From 14734877afa2f61df643ef7c5d1605bd3d48d170 Mon Sep 17 00:00:00 2001 From: Iain Brighton Date: Mon, 23 May 2016 19:42:35 +0100 Subject: [PATCH] Adds 'Negotiate' option when testing user passwords to support Active Directory Certificate Services integration Adds descriptions to parameters Adds descriptions to MSFT_xADUser.schema.mof Fixes #61 --- DSCResources/MSFT_xADUser/MSFT_xADUser.psm1 | 175 ++++++++++++++++-- .../MSFT_xADUser/MSFT_xADUser.schema.mof | 90 ++++----- README.md | 3 + Tests/Unit/MSFT_xADUser.Tests.ps1 | 14 +- 4 files changed, 207 insertions(+), 75 deletions(-) diff --git a/DSCResources/MSFT_xADUser/MSFT_xADUser.psm1 b/DSCResources/MSFT_xADUser/MSFT_xADUser.psm1 index ce9bb694a..2218af2ab 100644 --- a/DSCResources/MSFT_xADUser/MSFT_xADUser.psm1 +++ b/DSCResources/MSFT_xADUser/MSFT_xADUser.psm1 @@ -1,4 +1,4 @@ -# Localized messages +# Localized messages data LocalizedData { # culture="en-US" @@ -70,146 +70,186 @@ $adPropertyMap = @( function Get-TargetResource { + [CmdletBinding()] [OutputType([System.Collections.Hashtable])] [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingUserNameAndPassWordParams', '')] param ( - ## Only used if password is managed. + ## Name of the domain where the user account is located (only used if password is managed) [Parameter(Mandatory)] [System.String] $DomainName, - # SamAccountName + # Specifies the Security Account Manager (SAM) account name of the user (ldapDisplayName 'sAMAccountName') [Parameter(Mandatory)] [System.String] $UserName, + ## Specifies a new password value for an account [ValidateNotNull()] [System.Management.Automation.PSCredential] [System.Management.Automation.CredentialAttribute()] $Password, + ## Specifies whether the user account is created or deleted [ValidateSet('Present', 'Absent')] [System.String] $Ensure = 'Present', - # Common name (CN) + ## Specifies the common nane assigned to the user account (ldapDisplayName 'cn') [ValidateNotNull()] [System.String] $CommonName = $UserName, + ## Specifies the UPN assigned to the user account (ldapDisplayName 'userPrincipalName') [ValidateNotNull()] [System.String] $UserPrincipalName, + ## Specifies the display name of the object (ldapDisplayName 'displayName') [ValidateNotNull()] [System.String] $DisplayName, + ## Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created [ValidateNotNull()] [System.String] $Path, + ## Specifies the user's given name (ldapDisplayName 'givenName') [ValidateNotNull()] [System.String] $GivenName, + ## Specifies the initials that represent part of a user's name (ldapDisplayName 'initials') [ValidateNotNull()] [System.String] $Initials, + ## Specifies the user's last name or surname (ldapDisplayName 'sn') [ValidateNotNull()] [System.String] $Surname, + ## Specifies a description of the object (ldapDisplayName 'description') [ValidateNotNull()] [System.String] $Description, + ## Specifies the user's street address (ldapDisplayName 'streetAddress') [ValidateNotNull()] [System.String] $StreetAddress, + ## Specifies the user's post office box number (ldapDisplayName 'postOfficeBox') [ValidateNotNull()] [System.String] $POBox, + ## Specifies the user's town or city (ldapDisplayName 'l') [ValidateNotNull()] [System.String] $City, + ## Specifies the user's or Organizational Unit's state or province (ldapDisplayName 'st') [ValidateNotNull()] [System.String] $State, + ## Specifies the user's postal code or zip code (ldapDisplayName 'postalCode') [ValidateNotNull()] [System.String] $PostalCode, + ## Specifies the country or region code for the user's language of choice (ldapDisplayName 'c') [ValidateNotNull()] [System.String] $Country, + ## Specifies the user's department (ldapDisplayName 'department') [ValidateNotNull()] [System.String] $Department, + ## Specifies the user's division (ldapDisplayName 'division') [ValidateNotNull()] [System.String] $Division, + ## Specifies the user's company (ldapDisplayName 'company') [ValidateNotNull()] [System.String] $Company, + ## Specifies the location of the user's office or place of business (ldapDisplayName 'physicalDeliveryOfficeName') [ValidateNotNull()] [System.String] $Office, + ## Specifies the user's title (ldapDisplayName 'title') [ValidateNotNull()] [System.String] $JobTitle, + ## Specifies the user's e-mail address (ldapDisplayName 'mail') [ValidateNotNull()] [System.String] $EmailAddress, + ## Specifies the user's employee ID (ldapDisplayName 'employeeID') [ValidateNotNull()] [System.String] $EmployeeID, + ## Specifies the user's employee number (ldapDisplayName 'employeeNumber') [ValidateNotNull()] [System.String] $EmployeeNumber, + ## Specifies a user's home directory path (ldapDisplayName 'homeDirectory') [ValidateNotNull()] [System.String] $HomeDirectory, + ## Specifies a drive that is associated with the UNC path defined by the HomeDirectory property (ldapDisplayName 'homeDrive') [ValidateNotNull()] [System.String] $HomeDrive, + ## Specifies the URL of the home page of the object (ldapDisplayName 'wWWHomePage') [ValidateNotNull()] [System.String] $HomePage, + ## Specifies a path to the user's profile (ldapDisplayName 'profilePath') [ValidateNotNull()] [System.String] $ProfilePath, + ## Specifies a path to the user's log on script (ldapDisplayName 'scriptPath') [ValidateNotNull()] [System.String] $LogonScript, + ## Specifies the notes attached to the user's accoutn (ldapDisplayName 'info') [ValidateNotNull()] [System.String] $Notes, + ## Specifies the user's office telephone number (ldapDisplayName 'telephoneNumber') [ValidateNotNull()] [System.String] $OfficePhone, + ## Specifies the user's mobile phone number (ldapDisplayName 'mobile') [ValidateNotNull()] [System.String] $MobilePhone, + ## Specifies the user's fax phone number (ldapDisplayName 'facsimileTelephoneNumber') [ValidateNotNull()] [System.String] $Fax, + ## Specifies the user's home telephone number (ldapDisplayName 'homePhone') [ValidateNotNull()] [System.String] $HomePhone, + ## Specifies the user's pager number (ldapDisplayName 'pager') [ValidateNotNull()] [System.String] $Pager, + ## Specifies the user's IP telephony phone number (ldapDisplayName 'ipPhone') [ValidateNotNull()] [System.String] $IPPhone, - ## User's manager specified as a Distinguished Name (DN) + ## User's manager specified as a Distinguished Name (ldapDisplayName 'manager') [ValidateNotNull()] [System.String] $Manager, + ## Specifies if the account is enabled (default True) [ValidateNotNull()] [System.Boolean] $Enabled = $true, + ## Specifies whether the account password can be changed [ValidateNotNull()] [System.Boolean] $CannotChangePassword, + ## Specifies whether the password of an account can expire [ValidateNotNull()] [System.Boolean] $PasswordNeverExpires, + ## Specifies the Active Directory Domain Services instance to use to perform the task. [ValidateNotNull()] [System.String] $DomainController, - ## Ideally this should just be called 'Credential' but is here for backwards compatibility + ## Specifies the user account credentials to use to perform this task. Ideally this should just be called 'Credential' but is here for backwards compatibility [ValidateNotNull()] [System.Management.Automation.PSCredential] [System.Management.Automation.CredentialAttribute()] @@ -288,145 +328,186 @@ function Get-TargetResource function Test-TargetResource { + [CmdletBinding()] [OutputType([System.Boolean])] [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingUserNameAndPassWordParams', '')] param ( - ## Only used if password is managed. + ## Name of the domain where the user account is located (only used if password