dsccommunity · johlju · Sep 3, 2019 · Sep 3, 2019 · Sep 3, 2019 · Sep 3, 2019
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -69,6 +69,8 @@
     the domain was found, or `$false` if it was not.
 - Changes to ADUser
   - Remove unused non-mandatory parameters from the Get-TargetResource ([issue #293](https://github.com/PowerShell/ActiveDirectoryDsc/issues/293)).
+  - Added a note to the resource README.md that `RestoreFromRecycleBin`
+    needs the feature Recycle Bin enabled.
 - Changes to ADDomainController
   - Add InstallDns parameter to enable promotion without installing local
     DNS Server Service ([issue #87](https://github.com/PowerShell/xActiveDirectory/issues/87)).
@@ -84,6 +86,16 @@
     [issue #493](https://github.com/PowerShell/ActiveDirectoryDsc/issues/493)).
   - It is now possible to enforce a group with no members by using
     `Members = @()` in a configuration ([issue #189](https://github.com/PowerShell/xActiveDirectory/issues/189)).
+  - Added a note to the resource README.md that `RestoreFromRecycleBin`
+    needs the feature Recycle Bin enabled ([issue #496](https://github.com/PowerShell/xActiveDirectory/issues/496)).
+- Changes to ADOrganizationalUnit
+  - Added a note to the resource README.md that `RestoreFromRecycleBin`
+    needs the feature Recycle Bin enabled.
+- Changes to ADComputer
+  - Added a note to the resource README.md that `RestoreFromRecycleBin`
+    needs the feature Recycle Bin enabled ([issue #498](https://github.com/PowerShell/xActiveDirectory/issues/498)).
+  - Updated integration test to be able to catch when a computer account
+    cannot be restored.
 
 ## 4.0.0.0
 

diff --git a/DSCResources/MSFT_ADComputer/README.md b/DSCResources/MSFT_ADComputer/README.md
@@ -14,3 +14,7 @@ domain join, unsecure domain Join and RODC domain join scenarios.
 ## Requirements
 
 * Target machine must be running Windows Server 2008 R2 or later.
+* The parameter `RestoreFromRecycleBin` requires that the feature Recycle
+  Bin has been enabled prior to an object is deleted. If the feature
+  Recycle Bin is disabled then the property `msDS-LastKnownRDN` is not
+  added the deleted object.
diff --git a/DSCResources/MSFT_ADComputer/en-US/about_ADComputer.help.txt b/DSCResources/MSFT_ADComputer/en-US/about_ADComputer.help.txt
@@ -16,6 +16,10 @@
     ## Requirements
 
     * Target machine must be running Windows Server 2008 R2 or later.
+    * The parameter `RestoreFromRecycleBin` requires that the feature Recycle
+      Bin has been enabled prior to an object is deleted. If the feature
+      Recycle Bin is disabled then the property `msDS-LastKnownRDN` is not
+      added the deleted object.
 
 .PARAMETER ComputerName
     Key - String

diff --git a/DSCResources/MSFT_ADGroup/README.md b/DSCResources/MSFT_ADGroup/README.md
@@ -5,3 +5,7 @@ The ADGroup DSC resource will manage groups within Active Directory.
 ## Requirements
 
 * Target machine must be running Windows Server 2008 R2 or later.
+* The parameter `RestoreFromRecycleBin` requires that the feature Recycle
+  Bin has been enabled prior to an object is deleted. If the feature
+  Recycle Bin is disabled then the property `msDS-LastKnownRDN` is not
+  added the deleted object.
diff --git a/DSCResources/MSFT_ADGroup/en-US/about_ADGroup.help.txt b/DSCResources/MSFT_ADGroup/en-US/about_ADGroup.help.txt
@@ -7,6 +7,10 @@
     ## Requirements
 
     * Target machine must be running Windows Server 2008 R2 or later.
+    * The parameter `RestoreFromRecycleBin` requires that the feature Recycle
+      Bin has been enabled prior to an object is deleted. If the feature
+      Recycle Bin is disabled then the property `msDS-LastKnownRDN` is not
+      added the deleted object.
 
