential.UserName | Should -Be $configurationData.AllNodes.TargetUserName + $resourceCurrentState.TargetCredential.UserName | Should -Be $configurationData.AllNodes.TargetUserName $resourceCurrentState.TrustType | Should -Be 'Forest' $resourceCurrentState.TrustDirection | Should -Be 'Outbound' } @@ -279,7 +279,7 @@ try $resourceCurrentState.Ensure | Should -Be 'Present' $resourceCurrentState.SourceDomainName | Should -Be $configurationData.AllNodes.SourceForest $resourceCurrentState.TargetDomainName | Should -Be $configurationData.AllNodes.TargetForest - $resourceCurrentState.TargetDomainAdministratorCredential.UserName | Should -Be $configurationData.AllNodes.TargetUserName + $resourceCurrentState.TargetCredential.UserName | Should -Be $configurationData.AllNodes.TargetUserName $resourceCurrentState.TrustType | Should -Be 'Forest' $resourceCurrentState.TrustDirection | Should -Be 'Inbound' } @@ -330,7 +330,7 @@ try $resourceCurrentState.Ensure | Should -Be 'Absent' $resourceCurrentState.SourceDomainName | Should -Be $configurationData.AllNodes.SourceForest $resourceCurrentState.TargetDomainName | Should -Be $configurationData.AllNodes.TargetForest - $resourceCurrentState.TargetDomainAdministratorCredential.UserName | Should -Be $configurationData.AllNodes.TargetUserName + $resourceCurrentState.TargetCredential.UserName | Should -Be $configurationData.AllNodes.TargetUserName $resourceCurrentState.TrustType | Should -BeNullOrEmpty $resourceCurrentState.TrustDirection | Should -BeNullOrEmpty } diff --git a/Tests/Integration/MSFT_ADDomainTrust.config.ps1 b/Tests/Integration/MSFT_ADDomainTrust.config.ps1 index 7a97c395a..b530e2fa8 100644 --- a/Tests/Integration/MSFT_ADDomainTrust.config.ps1 +++ b/Tests/Integration/MSFT_ADDomainTrust.config.ps1 @@ -59,11 +59,11 @@ Configuration MSFT_ADDomainTrust_CreateDomainTrust_Config { ADDomainTrust 'Integration_Test' { - SourceDomainName = $Node.SourceDomain - TargetDomainName = $Node.TargetDomain - TrustType = 'External' - TrustDirection = 'Outbound' - TargetDomainAdministratorCredential = New-Object ` + SourceDomainName = $Node.SourceDomain + TargetDomainName = $Node.TargetDomain + TrustType = 'External' + TrustDirection = 'Outbound' + TargetCredential = New-Object ` -TypeName System.Management.Automation.PSCredential ` -ArgumentList @($Node.TargetUserName, (ConvertTo-SecureString -String $Node.TargetPassword -AsPlainText -Force)) @@ -83,11 +83,11 @@ Configuration MSFT_ADDomainTrust_ChangeDomainTrustDirection_Config { ADDomainTrust 'Integration_Test' { - SourceDomainName = $Node.SourceDomain - TargetDomainName = $Node.TargetDomain - TrustType = 'External' - TrustDirection = 'Inbound' - TargetDomainAdministratorCredential = New-Object ` + SourceDomainName = $Node.SourceDomain + TargetDomainName = $Node.TargetDomain + TrustType = 'External' + TrustDirection = 'Inbound' + TargetCredential = New-Object ` -TypeName System.Management.Automation.PSCredential ` -ArgumentList @($Node.TargetUserName, (ConvertTo-SecureString -String $Node.TargetPassword -AsPlainText -Force)) @@ -107,12 +107,12 @@ Configuration MSFT_ADDomainTrust_RemoveDomainTrust_Config { ADDomainTrust 'Integration_Test' { - Ensure = 'Absent' - SourceDomainName = $Node.SourceDomain - TargetDomainName = $Node.TargetDomain - TrustType = 'External' - TrustDirection = 'Bidirectional' - TargetDomainAdministratorCredential = New-Object ` + Ensure = 'Absent' + SourceDomainName = $Node.SourceDomain + TargetDomainName = $Node.TargetDomain + TrustType = 'External' + TrustDirection = 'Bidirectional' + TargetCredential = New-Object ` -TypeName