From 2490788d421a11aac4ddc5dce6fc9c96bb1d7abf Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 1 Sep 2019 12:33:06 +0200 Subject: [PATCH] ADGroup: Add integration tests (#495) - Changes to ADGroup - Now Get-TargetResource returns correct values when the group does not exist. - Added integration tests (issue #350). --- CHANGELOG.md | 4 + DSCResources/MSFT_ADGroup/MSFT_ADGroup.psm1 | 82 +- .../MSFT_ADGroup.Integration.Tests.ps1 | 810 ++++++++++++++++++ Tests/Integration/MSFT_ADGroup.config.ps1 | 447 ++++++++++ 4 files changed, 1303 insertions(+), 40 deletions(-) create mode 100644 Tests/Integration/MSFT_ADGroup.Integration.Tests.ps1 create mode 100644 Tests/Integration/MSFT_ADGroup.config.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index af8d81710..f2866910a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -66,6 +66,10 @@ - Changes to ADDomainController - Add InstallDns parameter to enable promotion without installing local DNS Server Service ([issue #87](https://github.com/PowerShell/xActiveDirectory/issues/87)). +- Changes to ADGroup + - Now Get-TargetResource returns correct value when the group does not + exist. + - Added integration tests ([issue #350](https://github.com/PowerShell/ActiveDirectoryDsc/issues/350)). ## 4.0.0.0 diff --git a/DSCResources/MSFT_ADGroup/MSFT_ADGroup.psm1 b/DSCResources/MSFT_ADGroup/MSFT_ADGroup.psm1 index 8ad323910..8cb50c106 100644 --- a/DSCResources/MSFT_ADGroup/MSFT_ADGroup.psm1 +++ b/DSCResources/MSFT_ADGroup/MSFT_ADGroup.psm1 @@ -148,11 +148,27 @@ function Get-TargetResource Assert-Module -ModuleName 'ActiveDirectory' - $adGroupParams = Get-ADCommonParameters @PSBoundParameters + $getTargetResourceReturnValue = @{ + Ensure = 'Absent' + GroupName = $GroupName + GroupScope = $null + Category = $null + Path = $null + Description = $null + DisplayName = $null + Members = @() + MembersToInclude = $MembersToInclude + MembersToExclude = $MembersToExclude + MembershipAttribute = $MembershipAttribute + ManagedBy = $null + Notes = $null + } + + $adGroupParameters = Get-ADCommonParameters @PSBoundParameters try { - $adGroup = Get-ADGroup @adGroupParams -Properties @( + $adGroup = Get-ADGroup @adGroupParameters -Properties @( 'Name', 'GroupScope', 'GroupCategory', @@ -165,52 +181,29 @@ function Get-TargetResource Write-Verbose -Message ($script:localizedData.RetrievingGroupMembers -f $MembershipAttribute) - # Retrieve the current list of members, returning the specified membership attribute - [System.Array] $adGroupMembers = (Get-ADGroupMember @adGroupParams).$MembershipAttribute - - $targetResource = @{ - GroupName = $adGroup.Name - GroupScope = $adGroup.GroupScope - Category = $adGroup.GroupCategory - Path = Get-ADObjectParentDN -DN $adGroup.DistinguishedName - Description = $adGroup.Description - DisplayName = $adGroup.DisplayName - Members = $adGroupMembers - MembersToInclude = $MembersToInclude - MembersToExclude = $MembersToExclude - MembershipAttribute = $MembershipAttribute - ManagedBy = $adGroup.ManagedBy - Notes = $adGroup.Info - Ensure = 'Absent' - } - if ($adGroup) { - $targetResource['Ensure'] = 'Present' + # Retrieve the current list of members, returning the specified membership attribute + [System.Array] $adGroupMembers = (Get-ADGroupMember @adGroupParameters).