 .PARAMETER GroupName
     Key - String

diff --git a/DSCResources/MSFT_ADOrganizationalUnit/README.md b/DSCResources/MSFT_ADOrganizationalUnit/README.md
@@ -5,3 +5,7 @@ The ADOrganizational Unit DSC resource will manage Organizational Units (OUs) wi
 ## Requirements
 
 * Target machine must be running Windows Server 2008 R2 or later.
+* The parameter `RestoreFromRecycleBin` requires that the feature Recycle
+  Bin has been enabled prior to an object is deleted. If the feature
+  Recycle Bin is disabled then the property `msDS-LastKnownRDN` is not
+  added the deleted object.
diff --git a/DSCResources/MSFT_ADOrganizationalUnit/en-US/about_ADOrganizationalUnit.help.txt b/DSCResources/MSFT_ADOrganizationalUnit/en-US/about_ADOrganizationalUnit.help.txt
@@ -7,6 +7,10 @@
     ## Requirements
 
     * Target machine must be running Windows Server 2008 R2 or later.
+    * The parameter `RestoreFromRecycleBin` requires that the feature Recycle
+      Bin has been enabled prior to an object is deleted. If the feature
+      Recycle Bin is disabled then the property `msDS-LastKnownRDN` is not
+      added the deleted object.
 
 .PARAMETER Name
     Key - String

diff --git a/DSCResources/MSFT_ADUser/README.md b/DSCResources/MSFT_ADUser/README.md
@@ -5,3 +5,7 @@ The ADUser DSC resource will manage Users within Active Directory.
 ## Requirements
 
 * Target machine must be running Windows Server 2008 R2 or later.
+* The parameter `RestoreFromRecycleBin` requires that the feature Recycle
+  Bin has been enabled prior to an object is deleted. If the feature
+  Recycle Bin is disabled then the property `msDS-LastKnownRDN` is not
+  added the deleted object.
diff --git a/DSCResources/MSFT_ADUser/en-US/about_ADUser.help.txt b/DSCResources/MSFT_ADUser/en-US/about_ADUser.help.txt
@@ -7,6 +7,10 @@
     ## Requirements
 
     * Target machine must be running Windows Server 2008 R2 or later.
+    * The parameter `RestoreFromRecycleBin` requires that the feature Recycle
+      Bin has been enabled prior to an object is deleted. If the feature
+      Recycle Bin is disabled then the property `msDS-LastKnownRDN` is not
+      added the deleted object.
 
 .PARAMETER DomainName
     Key - String

diff --git a/Tests/Integration/MSFT_ADComputer.Integration.Tests.ps1 b/Tests/Integration/MSFT_ADComputer.Integration.Tests.ps1
@@ -74,7 +74,7 @@ try
 
                 $resourceCurrentState.Ensure | Should -Be 'Present'
                 $resourceCurrentState.ComputerName | Should -Be $ConfigurationData.AllNodes.ComputerName1
-                $resourceCurrentState.Location | Should -BeNullOrEmpty
+                $resourceCurrentState.Location | Should -Be 'Old location'
                 $resourceCurrentState.DnsHostName | Should -BeNullOrEmpty
                 $resourceCurrentState.ServicePrincipalNames | Should -BeNullOrEmpty
                 $resourceCurrentState.UserPrincipalName | Should -BeNullOrEmpty
@@ -184,6 +184,7 @@ try
 
                 $resourceCurrentState.Ensure | Should -Be 'Present'
                 $resourceCurrentState.Enabled | Should -BeTrue
+                $resourceCurrentState.Location | Should -Be 'Old location'
             }
 
             It 'Should return $true when Test-DscConfiguration is run' {

diff --git a/Tests/Integration/MSFT_ADComputer.config.ps1 b/Tests/Integration/MSFT_ADComputer.config.ps1
@@ -60,6 +60,12 @@ Configuration MSFT_ADComputer_CreateComputerAccount1_Config
         ADComputer 'Integration_Test'
         {
             ComputerName = $Node.ComputerName1
+
+            <#
+                This property is used to verify that the restore works
+                in one of the next test.
+            #>
+            Location     = 'Old location'
         }
     }
 }
@@ -90,6 +96,15 @@ Configuration MSFT_ADComputer_RemoveComputerAccount1_Config
     .SYNOPSIS
         Restores a computer account from recycle bin.
 
+    .NOTES
+        This test verifies that restored computer account location
+        property is set to the previous value. If the restore does
+        not work a computer account will be created using the default
+        values and the test vill fail since the location will not be
+        correct.
+
+        For this to work the Recycle Bin must be enabled prior to
+        running this test.
 #>
 Configuration MSFT_ADComputer_RestoreComputerAccount1_Config
 {

diff --git a/Tests/Integration/MSFT_ADGroup.Integration.Tests.ps1 b/Tests/Integration/MSFT_ADGroup.Integration.Tests.ps1
@@ -344,7 +344,7 @@ try
             }
         }
 
-        $configurationName = "$($script:dscResourceName)_ChangeScopeGroup4_Config"
+        $configurationName = "$($script:dscResourceName)_RemoveGroup4_Config"
 