System.Management.Automation.PSCredential ` -ArgumentList @($Node.TargetUserName, (ConvertTo-SecureString -String $Node.TargetPassword -AsPlainText -Force)) @@ -132,11 +132,11 @@ Configuration MSFT_ADDomainTrust_CreateForestTrust_Config { ADDomainTrust 'Integration_Test' { - SourceDomainName = $Node.SourceForest - TargetDomainName = $Node.TargetForest - TrustType = 'Forest' - TrustDirection = 'Outbound' - TargetDomainAdministratorCredential = New-Object ` + SourceDomainName = $Node.SourceForest + TargetDomainName = $Node.TargetForest + TrustType = 'Forest' + TrustDirection = 'Outbound' + TargetCredential = New-Object ` -TypeName System.Management.Automation.PSCredential ` -ArgumentList @($Node.TargetUserName, (ConvertTo-SecureString -String $Node.TargetPassword -AsPlainText -Force)) @@ -156,11 +156,11 @@ Configuration MSFT_ADDomainTrust_ChangeForestTrustDirection_Config { ADDomainTrust 'Integration_Test' { - SourceDomainName = $Node.SourceForest - TargetDomainName = $Node.TargetForest - TrustType = 'Forest' - TrustDirection = 'Inbound' - TargetDomainAdministratorCredential = New-Object ` + SourceDomainName = $Node.SourceForest + TargetDomainName = $Node.TargetForest + TrustType = 'Forest' + TrustDirection = 'Inbound' + TargetCredential = New-Object ` -TypeName System.Management.Automation.PSCredential ` -ArgumentList @($Node.TargetUserName, (ConvertTo-SecureString -String $Node.TargetPassword -AsPlainText -Force)) @@ -180,12 +180,12 @@ Configuration MSFT_ADDomainTrust_RemoveForestTrust_Config { ADDomainTrust 'Integration_Test' { - Ensure = 'Absent' - SourceDomainName = $Node.SourceForest - TargetDomainName = $Node.TargetForest - TrustType = 'Forest' - TrustDirection = 'Bidirectional' - TargetDomainAdministratorCredential = New-Object ` + Ensure = 'Absent' + SourceDomainName = $Node.SourceForest + TargetDomainName = $Node.TargetForest + TrustType = 'Forest' + TrustDirection = 'Bidirectional' + TargetCredential = New-Object ` -TypeName System.Management.Automation.PSCredential ` -ArgumentList @($Node.TargetUserName, (ConvertTo-SecureString -String $Node.TargetPassword -AsPlainText -Force)) diff --git a/Tests/Integration/MSFT_ADUser.Integration.Tests.ps1 b/Tests/Integration/MSFT_ADUser.Integration.Tests.ps1 index 34f055d87..60201247e 100644 --- a/Tests/Integration/MSFT_ADUser.Integration.Tests.ps1 +++ b/Tests/Integration/MSFT_ADUser.Integration.Tests.ps1 @@ -76,7 +76,7 @@ try $resourceCurrentState.UserName | Should -Be $ConfigurationData.AllNodes.UserName1 $resourceCurrentState.UserPrincipalName | Should -Be $ConfigurationData.AllNodes.UserName1 $resourceCurrentState.DisplayName | Should -Be $ConfigurationData.AllNodes.DisplayName1 - $resourceCurrentState.DomainAdministratorCredential | Should -BeNullOrEmpty + $resourceCurrentState.Credential | Should -BeNullOrEmpty } It 'Should return $true when Test-DscConfiguration is run' { @@ -126,7 +126,7 @@ try $resourceCurrentState.UserName | Should -Be $ConfigurationData.AllNodes.UserName1 $resourceCurrentState.UserPrincipalName | Should -BeNullOrEmpty $resourceCurrentState.DisplayName | Should -BeNullOrEmpty - $resourceCurrentState.DomainAdministratorCredential | Should -BeNullOrEmpty + $resourceCurrentState.Credential | Should -BeNullOrEmpty } It 'Should return $true when Test-DscConfiguration is run' { diff --git a/Tests/Unit/ActiveDirectory.Common.Tests.ps1 b/Tests/Unit/ActiveDirectory.Common.Tests.ps1 index 64eb212a7..8300cc423 100644 --- a/Tests/Unit/ActiveDirectory.Common.Tests.ps1 +++ b/Tests/Unit/ActiveDirectory.Common.Tests.ps1 @@ -1091,15 +1091,6 @@ InModuleScope 