$MembershipAttribute + + $getTargetResourceReturnValue['Ensure'] = 'Present' + $getTargetResourceReturnValue['GroupName'] = $adGroup.Name + $getTargetResourceReturnValue['GroupScope'] = $adGroup.GroupScope + $getTargetResourceReturnValue['Category'] = $adGroup.GroupCategory + $getTargetResourceReturnValue['Path'] = Get-ADObjectParentDN -DN $adGroup.DistinguishedName + $getTargetResourceReturnValue['Description'] = $adGroup.Description + $getTargetResourceReturnValue['DisplayName'] = $adGroup.DisplayName + $getTargetResourceReturnValue['Members'] = $adGroupMembers + $getTargetResourceReturnValue['ManagedBy'] = $adGroup.ManagedBy + $getTargetResourceReturnValue['Notes'] = $adGroup.Info } } catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] { Write-Verbose -Message ($script:localizedData.GroupNotFound -f $GroupName) - - $targetResource = @{ - GroupName = $GroupName - GroupScope = $GroupScope - Category = $Category - Path = $Path - Description = $Description - DisplayName = $DisplayName - Members = @() - MembersToInclude = $MembersToInclude - MembersToExclude = $MembersToExclude - MembershipAttribute = $MembershipAttribute - ManagedBy = $ManagedBy - Notes = $Notes - Ensure = 'Absent' - } } - return $targetResource + return $getTargetResourceReturnValue } #end function Get-TargetResource <# @@ -624,6 +617,7 @@ function Set-TargetResource if ($PSBoundParameters.ContainsKey('Category') -and $Category -ne $adGroup.GroupCategory) { Write-Verbose -Message ($script:localizedData.UpdatingGroupProperty -f 'Category', $Category) + $setADGroupParams['GroupCategory'] = $Category } @@ -631,32 +625,40 @@ function Set-TargetResource { # Cannot change DomainLocal to Global or vice versa directly. Need to change them to a Universal group first! Set-ADGroup -Identity $adGroup.DistinguishedName -GroupScope Universal + Write-Verbose -Message ($script:localizedData.UpdatingGroupProperty -f 'GroupScope', $GroupScope) + $setADGroupParams['GroupScope'] = $GroupScope } if ($Description -and ($Description -ne $adGroup.Description)) { Write-Verbose -Message ($script:localizedData.UpdatingGroupProperty -f 'Description', $Description) + $setADGroupParams['Description'] = $Description } if ($DisplayName -and ($DisplayName -ne $adGroup.DisplayName)) { Write-Verbose -Message ($script:localizedData.UpdatingGroupProperty -f 'DisplayName', $DisplayName) + $setADGroupParams['DisplayName'] = $DisplayName } if ($ManagedBy -and ($ManagedBy -ne $adGroup.ManagedBy)) { Write-Verbose -Message ($script:localizedData.UpdatingGroupProperty -f 'ManagedBy', $ManagedBy) + $setADGroupParams['ManagedBy'] = $ManagedBy } if ($Notes -and ($Notes -ne $adGroup.Info)) { Write-Verbose -Message ($script:localizedData.UpdatingGroupProperty -f 'Notes', $Notes) - $setADGroupParams['Replace'] = @{ Info = $Notes } + + $setADGroupParams['Replace'] = @{ + Info = $Notes + } } Write-Verbose -Message ($script:localizedData.UpdatingGroup -f $GroupName) diff --git a/Tests/Integration/MSFT_ADGroup.Integration.Tests.ps1 b/Tests/Integration/MSFT_ADGroup.Integration.Tests.ps1 new file mode 100644 index 000000000..810f7f107 --- /dev/null +++ b/Tests/Integration/MSFT_ADGroup.Integration.Tests.ps1 @@ -0,0 +1,810 @@ +if ($env:APPVEYOR -eq $true) +{ + Write-Warning -Message 'Integration test is not supported in AppVeyor.' + return +} + +$script:dscModuleName = 'ActiveDirectoryDsc' +$script:dscResourceFriendlyName = 'ADGroup' +$script:dscResourceName = "MSFT_$($script:dscResourceFriendlyName)" + +#region HEADER +# Integration Test Template Version: 1.3.3 +[System.String] $script:moduleRoot = Split-Path -Parent (Split-Path -Parent $PSScriptRoot) +if ( (-not (Test-Path -Path (Join-Path -Path $script:moduleRoot -ChildPath 