is managed) [Parameter(Mandatory)] [System.String] $DomainName, - # SamAccountName + # Specifies the Security Account Manager (SAM) account name of the user (ldapDisplayName 'sAMAccountName') [Parameter(Mandatory)] [System.String] $UserName, + ## Specifies a new password value for an account [ValidateNotNull()] [System.Management.Automation.PSCredential] [System.Management.Automation.CredentialAttribute()] $Password, + ## Specifies whether the user account is created or deleted [ValidateSet('Present', 'Absent')] [System.String] $Ensure = 'Present', - # Common name (CN) + ## Specifies the common nane assigned to the user account (ldapDisplayName 'cn') [ValidateNotNull()] [System.String] $CommonName = $UserName, - + + ## Specifies the UPN assigned to the user account (ldapDisplayName 'userPrincipalName') [ValidateNotNull()] [System.String] $UserPrincipalName, + ## Specifies the display name of the object (ldapDisplayName 'displayName') [ValidateNotNull()] [System.String] $DisplayName, + ## Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created [ValidateNotNull()] [System.String] $Path, + ## Specifies the user's given name (ldapDisplayName 'givenName') [ValidateNotNull()] [System.String] $GivenName, + ## Specifies the initials that represent part of a user's name (ldapDisplayName 'initials') [ValidateNotNull()] [System.String] $Initials, + ## Specifies the user's last name or surname (ldapDisplayName 'sn') [ValidateNotNull()] [System.String] $Surname, + ## Specifies a description of the object (ldapDisplayName 'description') [ValidateNotNull()] [System.String] $Description, + ## Specifies the user's street address (ldapDisplayName 'streetAddress') [ValidateNotNull()] [System.String] $StreetAddress, + ## Specifies the user's post office box number (ldapDisplayName 'postOfficeBox') [ValidateNotNull()] [System.String] $POBox, + ## Specifies the user's town or city (ldapDisplayName 'l') [ValidateNotNull()] [System.String] $City, + ## Specifies the user's or Organizational Unit's state or province (ldapDisplayName 'st') [ValidateNotNull()] [System.String] $State, + ## Specifies the user's postal code or zip code (ldapDisplayName 'postalCode') [ValidateNotNull()] [System.String] $PostalCode, + ## Specifies the country or region code for the user's language of choice (ldapDisplayName 'c') [ValidateNotNull()] [System.String] $Country, + ## Specifies the user's department (ldapDisplayName 'department') [ValidateNotNull()] [System.String] $Department, + ## Specifies the user's division (ldapDisplayName 'division') [ValidateNotNull()] [System.String] $Division, + ## Specifies the user's company (ldapDisplayName 'company') [ValidateNotNull()] [System.String] $Company, + ## Specifies the location of the user's office or place of business (ldapDisplayName 'physicalDeliveryOfficeName') [ValidateNotNull()] [System.String] $Office, + ## Specifies the user's title (ldapDisplayName 'title') [ValidateNotNull()] [System.String] $JobTitle, + ## Specifies the user's e-mail address (ldapDisplayName 'mail') [ValidateNotNull()] [System.String] $EmailAddress, + ## Specifies the user's employee ID (ldapDisplayName 'employeeID') [ValidateNotNull()] [System.String] $EmployeeID, + ## Specifies the user's employee number (ldapDisplayName 'employeeNumber') [ValidateNotNull()] [System.String] $EmployeeNumber, + ## Specifies a user's home directory path (ldapDisplayName 'homeDirectory') [ValidateNotNull()] [System.String] $HomeDirectory, + ## Specifies a drive that is associated with the UNC path defined by the HomeDirectory property (ldapDisplayName 'homeDrive') [ValidateNotNull()] [System.String] $HomeDrive, + ## Specifies the URL of the home page of the object (ldapDisplayName 'wWWHomePage') [ValidateNotNull()] [System.String] $HomePage, + ## Specifies a