'ActiveDirectoryDsc.Common' { $result['Server'] | Should -Be $testServer } - It "Converts 'DomainAdministratorCredential' parameter to 'Credential' key" { - $testIdentity = 'contoso.com' - $testCredential = [System.Management.Automation.PSCredential]::Empty - - $result = Get-ADCommonParameters -Identity $testIdentity -DomainAdministratorCredential $testCredential - - $result['Credential'] | Should -Be $testCredential - } - It "Converts 'DomainController' parameter to 'Server' key" { $testIdentity = 'contoso.com' $testServer = 'testserver.contoso.com' diff --git a/Tests/Unit/MSFT_ADComputer.Tests.ps1 b/Tests/Unit/MSFT_ADComputer.Tests.ps1 index d940757a4..3aebc6b2c 100644 --- a/Tests/Unit/MSFT_ADComputer.Tests.ps1 +++ b/Tests/Unit/MSFT_ADComputer.Tests.ps1 @@ -123,13 +123,13 @@ try } $getTargetResourceParameters = @{ - ComputerName = $mockComputerNamePresent - DomainController = 'DC01' - DomainAdministratorCredential = $mockCredential - RequestFile = 'TestDrive:\ODJ.txt' - RestoreFromRecycleBin = $false - EnabledOnCreation = $false - Verbose = $true + ComputerName = $mockComputerNamePresent + DomainController = 'DC01' + Credential = $mockCredential + RequestFile = 'TestDrive:\ODJ.txt' + RestoreFromRecycleBin = $false + EnabledOnCreation = $false + Verbose = $true } } @@ -143,7 +143,7 @@ try It 'Should return the same values as passed as parameters' { $result = Get-TargetResource @getTargetResourceParameters $result.DomainController | Should -Be $getTargetResourceParameters.DomainController - $result.DomainAdministratorCredential.UserName | Should -Be $getTargetResourceParameters.DomainAdministratorCredential.UserName + $result.Credential.UserName | Should -Be $getTargetResourceParameters.Credential.UserName $result.RequestFile | Should -Be $getTargetResourceParameters.RequestFile $result.RestoreFromRecycleBin | Should -Be $getTargetResourceParameters.RestoreFromRecycleBin $result.EnabledOnCreation | Should -Be $getTargetResourceParameters.EnabledOnCreation @@ -172,13 +172,13 @@ try Mock -CommandName Get-ADComputer -MockWith $mockGetADComputer $getTargetResourceParameters = @{ - ComputerName = $mockComputerNamePresent - DomainController = 'DC01' - DomainAdministratorCredential = $mockCredential - RequestFile = 'TestDrive:\ODJ.txt' - RestoreFromRecycleBin = $false - EnabledOnCreation = $false - Verbose = $true + ComputerName = $mockComputerNamePresent + DomainController = 'DC01' + Credential = $mockCredential + RequestFile = 'TestDrive:\ODJ.txt' + RestoreFromRecycleBin = $false + EnabledOnCreation = $false + Verbose = $true } } @@ -192,7 +192,7 @@ try It 'Should return the same values as passed as parameters' { $result = Get-TargetResource @getTargetResourceParameters $result.DomainController | Should -Be $getTargetResourceParameters.DomainController - $result.DomainAdministratorCredential.UserName | Should -Be $getTargetResourceParameters.DomainAdministratorCredential.UserName + $result.Credential.UserName | Should -Be $getTargetResourceParameters.Credential.UserName $result.RequestFile | Should -Be $getTargetResourceParameters.RequestFile $result.RestoreFromRecycleBin | Should -Be $getTargetResourceParameters.RestoreFromRecycleBin $result.EnabledOnCreation | Should -Be $getTargetResourceParameters.EnabledOnCreation @@ -261,14 +261,14 @@ try } } - Context 'When Get-TargetResource is called with DomainAdministratorCredential parameter' { + Context 'When Get-TargetResource is called with Credential parameter' { BeforeAll { Mock -CommandName Get-ADComputer -MockWith $mockGetADComputer $getTargetResourceParameters = @{ - ComputerName = $mockComputerNamePresent - DomainAdministratorCredential = $mockCredential - Verbose = $true + ComputerName = $mockComputerNamePresent + Credential = $mockCredential + Verbose = $true } } @@ -292,49 +292,49 @@ try $mockGetTargetResource_Absent = { return @{ - Ensure = 'Absent' - ComputerName = $null - Location = $null - DnsHostName = $null - ServicePrincipalNames = $null - UserPrincipalName = $null - DisplayName = $null - Path = $null - Description = $null - Enabled = $false - Manager = $null - DomainController = $null - DomainAdministratorCredential = $null - RequestFile = $null - RestoreFromRecycleBin = $false - EnabledOnCreation = $false - DistinguishedName = $null - SID = $null - SamAccountName = $null + Ensure = 'Absent' + ComputerName = $null + Location = $null + DnsHostName = $null + ServicePrincipalNames = $null + UserPrincipalName = $null + DisplayName = $null + Path = $null + Description = $null + Enabled = $false + Manager = $null + DomainController = $null + Credential = $null + RequestFile = $null + RestoreFromRecycleBin = $false + EnabledOnCreation = $false + DistinguishedName = $null + SID = $null + SamAccountName = $null } } $mockGetTargetResource_Present = { return @{ - Ensure = 'Present' - ComputerName = $mockComputerNamePresent - Location = $mockLocation - DnsHostName = $mockDnsHostName - ServicePrincipalNames = $mockServicePrincipalNames - UserPrincipalName = $mockUserPrincipalName - DisplayName = $mockDisplayName - Path = $mockParentContainer - Description = $mockDescription - Enabled = $true - Manager = $mockManagedBy - DomainController = 'DC01' - DomainAdministratorCredential = $mockCredential - RequestFile = 'TestDrive:\ODJ.txt' - RestoreFromRecycleBin = $false - EnabledOnCreation = $false - DistinguishedName = $mockDistinguishedName - SID = $mockSID - SamAccountName = $mockSamAccountName + Ensure = 'Present' + ComputerName = $mockComputerNamePresent + Location = $mockLocation + DnsHostName = $mockDnsHostName + ServicePrincipalNames = $mockServicePrincipalNames + UserPrincipalName = $mockUserPrincipalName + DisplayName = $mockDisplayName + Path = $mockParentContainer + Description = $mockDescription + Enabled = $true + Manager = $mockManagedBy + DomainController = 'DC01' + Credential = $mockCredential + RequestFile = 'TestDrive:\ODJ.txt' + RestoreFromRecycleBin = $false + EnabledOnCreation = $false + DistinguishedName = $mockDistinguishedName + SID = $mockSID + SamAccountName = $mockSamAccountName } } } @@ -364,13 +364,13 @@ try Mock -CommandName Get-TargetResource -MockWith $mockGetTargetResource_Present $testTargetResourceParameters = @{ - ComputerName = $mockComputerNamePresent - DomainController = 'DC01' - DomainAdministratorCredential = $mockCredential - RequestFile = 'TestDrive:\ODJ.txt' - RestoreFromRecycleBin = $false - EnabledOnCreation = $false - Verbose = $true + ComputerName = $mockComputerNamePresent + DomainController = 'DC01' + Credential = $mockCredential + RequestFile = 'TestDrive:\ODJ.txt' + RestoreFromRecycleBin = $false + EnabledOnCreation = $false + Verbose = $true } } @@ -443,8 +443,8 @@ try Context 'When a property is not in desired state' { BeforeAll { - # Mock a specific desired state. - Mock -CommandName Get-TargetResource -MockWith $mockGetTargetResource_Present + # Mock a specific desired state. + Mock -CommandName Get-TargetResource -MockWith $mockGetTargetResource_Present } Context 'When a property should be set to a new non-empty value' { @@ -583,49 +583,49 @@ try $mockGetTargetResource_Absent = { return @{ - Ensure = 'Absent' - ComputerName = $null - Location = $null - DnsHostName = $null - ServicePrincipalNames = $null - UserPrincipalName = $null - DisplayName = $null - Path = $null - Description = $null - Enabled = $false - Manager = $null - DomainController = $null - DomainAdministratorCredential = $null - RequestFile = $null - RestoreFromRecycleBin = $false - EnabledOnCreation = $false - DistinguishedName = $null - SID = $null - SamAccountName = $null + Ensure = 'Absent' + ComputerName = $null + Location = $null + DnsHostName = $null + ServicePrincipalNames = $null + UserPrincipalName = $null + DisplayName = $null + Path = $null + Description = $null + Enabled = $false + Manager = $null + DomainController = $null + Credential = $null + RequestFile = $null + RestoreFromRecycleBin = $false + EnabledOnCreation = $false + DistinguishedName = $null + SID = $null + SamAccountName = $null } } $mockGetTargetResource_Present = { return @{ - Ensure = 'Present' - ComputerName = $mockComputerNamePresent - Location = $mockLocation - DnsHostName = $mockDnsHostName - ServicePrincipalNames = $mockServicePrincipalNames_DefaultValues - UserPrincipalName = $mockUserPrincipalName - DisplayName = $mockDisplayName - Path = $mockParentContainer - Description = $mockDescription - Enabled = $true - Manager = $mockManagedBy - DomainController = 'DC01' - DomainAdministratorCredential = $mockCredential - RequestFile = 'TestDrive:\ODJ.txt' - RestoreFromRecycleBin = $false - EnabledOnCreation = $false - DistinguishedName = $mockDistinguishedName - SID = $mockSID - SamAccountName = $mockSamAccountName + Ensure = 'Present' + ComputerName = $mockComputerNamePresent + Location = $mockLocation + DnsHostName = $mockDnsHostName + ServicePrincipalNames = $mockServicePrincipalNames_DefaultValues + UserPrincipalName = $mockUserPrincipalName + DisplayName = $mockDisplayName + Path = $mockParentContainer + Description = $mockDescription + Enabled = $true + Manager = $mockManagedBy + DomainController = 'DC01' + Credential = $mockCredential + RequestFile = 'TestDrive:\ODJ.txt' + RestoreFromRecycleBin = $false + EnabledOnCreation = $false + DistinguishedName = $mockDistinguishedName + SID = $mockSID + SamAccountName = $mockSamAccountName } } } @@ -664,13 +664,13 @@ try Mock -CommandName Get-TargetResource -MockWith $mockGetTargetResource_Present $setTargetResourceParameters = @{ - ComputerName = $mockComputerNamePresent - DomainController = 'DC01' - DomainAdministratorCredential = $mockCredential - RequestFile = 'TestDrive:\ODJ.txt' - RestoreFromRecycleBin = $false - EnabledOnCreation = $false - Verbose = $true + ComputerName = $mockComputerNamePresent + DomainController = 'DC01' + Credential = $mockCredential + RequestFile = 'TestDrive:\ODJ.txt' + RestoreFromRecycleBin = $false + EnabledOnCreation = $false + Verbose = $true } } diff --git a/Tests/Unit/MSFT_ADDomain.Tests.ps1 b/Tests/Unit/MSFT_ADDomain.Tests.ps1 index af49d4bc6..deeb7483e 100644 --- a/Tests/Unit/MSFT_ADDomain.Tests.ps1 +++ b/Tests/Unit/MSFT_ADDomain.Tests.ps1 @@ -66,8 +66,8 @@ try ) $testDefaultParams = @{ - DomainAdministratorCredential = $testAdminCredential - SafemodeAdministratorPassword = $testAdminCredential + Credential = $testAdminCredential + SafeModeAdministratorPassword = $testAdminCredential } #region Function Get-TargetResource @@ -220,8 +220,8 @@ try ) $testDefaultParams = @{ - DomainAdministratorCredential = $testAdminCredential - SafemodeAdministratorPassword = $testAdminCredential + Credential = $testAdminCredential + SafeModeAdministratorPassword = $testAdminCredential } $stubDomain = @{ @@ -352,15 +352,15 @@ try $newForestParams = @{ DomainName = $testDomainName - DomainAdministratorCredential = $testAdminCredential - SafemodeAdministratorPassword = $testSafemodeCredential + Credential = $testAdminCredential + SafeModeAdministratorPassword = $testSafemodeCredential } $newDomainParams = @{ DomainName = $testDomainName ParentDomainName = $testParentDomainName - DomainAdministratorCredential = $testAdminCredential - SafemodeAdministratorPassword = $testSafemodeCredential + Credential = $testAdminCredential + SafeModeAdministratorPassword = $testSafemodeCredential } $stubTargetResource = @{ @@ -381,12 +381,12 @@ try Assert-MockCalled -CommandName Install-ADDSForest -ParameterFilter { $DomainName -eq $testDomainName } -Scope It } - It 'Calls "Install-ADDSForest" with "SafemodeAdministratorPassword" when creating forest' { - Mock -CommandName Install-ADDSForest -ParameterFilter { $SafemodeAdministratorPassword -eq $testSafemodePassword } + It 'Calls "Install-ADDSForest" with "SafeModeAdministratorPassword" when creating forest' { + Mock -CommandName Install-ADDSForest -ParameterFilter { $SafeModeAdministratorPassword -eq $testSafemodePassword } Set-TargetResource @newForestParams - Assert-MockCalled -CommandName Install-ADDSForest -ParameterFilter { $SafemodeAdministratorPassword -eq $testSafemodePassword } -Scope It + Assert-MockCalled -CommandName Install-ADDSForest -ParameterFilter { $SafeModeAdministratorPassword -eq $testSafemodePassword } -Scope It } It 'Calls "Install-ADDSForest" with "DnsDelegationCredential" when creating forest, if specified' { @@ -482,12 +482,12 @@ try Assert-MockCalled -CommandName Install-ADDSDomain -ParameterFilter { $DomainType -eq 'ChildDomain' } -Scope It } - It 'Calls "Install-ADDSDomain" with "SafemodeAdministratorPassword" when creating child domain' { - Mock -CommandName Install-ADDSDomain -ParameterFilter { $SafemodeAdministratorPassword -eq $testSafemodePassword } + It 'Calls "Install-ADDSDomain" with "SafeModeAdministratorPassword" when creating child domain' { + Mock -CommandName Install-ADDSDomain -ParameterFilter { $SafeModeAdministratorPassword -eq $testSafemodePassword } Set-TargetResource @newDomainParams - Assert-MockCalled -CommandName Install-ADDSDomain -ParameterFilter { $SafemodeAdministratorPassword -eq $testSafemodePassword } -Scope It + Assert-MockCalled -CommandName Install-ADDSDomain -ParameterFilter { $SafeModeAdministratorPassword -eq $testSafemodePassword } -Scope It } It 'Calls "Install-ADDSDomain" with "Credential" when creating child domain' { diff --git a/Tests/Unit/MSFT_ADDomainController.Tests.ps1 b/Tests/Unit/MSFT_ADDomainController.Tests.ps1 index c574ce2cf..cd93c6120 100644 --- a/Tests/Unit/MSFT_ADDomainController.Tests.ps1 +++ b/Tests/Unit/MSFT_ADDomainController.Tests.ps1 @@ -62,14 +62,14 @@ try $deniedAccount = 'deniedAccount' $testDefaultParams = @{ - DomainAdministratorCredential = $testAdminCredential - SafemodeAdministratorPassword = $testAdminCredential + Credential = $testAdminCredential + SafeModeAdministratorPassword = $testAdminCredential Verbose = $true } $testDefaultParamsRODC = @{ - DomainAdministratorCredential = $testAdminCredential - SafemodeAdministratorPassword = $testAdminCredential + Credential = $testAdminCredential + SafeModeAdministratorPassword = $testAdminCredential Verbose = $true ReadOnlyReplica = $true SiteName = $correctSiteName diff --git a/Tests/Unit/MSFT_ADDomainTrust.Tests.ps1 b/Tests/Unit/MSFT_ADDomainTrust.Tests.ps1 index 54857f42f..42c5f585e 100644 --- a/Tests/Unit/MSFT_ADDomainTrust.Tests.ps1 +++ b/Tests/Unit/MSFT_ADDomainTrust.Tests.ps1 @@ -50,7 +50,7 @@ try $mockDefaultParameters = @{ SourceDomainName = $mockSourceDomainName TargetDomainName = $mockTargetDomainName - TargetDomainAdministratorCredential = $mockCredential + TargetCredential = $mockCredential TrustDirection = 'Outbound' Verbose = $true } @@ -99,7 +99,7 @@ try $getTargetResourceResult = Get-TargetResource @mockGetTargetResourceParameters $getTargetResourceResult.SourceDomainName | Should -Be $mockGetTargetResourceParameters.SourceDomainName $getTargetResourceResult.TargetDomainName | Should -Be $mockGetTargetResourceParameters.TargetDomainName - $getTargetResourceResult.TargetDomainAdministratorCredential.UserName | Should -Be $mockCredential.UserName + $getTargetResourceResult.TargetCredential.UserName | Should -Be $mockCredential.UserName } It 'Should return the correct values for the other properties' { @@ -150,7 +150,7 @@ try $getTargetResourceResult = Get-TargetResource @mockGetTargetResourceParameters $getTargetResourceResult.SourceDomainName | Should -Be $mockGetTargetResourceParameters.SourceDomainName $getTargetResourceResult.TargetDomainName | Should -Be $mockGetTargetResourceParameters.TargetDomainName - $getTargetResourceResult.TargetDomainAdministratorCredential.UserName | Should -Be $mockCredential.UserName + $getTargetResourceResult.TargetCredential.UserName | Should -Be $mockCredential.UserName } It 'Should return the correct values for the other properties' { @@ -199,7 +199,7 @@ try $getTargetResourceResult = Get-TargetResource @mockGetTargetResourceParameters $getTargetResourceResult.SourceDomainName | Should -Be $mockGetTargetResourceParameters.SourceDomainName $getTargetResourceResult.TargetDomainName | Should -Be $mockGetTargetResourceParameters.TargetDomainName - $getTargetResourceResult.TargetDomainAdministratorCredential.UserName | Should -Be $mockCredential.UserName + $getTargetResourceResult.TargetCredential.UserName | Should -Be $mockCredential.UserName } It 'Should return the correct values for the other properties' { @@ -217,7 +217,7 @@ try $mockDefaultParameters = @{ SourceDomainName = $mockSourceDomainName TargetDomainName = $mockTargetDomainName - TargetDomainAdministratorCredential = $mockCredential + TargetCredential = $mockCredential Verbose = $true } } @@ -362,7 +362,7 @@ try $mockDefaultParameters = @{ SourceDomainName = $mockSourceDomainName TargetDomainName = $mockTargetDomainName - TargetDomainAdministratorCredential = $mockCredential + TargetCredential = $mockCredential Verbose = $true } @@ -371,7 +371,7 @@ try Ensure = 'Absent' SourceDomainName = $mockSourceDomainName TargetDomainName = $mockTargetDomainName - TargetDomainAdministratorCredential = $mockCredential + TargetCredential = $mockCredential TrustDirection = $null TrustType = $null } @@ -382,7 +382,7 @@ try Ensure = 'Present' SourceDomainName = $mockSourceDomainName TargetDomainName = $mockTargetDomainName - TargetDomainAdministratorCredential = $mockCredential + TargetCredential = $mockCredential TrustDirection = 'Outbound' TrustType = 'External' } @@ -583,7 +583,7 @@ try $mockDefaultParameters = @{ SourceDomainName = $mockSourceDomainName TargetDomainName = $mockTargetDomainName - TargetDomainAdministratorCredential = $mockCredential + TargetCredential = $mockCredential TrustDirection = 'Outbound' Verbose = $true } @@ -961,7 +961,7 @@ try $testParameters = @{ SourceDomainName = $mockSourceDomainName TargetDomainName = $mockTargetDomainName - TargetDomainAdministratorCredential = $mockCredential + TargetCredential = $mockCredential TrustType = $TrustType Verbose = $true }