'DSCResource.Tests'))) -or ` + (-not (Test-Path -Path (Join-Path -Path $script:moduleRoot -ChildPath 'DSCResource.Tests\TestHelper.psm1'))) ) +{ + & git @('clone', 'https://github.com/PowerShell/DscResource.Tests.git', (Join-Path -Path $script:moduleRoot -ChildPath 'DscResource.Tests')) +} + +Import-Module -Name (Join-Path -Path $script:moduleRoot -ChildPath (Join-Path -Path 'DSCResource.Tests' -ChildPath 'TestHelper.psm1')) -Force +$TestEnvironment = Initialize-TestEnvironment ` + -DSCModuleName $script:dscModuleName ` + -DSCResourceName $script:dscResourceName ` + -TestType Integration +#endregion + +try +{ + $configFile = Join-Path -Path $PSScriptRoot -ChildPath "$($script:dscResourceName).config.ps1" + . $configFile + + Describe "$($script:dscResourceName)_Integration" { + BeforeAll { + $resourceId = "[$($script:dscResourceFriendlyName)]Integration_Test" + } + + $configurationName = "$($script:dscResourceName)_CreateGroup1_Config" + + Context ('When using configuration {0}' -f $configurationName) { + It 'Should compile and apply the MOF without throwing' { + { + $configurationParameters = @{ + OutputPath = $TestDrive + # The variable $ConfigurationData was dot-sourced above. + ConfigurationData = $ConfigurationData + } + + & $configurationName @configurationParameters + + $startDscConfigurationParameters = @{ + Path = $TestDrive + ComputerName = 'localhost' + Wait = $true + Verbose = $true + Force = $true + ErrorAction = 'Stop' + } + + Start-DscConfiguration @startDscConfigurationParameters + } | Should -Not -Throw + } + + It 'Should be able to call Get-DscConfiguration without throwing' { + { + $script:currentConfiguration = Get-DscConfiguration -Verbose -ErrorAction Stop + } | Should -Not -Throw + } + + It 'Should have set the resource and all the parameters should match' { + $resourceCurrentState = $script:currentConfiguration | Where-Object -FilterScript { + $_.ConfigurationName -eq $configurationName ` + -and $_.ResourceId -eq $resourceId + } + + $resourceCurrentState.Ensure | Should -Be 'Present' + $resourceCurrentState.GroupName | Should -Be $ConfigurationData.AllNodes.Group1_Name + $resourceCurrentState.GroupScope | Should -Be 'Global' + $resourceCurrentState.Category | Should -Be 'Security' + $resourceCurrentState.Path | Should -Be 'CN=Users,DC=contoso,DC=com' + $resourceCurrentState.Description | Should -BeNullOrEmpty + $resourceCurrentState.DisplayName | Should -BeNullOrEmpty + $resourceCurrentState.Credential | Should -BeNullOrEmpty + $resourceCurrentState.DomainController | Should -BeNullOrEmpty + $resourceCurrentState.Members | Should -BeNullOrEmpty + $resourceCurrentState.MembersToInclude | Should -BeNullOrEmpty + $resourceCurrentState.MembersToExclude | Should -BeNullOrEmpty + $resourceCurrentState.MembershipAttribute | Should -Be 'SamAccountName' + $resourceCurrentState.ManagedBy | Should -BeNullOrEmpty + $resourceCurrentState.Notes | Should -BeNullOrEmpty + $resourceCurrentState.RestoreFromRecycleBin | Should -BeNullOrEmpty + } + + It 'Should return $true when Test-DscConfiguration is run' { + Test-DscConfiguration -Verbose | Should -Be 'True' + } + } + + $configurationName = "$($script:dscResourceName)_CreateGroup2_Config" + + Context ('When using configuration {0}' -f $configurationName) { + It 'Should compile and apply the MOF without throwing' { + { + $configurationParameters = @{ + OutputPath = $TestDrive + # The variable $ConfigurationData was dot-sourced above. + ConfigurationData = $ConfigurationData + } + + & $configurationName @configurationParameters + + $startDscConfigurationParameters = @{ + Path = $TestDrive + ComputerName = 'localhost' + Wait = $true + Verbose = $true + Force = $true + ErrorAction = 'Stop' + } + + Start-DscConfiguration @startDscConfigurationParameters + } | Should -Not -Throw + } + + It 'Should be able to call Get-DscConfiguration without throwing' { + { + $script:currentConfiguration = Get-DscConfiguration -Verbose -ErrorAction Stop + } | Should -Not -Throw + } + + It 'Should have set the resource and all the parameters should match' { + $resourceCurrentState = $script:currentConfiguration | Where-Object -FilterScript { + $_.ConfigurationName -eq $configurationName ` + -and $_.ResourceId -eq $resourceId + } + + $resourceCurrentState.Ensure | Should -Be 'Present' + $resourceCurrentState.GroupName | Should -Be $ConfigurationData.AllNodes.Group2_Name + $resourceCurrentState.GroupScope | Should -Be $ConfigurationData.AllNodes.Group2_Scope + $resourceCurrentState.Category | Should -Be 'Security' + $resourceCurrentState.Path | Should -Be 'CN=Users,DC=contoso,DC=com' + $resourceCurrentState.Description | Should -BeNullOrEmpty + $resourceCurrentState.DisplayName | Should -BeNullOrEmpty + $resourceCurrentState.Credential | Should -BeNullOrEmpty + $resourceCurrentState.DomainController | Should -BeNullOrEmpty + $resourceCurrentState.Members | Should -BeNullOrEmpty + $resourceCurrentState.MembersToInclude | Should -BeNullOrEmpty + $resourceCurrentState.MembersToExclude | Should -BeNullOrEmpty + $resourceCurrentState.MembershipAttribute | Should -Be 'SamAccountName' + $resourceCurrentState.ManagedBy | Should -BeNullOrEmpty + $resourceCurrentState.Notes | Should -BeNullOrEmpty + $resourceCurrentState.RestoreFromRecycleBin | Should -BeNullOrEmpty + } + + It 'Should return $true when Test-DscConfiguration is run' { + Test-DscConfiguration -Verbose | Should -Be 'True' + } + } + + $configurationName = "$($script:dscResourceName)_CreateGroup3_Config" + + Context ('When using configuration {0}' -f $configurationName) { + It 'Should compile and apply the MOF without throwing' { + { + $configurationParameters = @{ + OutputPath = $TestDrive + # The variable $ConfigurationData was dot-sourced above. + ConfigurationData = $ConfigurationData + } + + & $configurationName @configurationParameters + + $startDscConfigurationParameters = @{ + Path = $TestDrive + ComputerName = 'localhost' + Wait = $true + Verbose = $true + Force = $true + ErrorAction = 'Stop' + } + + Start-DscConfiguration @startDscConfigurationParameters + } | Should -Not -Throw + } + + It 'Should be able to call Get-DscConfiguration without throwing' { + { + $script:currentConfiguration = Get-DscConfiguration -Verbose -ErrorAction Stop + } | Should -Not -Throw + } + + It 'Should have set the resource and all the parameters should match' { + $resourceCurrentState = $script:currentConfiguration | Where-Object -FilterScript { + $_.ConfigurationName -eq $configurationName ` + -and $_.ResourceId -eq $resourceId + } + + $resourceCurrentState.Ensure | Should -Be 'Present' + $resourceCurrentState.GroupName | Should -Be $ConfigurationData.AllNodes.Group3_Name + $resourceCurrentState.GroupScope | Should -Be $ConfigurationData.AllNodes.Group3_Scope + $resourceCurrentState.Category | Should -Be 'Security' + $resourceCurrentState.Path | Should -Be 'CN=Users,DC=contoso,DC=com' + $resourceCurrentState.Description | Should -BeNullOrEmpty + $resourceCurrentState.DisplayName | Should -BeNullOrEmpty + $resourceCurrentState.Credential | Should -BeNullOrEmpty + $resourceCurrentState.DomainController | Should -BeNullOrEmpty + $resourceCurrentState.Members | Should -BeNullOrEmpty + $resourceCurrentState.MembersToInclude | Should -BeNullOrEmpty + $resourceCurrentState.MembersToExclude | Should -BeNullOrEmpty + $resourceCurrentState.MembershipAttribute | Should -Be 'SamAccountName' + $resourceCurrentState.ManagedBy | Should -BeNullOrEmpty + $resourceCurrentState.Notes | Should -BeNullOrEmpty + $resourceCurrentState.RestoreFromRecycleBin | Should -BeNullOrEmpty + } + + It 'Should return $true when Test-DscConfiguration is run' { + Test-DscConfiguration -Verbose | Should -Be 'True' + } + } + + $configurationName = "$($script:dscResourceName)_ChangeCategoryGroup3_Config" + + Context ('When using configuration {0}' -f $configurationName) { + It 'Should compile and apply the MOF without throwing' { + { + $configurationParameters = @{ + OutputPath = $TestDrive + # The variable $ConfigurationData was dot-sourced above. + ConfigurationData = $ConfigurationData + } + + & $configurationName @configurationParameters + + $startDscConfigurationParameters = @{ + Path = $TestDrive + ComputerName = 'localhost' + Wait = $true + Verbose = $true + Force = $true + ErrorAction = 'Stop' + } + + Start-DscConfiguration @startDscConfigurationParameters + } | Should -Not -Throw + } + + It 'Should be able to call Get-DscConfiguration without throwing' { + { + $script:currentConfiguration = Get-DscConfiguration -Verbose -ErrorAction Stop + } | Should -Not -Throw + } + + It 'Should have set the resource and all the parameters should match' { + $resourceCurrentState = $script:currentConfiguration | Where-Object -FilterScript { + $_.ConfigurationName -eq $configurationName ` + -and $_.ResourceId -eq $resourceId + } + + $resourceCurrentState.Ensure | Should -Be 'Present' + $resourceCurrentState.GroupName | Should -Be $ConfigurationData.AllNodes.Group3_Name + $resourceCurrentState.GroupScope | Should -Be $ConfigurationData.AllNodes.Group3_Scope + $resourceCurrentState.Category | Should -Be 'Distribution' + $resourceCurrentState.Path | Should -Be 'CN=Users,DC=contoso,DC=com' + $resourceCurrentState.Description | Should -BeNullOrEmpty + $resourceCurrentState.DisplayName | Should -BeNullOrEmpty + $resourceCurrentState.Credential | Should -BeNullOrEmpty + $resourceCurrentState.DomainController | Should -BeNullOrEmpty + $resourceCurrentState.Members | Should -BeNullOrEmpty + $resourceCurrentState.MembersToInclude | Should -BeNullOrEmpty + $resourceCurrentState.MembersToExclude | Should -BeNullOrEmpty + $resourceCurrentState.MembershipAttribute | Should -Be 'SamAccountName' + $resourceCurrentState.ManagedBy | Should -BeNullOrEmpty + $resourceCurrentState.Notes | Should -BeNullOrEmpty + $resourceCurrentState.RestoreFromRecycleBin | Should -BeNullOrEmpty + } + + It 'Should return $true when Test-DscConfiguration is run' { + Test-DscConfiguration -Verbose | Should -Be 'True' + } + } + + $configurationName = "$($script:dscResourceName)_CreateGroup4_Config" + + Context ('When using configuration {0}' -f $configurationName) { + It 'Should compile and apply the MOF without throwing' { + { + $configurationParameters = @{ + OutputPath = $TestDrive + # The variable $ConfigurationData was dot-sourced above. + ConfigurationData = $ConfigurationData + } + + & $configurationName @configurationParameters + + $startDscConfigurationParameters = @{ + Path = $TestDrive + ComputerName = 