path to the user's profile (ldapDisplayName 'profilePath') [ValidateNotNull()] [System.String] $ProfilePath, + ## Specifies a path to the user's log on script (ldapDisplayName 'scriptPath') [ValidateNotNull()] [System.String] $LogonScript, + ## Specifies the notes attached to the user's accoutn (ldapDisplayName 'info') [ValidateNotNull()] [System.String] $Notes, + ## Specifies the user's office telephone number (ldapDisplayName 'telephoneNumber') [ValidateNotNull()] [System.String] $OfficePhone, + ## Specifies the user's mobile phone number (ldapDisplayName 'mobile') [ValidateNotNull()] [System.String] $MobilePhone, + ## Specifies the user's fax phone number (ldapDisplayName 'facsimileTelephoneNumber') [ValidateNotNull()] [System.String] $Fax, + ## Specifies the user's home telephone number (ldapDisplayName 'homePhone') [ValidateNotNull()] [System.String] $HomePhone, + ## Specifies the user's pager number (ldapDisplayName 'pager') [ValidateNotNull()] [System.String] $Pager, + ## Specifies the user's IP telephony phone number (ldapDisplayName 'ipPhone') [ValidateNotNull()] [System.String] $IPPhone, - ## User's manager specified as a Distinguished Name (DN) + ## User's manager specified as a Distinguished Name (ldapDisplayName 'manager') [ValidateNotNull()] [System.String] $Manager, + ## Specifies if the account is enabled (default True) [ValidateNotNull()] [System.Boolean] $Enabled = $true, + ## Specifies whether the account password can be changed [ValidateNotNull()] [System.Boolean] $CannotChangePassword, + ## Specifies whether the password of an account can expire [ValidateNotNull()] [System.Boolean] $PasswordNeverExpires, + ## Specifies the Active Directory Domain Services instance to use to perform the task. [ValidateNotNull()] [System.String] $DomainController, + ## Specifies the user account credentials to use to perform this task. Ideally this should just be called 'Credential' but is here for backwards compatibility [ValidateNotNull()] [System.Management.Automation.PSCredential] [System.Management.Automation.CredentialAttribute()] @@ -493,143 +574,185 @@ function Test-TargetResource function Set-TargetResource { + [CmdletBinding()] [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingUserNameAndPassWordParams', '')] param ( - ## Only used if password is managed. + ## Name of the domain where the user account is located (only used if password is managed) [Parameter(Mandatory)] [System.String] $DomainName, - # SamAccountName + # Specifies the Security Account Manager (SAM) account name of the user (ldapDisplayName 'sAMAccountName') [Parameter(Mandatory)] [System.String] $UserName, + ## Specifies a new password value for an account [ValidateNotNull()] [System.Management.Automation.PSCredential] [System.Management.Automation.CredentialAttribute()] $Password, + ## Specifies whether the user account is created or deleted [ValidateSet('Present', 'Absent')] [System.String] $Ensure = 'Present', + ## Specifies the common nane assigned to the user account (ldapDisplayName 'cn') [ValidateNotNull()] [System.String] $CommonName = $UserName, + ## Specifies the UPN assigned to the user account (ldapDisplayName 'userPrincipalName') [ValidateNotNull()] [System.String] $UserPrincipalName, + ## Specifies the display name of the object (ldapDisplayName 'displayName') [ValidateNotNull()] [System.String] $DisplayName, + ## Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created [ValidateNotNull()] [System.String] $Path, + ## Specifies the user's given name (ldapDisplayName 'givenName') [ValidateNotNull()] [System.String] $GivenName, + ## Specifies the initials that represent part of a user's name (ldapDisplayName 'initials') [ValidateNotNull()] [System.String] $Initials, + ## Specifies the user's last name or surname (ldapDisplayName 