         Context ('When using configuration {0}' -f $configurationName) {
             It 'Should compile and apply the MOF without throwing' {
@@ -382,11 +382,11 @@ try
                         -and $_.ResourceId -eq $resourceId
                 }
 
-                $resourceCurrentState.Ensure | Should -Be 'Present'
+                $resourceCurrentState.Ensure | Should -Be 'Absent'
                 $resourceCurrentState.GroupName | Should -Be $ConfigurationData.AllNodes.Group4_Name
-                $resourceCurrentState.GroupScope | Should -Be 'Global'
-                $resourceCurrentState.Category | Should -Be 'Security'
-                $resourceCurrentState.Path | Should -Be ('CN=Users,{0}' -f $ConfigurationData.AllNodes.DomainDistinguishedName)
+                $resourceCurrentState.GroupScope | Should -BeNullOrEmpty
+                $resourceCurrentState.Category | Should -BeNullOrEmpty
+                $resourceCurrentState.Path | Should -BeNullOrEmpty
                 $resourceCurrentState.Description | Should -BeNullOrEmpty
                 $resourceCurrentState.DisplayName | Should -BeNullOrEmpty
                 $resourceCurrentState.Credential | Should -BeNullOrEmpty
@@ -398,15 +398,16 @@ try
                 $resourceCurrentState.ManagedBy | Should -BeNullOrEmpty
                 $resourceCurrentState.Notes | Should -BeNullOrEmpty
                 $resourceCurrentState.RestoreFromRecycleBin | Should -BeNullOrEmpty
-                $resourceCurrentState.DistinguishedName | Should -Be ('CN={0},CN=Users,{1}' -f $ConfigurationData.AllNodes.Group4_Name, $ConfigurationData.AllNodes.DomainDistinguishedName)
+                $resourceCurrentState.DistinguishedName | Should -BeNullOrEmpty
+
             }
 
             It 'Should return $true when Test-DscConfiguration is run' {
                 Test-DscConfiguration -Verbose | Should -Be 'True'
             }
         }
 
-        $configurationName = "$($script:dscResourceName)_RemoveGroup1_Config"
+        $configurationName = "$($script:dscResourceName)_RestoreGroup4_Config"
 
         Context ('When using configuration {0}' -f $configurationName) {
             It 'Should compile and apply the MOF without throwing' {
@@ -444,11 +445,11 @@ try
                         -and $_.ResourceId -eq $resourceId
                 }
 
-                $resourceCurrentState.Ensure | Should -Be 'Absent'
-                $resourceCurrentState.GroupName | Should -Be $ConfigurationData.AllNodes.Group1_Name
-                $resourceCurrentState.GroupScope | Should -BeNullOrEmpty
-                $resourceCurrentState.Category | Should -BeNullOrEmpty
-                $resourceCurrentState.Path | Should -BeNullOrEmpty
+                $resourceCurrentState.Ensure | Should -Be 'Present'
+                $resourceCurrentState.GroupName | Should -Be $ConfigurationData.AllNodes.Group4_Name
+                $resourceCurrentState.GroupScope | Should -Be $ConfigurationData.AllNodes.Group4_Scope
+                $resourceCurrentState.Category | Should -Be 'Security'
+                $resourceCurrentState.Path | Should -Be ('CN=Users,{0}' -f $ConfigurationData.AllNodes.DomainDistinguishedName)
                 $resourceCurrentState.Description | Should -BeNullOrEmpty
                 $resourceCurrentState.DisplayName | Should -BeNullOrEmpty
                 $resourceCurrentState.Credential | Should -BeNullOrEmpty
@@ -460,16 +461,15 @@ try
                 $resourceCurrentState.ManagedBy | Should -BeNullOrEmpty
                 $resourceCurrentState.Notes | Should -BeNullOrEmpty
                 $resourceCurrentState.RestoreFromRecycleBin | Should -BeNullOrEmpty
-                $resourceCurrentState.DistinguishedName | Should -BeNullOrEmpty
-
+                $resourceCurrentState.DistinguishedName | Should -Be ('CN={0},CN=Users,{1}' -f $ConfigurationData.AllNodes.Group4_Name, $ConfigurationData.AllNodes.DomainDistinguishedName)
             }
 
             It 'Should return $true when Test-DscConfiguration is run' {
                 Test-DscConfiguration -Verbose | Should -Be 'True'
             }
         }
 
-        $configurationName = "$($script:dscResourceName)_RestoreGroup1_Config"
+        $configurationName = "$($script:dscResourceName)_ChangeScopeGroup4_Config"
 
         Context ('When using configuration {0}' -f $configurationName) {
             It 'Should compile and apply the MOF without throwing' {
@@ -508,7 +508,7 @@ try
                 }
 