'sn') [ValidateNotNull()] [System.String] $Surname, + ## Specifies a description of the object (ldapDisplayName 'description') [ValidateNotNull()] [System.String] $Description, + ## Specifies the user's street address (ldapDisplayName 'streetAddress') [ValidateNotNull()] [System.String] $StreetAddress, + ## Specifies the user's post office box number (ldapDisplayName 'postOfficeBox') [ValidateNotNull()] [System.String] $POBox, + ## Specifies the user's town or city (ldapDisplayName 'l') [ValidateNotNull()] [System.String] $City, + ## Specifies the user's or Organizational Unit's state or province (ldapDisplayName 'st') [ValidateNotNull()] [System.String] $State, + ## Specifies the user's postal code or zip code (ldapDisplayName 'postalCode') [ValidateNotNull()] [System.String] $PostalCode, + ## Specifies the country or region code for the user's language of choice (ldapDisplayName 'c') [ValidateNotNull()] [System.String] $Country, + ## Specifies the user's department (ldapDisplayName 'department') [ValidateNotNull()] [System.String] $Department, + ## Specifies the user's division (ldapDisplayName 'division') [ValidateNotNull()] [System.String] $Division, + ## Specifies the user's company (ldapDisplayName 'company') [ValidateNotNull()] [System.String] $Company, + ## Specifies the location of the user's office or place of business (ldapDisplayName 'physicalDeliveryOfficeName') [ValidateNotNull()] [System.String] $Office, + ## Specifies the user's title (ldapDisplayName 'title') [ValidateNotNull()] [System.String] $JobTitle, + ## Specifies the user's e-mail address (ldapDisplayName 'mail') [ValidateNotNull()] [System.String] $EmailAddress, + ## Specifies the user's employee ID (ldapDisplayName 'employeeID') [ValidateNotNull()] [System.String] $EmployeeID, + ## Specifies the user's employee number (ldapDisplayName 'employeeNumber') [ValidateNotNull()] [System.String] $EmployeeNumber, + ## Specifies a user's home directory path (ldapDisplayName 'homeDirectory') [ValidateNotNull()] [System.String] $HomeDirectory, + ## Specifies a drive that is associated with the UNC path defined by the HomeDirectory property (ldapDisplayName 'homeDrive') [ValidateNotNull()] [System.String] $HomeDrive, + ## Specifies the URL of the home page of the object (ldapDisplayName 'wWWHomePage') [ValidateNotNull()] [System.String] $HomePage, + ## Specifies a path to the user's profile (ldapDisplayName 'profilePath') [ValidateNotNull()] [System.String] $ProfilePath, + ## Specifies a path to the user's log on script (ldapDisplayName 'scriptPath') [ValidateNotNull()] [System.String] $LogonScript, + ## Specifies the notes attached to the user's accoutn (ldapDisplayName 'info') [ValidateNotNull()] [System.String] $Notes, + ## Specifies the user's office telephone number (ldapDisplayName 'telephoneNumber') [ValidateNotNull()] [System.String] $OfficePhone, + ## Specifies the user's mobile phone number (ldapDisplayName 'mobile') [ValidateNotNull()] [System.String] $MobilePhone, + ## Specifies the user's fax phone number (ldapDisplayName 'facsimileTelephoneNumber') [ValidateNotNull()] [System.String] $Fax, + ## Specifies the user's home telephone number (ldapDisplayName 'homePhone') [ValidateNotNull()] [System.String] $HomePhone, + ## Specifies the user's pager number (ldapDisplayName 'pager') [ValidateNotNull()] [System.String] $Pager, + ## Specifies the user's IP telephony phone number (ldapDisplayName 'ipPhone') [ValidateNotNull()] [System.String] $IPPhone, - ## User's manager specified as a Distinguished Name (DN) + ## User's manager specified as a Distinguished Name (ldapDisplayName 'manager') [ValidateNotNull()] [System.String] $Manager, + ## Specifies if the account is enabled (default True) [ValidateNotNull()] [System.Boolean] $Enabled = $true, - + + ## Specifies whether the account password can be changed [ValidateNotNull()] [System.Boolean] $CannotChangePassword, + ## Specifies whether the password of an account can expire [ValidateNotNull()] [System.Boolean] $PasswordNeverExpires, + ## Specifies the Active Directory Domain Services instance to use to perform the task. [ValidateNotNull()] [System.String] $DomainController, + ## Specifies the user account credentials to use to perform this task. Ideally this should just be called 'Credential' but is here for backwards compatibility [ValidateNotNull()] [System.Management.Automation.PSCredential] [System.Management.Automation.CredentialAttribute()] @@ -824,22 +947,34 @@ function Test-Password [System.Management.Automation.CredentialAttribute()] $DomainAdministratorCredential ) - + Write-Verbose -Message ($LocalizedData.CreatingADDomainConnection -f $DomainName); Add-Type -AssemblyName 'System.DirectoryServices.AccountManagement'; if ($DomainAdministratorCredential) { $principalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext( - 'Domain', $DomainName, $DomainAdministratorCredential.UserName, ` - $DomainAdministratorCredential.GetNetworkCredential().Password); + [System.DirectoryServices.AccountManagement.ContextType]::Domain, + $DomainName, + $DomainAdministratorCredential.UserName, + $DomainAdministratorCredential.GetNetworkCredential().Password + ); } else { - $principalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('Domain', $DomainName, $null, $null); + $principalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext( + [System.DirectoryServices.AccountManagement.ContextType]::Domain, + $DomainName, + $null, + $null + ); } Write-Verbose -Message ($LocalizedData.CheckingADUserPassword -f $UserName); - return $principalContext.ValidateCredentials($UserName, $Password.GetNetworkCredential().Password); + return $principalContext.ValidateCredentials( + $UserName, + $Password.GetNetworkCredential().Password, + [System.DirectoryServices.AccountManagement.ContextOptions]::Negotiate + ); } #end function Test-Password diff --git a/DSCResources/MSFT_xADUser/MSFT_xADUser.schema.mof b/DSCResources/MSFT_xADUser/MSFT_xADUser.schema.mof index f3f35589b..93fba3259 100644 --- a/DSCResources/MSFT_xADUser/MSFT_xADUser.schema.mof +++ b/DSCResources/MSFT_xADUser/MSFT_xADUser.schema.mof @@ -1,49 +1,49 @@ [ClassVersion("1.0.1.0"), FriendlyName("xADUser")] class MSFT_xADUser : OMI_BaseResource { - [Key] String DomainName; - [Key] String UserName; - [Write, EmbeddedInstance("MSFT_Credential")] String Password; - [Write, ValueMap{"Present", "Absent"},Values{"Present", "Absent"}] String Ensure; - [Write] String CommonName; - [Write] String UserPrincipalName; - [Write] String DisplayName; - [Write] String Path; - [Write] String GivenName; - [Write] String Initials; - [Write] String Surname; - [Write] String Description; - [Write] String StreetAddress; - [Write] String POBox; - [Write] String City; - [Write] String State; - [Write] String PostalCode; - [Write] String Country; - [Write] String Department; - [Write] String Division; - [Write] String Company; - [Write] String Office; - [Write] String JobTitle; - [Write] String EmailAddress; - [Write] String EmployeeID; - [Write] String EmployeeNumber; - [Write] String HomeDirectory; - [Write] String HomeDrive; - [Write] String HomePage; - [Write] String ProfilePath; - [Write] String LogonScript; - [Write] String Notes; - [Write] String OfficePhone; - [Write] String MobilePhone; - [Write] String Fax; - [Write] String HomePhone; - [Write] String Pager; - [Write] String IPPhone; - [Write] String Manager; - [Write] Boolean Enabled; - [Write] Boolean CannotChangePassword; - [Write] Boolean PasswordNeverExpires; - [Write] String DomainController; - [Write, EmbeddedInstance("MSFT_Credential")] String