                 $resourceCurrentState.Ensure | Should -Be 'Present'
-                $resourceCurrentState.GroupName | Should -Be $ConfigurationData.AllNodes.Group1_Name
+                $resourceCurrentState.GroupName | Should -Be $ConfigurationData.AllNodes.Group4_Name
                 $resourceCurrentState.GroupScope | Should -Be 'Global'
                 $resourceCurrentState.Category | Should -Be 'Security'
                 $resourceCurrentState.Path | Should -Be ('CN=Users,{0}' -f $ConfigurationData.AllNodes.DomainDistinguishedName)
@@ -523,7 +523,7 @@ try
                 $resourceCurrentState.ManagedBy | Should -BeNullOrEmpty
                 $resourceCurrentState.Notes | Should -BeNullOrEmpty
                 $resourceCurrentState.RestoreFromRecycleBin | Should -BeNullOrEmpty
-                $resourceCurrentState.DistinguishedName | Should -Be ('CN={0},CN=Users,{1}' -f $ConfigurationData.AllNodes.Group1_Name, $ConfigurationData.AllNodes.DomainDistinguishedName)
+                $resourceCurrentState.DistinguishedName | Should -Be ('CN={0},CN=Users,{1}' -f $ConfigurationData.AllNodes.Group4_Name, $ConfigurationData.AllNodes.DomainDistinguishedName)
             }
 
             It 'Should return $true when Test-DscConfiguration is run' {

diff --git a/Tests/Integration/MSFT_ADGroup.config.ps1 b/Tests/Integration/MSFT_ADGroup.config.ps1
@@ -173,19 +173,18 @@ Configuration MSFT_ADGroup_CreateGroup4_Config
 
 <#
     .SYNOPSIS
-        Change existing domain local group to global group.
+        Remove a group.
 #>
-Configuration MSFT_ADGroup_ChangeScopeGroup4_Config
+Configuration MSFT_ADGroup_RemoveGroup4_Config
 {
     Import-DscResource -ModuleName 'ActiveDirectoryDsc'
 
     node $AllNodes.NodeName
     {
         ADGroup 'Integration_Test'
         {
-            Ensure     = 'Present'
+            Ensure     = 'Absent'
             GroupName  = $Node.Group4_Name
-            GroupScope = 'Global'
 
             Credential = New-Object `
                 -TypeName System.Management.Automation.PSCredential `
@@ -199,20 +198,31 @@ Configuration MSFT_ADGroup_ChangeScopeGroup4_Config
 
 <#
     .SYNOPSIS
-        Remove a group.
+        Restore a group with scope domain local from recycle bin.
+
+    .NOTES
+        This restores a group with the scope domain local so that the test
+        will generate an error if the restore does not work instead a new group
+        is created. If a new group is created it will be created using default
+        value of scope with is Global, and the test will fail on the group
+        having the wrong scope.
+
+        For this to work the Recycle Bin must be enabled prior to
+        running this test.
 #>
-Configuration MSFT_ADGroup_RemoveGroup1_Config
+Configuration MSFT_ADGroup_RestoreGroup4_Config
 {
     Import-DscResource -ModuleName 'ActiveDirectoryDsc'
 
     node $AllNodes.NodeName
     {
         ADGroup 'Integration_Test'
         {
-            Ensure     = 'Absent'
-            GroupName  = $Node.Group1_Name
+            Ensure                = 'Present'
+            GroupName             = $Node.Group4_Name
+            RestoreFromRecycleBin = $true
 
-            Credential = New-Object `
+            Credential            = New-Object `
                 -TypeName System.Management.Automation.PSCredential `
                 -ArgumentList @(
                 $Node.AdministratorUserName,
@@ -224,21 +234,21 @@ Configuration MSFT_ADGroup_RemoveGroup1_Config
 
 <#
     .SYNOPSIS
-        Restore a group from recycle bin.
+        Change existing domain local group to global group.
 #>
-Configuration MSFT_ADGroup_RestoreGroup1_Config
+Configuration MSFT_ADGroup_ChangeScopeGroup4_Config
 {
     Import-DscResource -ModuleName 'ActiveDirectoryDsc'
 
     node $AllNodes.NodeName
     {
         ADGroup 'Integration_Test'
         {
-            Ensure                = 'Present'
-            GroupName             = $Node.Group1_Name
-            RestoreFromRecycleBin = $true
+            Ensure     = 'Present'
+            GroupName  = $Node.Group4_Name
+            GroupScope = 'Global'
 
-            Credential            = New-Object `
+            Credential = New-Object `
                 -TypeName System.Management.Automation.PSCredential `
                 -ArgumentList @(
                 $Node.AdministratorUserName,