DomainAdministratorCredential; - [Read, Description("")] String DistinguishedName; + [Key, Description("Name of the domain where the user account is located (only used if password is managed)")] String DomainName; + [Key, Description("Specifies the Security Account Manager (SAM) account name of the user (ldapDisplayName 'sAMAccountName')")] String UserName; + [Write, Description("Specifies a new password value for the account"), EmbeddedInstance("MSFT_Credential")] String Password; + [Write, Description("Specifies whether the user account is created or deleted"), ValueMap{"Present", "Absent"},Values{"Present", "Absent"}] String Ensure; + [Write, Description("Specifies the common nane assigned to the user account (ldapDisplayName 'cn')")] String CommonName; + [Write, Description("Specifies the UPN assigned to the user account (ldapDisplayName 'userPrincipalName')")] String UserPrincipalName; + [Write, Description("Specifies the display name of the object (ldapDisplayName 'displayName')")] String DisplayName; + [Write, Description("Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created")] String Path; + [Write, Description("Specifies the user's given name (ldapDisplayName 'givenName')")] String GivenName; + [Write, Description("Specifies the initials that represent part of a user's name (ldapDisplayName 'initials')")] String Initials; + [Write, Description("Specifies the user's last name or surname (ldapDisplayName 'sn')")] String Surname; + [Write, Description("Specifies a description of the object (ldapDisplayName 'description')")] String Description; + [Write, Description("Specifies the user's street address (ldapDisplayName 'streetAddress')")] String StreetAddress; + [Write, Description("Specifies the user's post office box number (ldapDisplayName 'postOfficeBox')")] String POBox; + [Write, Description("Specifies the user's town or city (ldapDisplayName 'l')")] String City; + [Write, Description("Specifies the user's or Organizational Unit's state or province (ldapDisplayName 'st')")] String State; + [Write, Description("Specifies the user's postal code or zip code (ldapDisplayName 'postalCode')")] String PostalCode; + [Write, Description("Specifies the country or region code for the user's language of choice (ldapDisplayName 'c')")] String Country; + [Write, Description("Specifies the user's department (ldapDisplayName 'department')")] String Department; + [Write, Description("Specifies the user's division (ldapDisplayName 'division')")] String Division; + [Write, Description("Specifies the user's company (ldapDisplayName 'company')")] String Company; + [Write, Description("Specifies the location of the user's office or place of business (ldapDisplayName 'physicalDeliveryOfficeName')")] String Office; + [Write, Description("Specifies the user's title (ldapDisplayName 'title')")] String JobTitle; + [Write, Description("Specifies the user's e-mail address (ldapDisplayName 'mail')")] String EmailAddress; + [Write, Description("Specifies the user's employee ID (ldapDisplayName 'employeeID')")] String EmployeeID; + [Write, Description("Specifies the user's employee number (ldapDisplayName 'employeeNumber')")] String EmployeeNumber; + [Write, Description("Specifies a user's home directory path (ldapDisplayName 'homeDirectory')")] String HomeDirectory; + [Write, Description("Specifies a drive that is associated with the UNC path defined by the HomeDirectory property (ldapDisplayName 'homeDrive')")] String HomeDrive; + [Write, Description("Specifies the URL of the home page of the object (ldapDisplayName 'wWWHomePage')")] String HomePage; + [Write, Description("Specifies a path to the user's profile (ldapDisplayName 'profilePath')")] String ProfilePath; + [Write, Description("Specifies a path to the user's log on script (ldapDisplayName 'scriptPath')")] String LogonScript; + [Write, Description("Specifies the notes attached to the user's accoutn (ldapDisplayName 'info')")] String Notes; + [Write, Description("Specifies the user's office telephone number (ldapDisplayName 'telephoneNumber')")] String OfficePhone; + [Write, Description("Specifies the user's mobile phone number (ldapDisplayName 'mobile')")] String MobilePhone; + [Write, Description("Specifies the user's fax phone number (ldapDisplayName 'facsimileTelephoneNumber')")] String Fax; + [Write, Description("Specifies the user's home telephone number (ldapDisplayName 'homePhone')")] String HomePhone; + [Write, Description("Specifies the user's pager number (ldapDisplayName 'pager')")] String Pager; + [Write, Description("Specifies the user's IP telephony phone number (ldapDisplayName 'ipPhone')")] String IPPhone; + [Write, Description("User's manager specified as a Distinguished Name (ldapDisplayName 'manager')")] String Manager; + [Write, Description("Specifies if the account is enabled (default True)")] Boolean Enabled; + [Write, Description("Specifies whether the account password can be changed")] Boolean CannotChangePassword; + [Write, Description("Specifies whether the password of an account can expire")] Boolean PasswordNeverExpires; + [Write, Description("Specifies the Active Directory Domain Services instance to use to perform the task.")] String DomainController; + [Write, Description("Specifies the user account credentials to use to perform this task"), EmbeddedInstance("MSFT_Credential")] String DomainAdministratorCredential; + [Read, Description("Returns the X.500 path of the object")] String DistinguishedName; }; diff --git a/README.md b/README.md index 399b90a2a..d4e2ab51b 100644 --- a/README.md +++ b/README.md @@ -209,6 +209,9 @@ The xADDomainDefaultPasswordPolicy DSC resource will manage an Active Directory ### Unreleased +* xADUser: Adds 'Negotiate' option when testing user passwords to support Active Directory Certificate Services integration +* xADUser: Adds descriptions to user properties within the schema file. + ### 2.11.0.0 * xWaitForADDomain: Made explicit credentials optional and other various updates diff --git a/Tests/Unit/MSFT_xADUser.Tests.ps1 b/Tests/Unit/MSFT_xADUser.Tests.ps1 index 10d1959be..ad78d1e2e 100644 --- a/Tests/Unit/MSFT_xADUser.Tests.ps1 +++ b/Tests/Unit/MSFT_xADUser.Tests.ps1 @@ -1,24 +1,20 @@ -$Global:DSCModuleName = 'xActiveDirectory' # Example xNetworking -$Global:DSCResourceName = 'MSFT_xADUser' # Example MSFT_xFirewall +$Global:DSCModuleName = 'xActiveDirectory' +$Global:DSCResourceName = 'MSFT_xADUser' #region HEADER [String] $moduleRoot = Split-Path -Parent (Split-Path -Parent (Split-Path -Parent $Script:MyInvocation.MyCommand.Path)) -Write-Host $moduleRoot -ForegroundColor Green; if ( (-not (Test-Path -Path (Join-Path -Path $moduleRoot -ChildPath 'DSCResource.Tests'))) -or ` (-not (Test-Path -Path (Join-Path -Path $moduleRoot -ChildPath 'DSCResource.Tests\TestHelper.psm1'))) ) { & git @('clone','https://github.com/PowerShell/DscResource.Tests.git',(Join-Path -Path $moduleRoot -ChildPath '\DSCResource.Tests\')) } -else -{ - & git @('-C',(Join-Path -Path $moduleRoot -ChildPath '\DSCResource.Tests\'),'pull') -} + Import-Module (Join-Path -Path $moduleRoot -ChildPath 'DSCResource.Tests\TestHelper.psm1') -Force $TestEnvironment = Initialize-TestEnvironment ` -DSCModuleName $Global:DSCModuleName ` -DSCResourceName $Global:DSCResourceName ` -TestType Unit -#endregion +#endregion HEADER # Begin Testing @@ -27,8 +23,6 @@ try #region Pester Tests - # The InModuleScope command allows you to perform white-box unit testing on the internal - # (non-exported) code of a Script Module. InModuleScope $Global:DSCResourceName { $testPresentParams = @{