'localhost' + Wait = $true + Verbose = $true + Force = $true + ErrorAction = 'Stop' + } + + Start-DscConfiguration @startDscConfigurationParameters + } | Should -Not -Throw + } + + It 'Should be able to call Get-DscConfiguration without throwing' { + { + $script:currentConfiguration = Get-DscConfiguration -Verbose -ErrorAction Stop + } | Should -Not -Throw + } + + It 'Should have set the resource and all the parameters should match' { + $resourceCurrentState = $script:currentConfiguration | Where-Object -FilterScript { + $_.ConfigurationName -eq $configurationName ` + -and $_.ResourceId -eq $resourceId + } + + $resourceCurrentState.Ensure | Should -Be 'Present' + $resourceCurrentState.GroupName | Should -Be $ConfigurationData.AllNodes.Group4_Name + $resourceCurrentState.GroupScope | Should -Be $ConfigurationData.AllNodes.Group4_Scope + $resourceCurrentState.Category | Should -Be 'Security' + $resourceCurrentState.Path | Should -Be 'CN=Users,DC=contoso,DC=com' + $resourceCurrentState.Description | Should -BeNullOrEmpty + $resourceCurrentState.DisplayName | Should -BeNullOrEmpty + $resourceCurrentState.Credential | Should -BeNullOrEmpty + $resourceCurrentState.DomainController | Should -BeNullOrEmpty + $resourceCurrentState.Members | Should -BeNullOrEmpty + $resourceCurrentState.MembersToInclude | Should -BeNullOrEmpty + $resourceCurrentState.MembersToExclude | Should -BeNullOrEmpty + $resourceCurrentState.MembershipAttribute | Should -Be 'SamAccountName' + $resourceCurrentState.ManagedBy | Should -BeNullOrEmpty + $resourceCurrentState.Notes | Should -BeNullOrEmpty + $resourceCurrentState.RestoreFromRecycleBin | Should -BeNullOrEmpty + } + + It 'Should return $true when Test-DscConfiguration is run' { + Test-DscConfiguration -Verbose | Should -Be 'True' + } + } + + $configurationName = "$($script:dscResourceName)_ChangeScopeGroup4_Config" + + Context ('When using configuration {0}' -f $configurationName) { + It 'Should compile and apply the MOF without throwing' { + { + $configurationParameters = @{ + OutputPath = $TestDrive + # The variable $ConfigurationData was dot-sourced above. + ConfigurationData = $ConfigurationData + } + + & $configurationName @configurationParameters + + $startDscConfigurationParameters = @{ + Path = $TestDrive + ComputerName = 'localhost' + Wait = $true + Verbose = $true + Force = $true + ErrorAction = 'Stop' + } + + Start-DscConfiguration @startDscConfigurationParameters + } | Should -Not -Throw + } + + It 'Should be able to call Get-DscConfiguration without throwing' { + { + $script:currentConfiguration = Get-DscConfiguration -Verbose -ErrorAction Stop + } | Should -Not -Throw + } + + It 'Should have set the resource and all the parameters should match' { + $resourceCurrentState = $script:currentConfiguration | Where-Object -FilterScript { + $_.ConfigurationName -eq $configurationName ` + -and $_.ResourceId -eq $resourceId + } + + $resourceCurrentState.Ensure | Should -Be 'Present' + $resourceCurrentState.GroupName | Should -Be $ConfigurationData.AllNodes.Group4_Name + $resourceCurrentState.GroupScope | Should -Be 'Global' + $resourceCurrentState.Category | Should -Be 'Security' + $resourceCurrentState.Path | Should -Be 'CN=Users,DC=contoso,DC=com' + $resourceCurrentState.Description | Should -BeNullOrEmpty + $resourceCurrentState.DisplayName | Should -BeNullOrEmpty + $resourceCurrentState.Credential | Should -BeNullOrEmpty + $resourceCurrentState.DomainController | Should -BeNullOrEmpty + $resourceCurrentState.Members | Should -BeNullOrEmpty + $resourceCurrentState.MembersToInclude | Should -BeNullOrEmpty + $resourceCurrentState.MembersToExclude | Should -BeNullOrEmpty + $resourceCurrentState.MembershipAttribute | Should -Be 'SamAccountName' + $resourceCurrentState.ManagedBy | Should -BeNullOrEmpty + $resourceCurrentState.Notes | Should -BeNullOrEmpty + $resourceCurrentState.RestoreFromRecycleBin | Should -BeNullOrEmpty + } + + It 'Should return $true when Test-DscConfiguration is run' { + Test-DscConfiguration -Verbose | Should -Be 'True' + } + } + + $configurationName = "$($script:dscResourceName)_RemoveGroup1_Config" + + Context ('When using configuration {0}' -f $configurationName) { + It 'Should compile and apply the MOF without throwing' { + { + $configurationParameters = @{ + OutputPath = $TestDrive + # The variable $ConfigurationData was dot-sourced above. + ConfigurationData = $ConfigurationData + } + + & $configurationName @configurationParameters + + $startDscConfigurationParameters = @{ + Path = $TestDrive + ComputerName = 'localhost' + Wait = $true + Verbose = $true + Force = $true + ErrorAction = 'Stop' + } + + Start-DscConfiguration @startDscConfigurationParameters + } | Should -Not -Throw + } + + It 'Should be able to call Get-DscConfiguration without throwing' { + { + $script:currentConfiguration = Get-DscConfiguration -Verbose -ErrorAction Stop + } | Should -Not -Throw + } + + It 'Should have set the resource and all the parameters should match' { + $resourceCurrentState = $script:currentConfiguration | Where-Object -FilterScript { + $_.ConfigurationName -eq $configurationName ` + -and $_.ResourceId -eq $resourceId + } + + $resourceCurrentState.Ensure | Should -Be 'Absent' + $resourceCurrentState.GroupName | Should -Be $ConfigurationData.AllNodes.Group1_Name + $resourceCurrentState.GroupScope | Should -BeNullOrEmpty + $resourceCurrentState.Category | Should -BeNullOrEmpty + $resourceCurrentState.Path | Should -BeNullOrEmpty + $resourceCurrentState.Description | Should -BeNullOrEmpty + $resourceCurrentState.DisplayName | Should -BeNullOrEmpty + $resourceCurrentState.Credential | Should -BeNullOrEmpty + $resourceCurrentState.DomainController | Should -BeNullOrEmpty + $resourceCurrentState.Members | Should -BeNullOrEmpty + $resourceCurrentState.MembersToInclude | Should -BeNullOrEmpty + $resourceCurrentState.MembersToExclude | Should -BeNullOrEmpty + $resourceCurrentState.MembershipAttribute | Should -Be 'SamAccountName' + $resourceCurrentState.ManagedBy | Should -BeNullOrEmpty + $resourceCurrentState.Notes | Should -BeNullOrEmpty + $resourceCurrentState.RestoreFromRecycleBin | Should -BeNullOrEmpty + } + + It 'Should return $true when Test-DscConfiguration is run' { + Test-DscConfiguration -Verbose | Should -Be 'True' + } + } + + $configurationName = "$($script:dscResourceName)_RestoreGroup1_Config" + + Context ('When using configuration {0}' -f $configurationName) { + It 'Should compile and apply the MOF without throwing' { + { + $configurationParameters = @{ + OutputPath = $TestDrive + # The variable $ConfigurationData was dot-sourced above. + ConfigurationData = $ConfigurationData + } + + & $configurationName @configurationParameters + + $startDscConfigurationParameters = @{ + Path = $TestDrive + ComputerName = 'localhost' + Wait = $true + Verbose = $true + Force = $true + ErrorAction = 'Stop' + } + + Start-DscConfiguration @startDscConfigurationParameters + } | Should -Not -Throw + } + + It 'Should be able to call Get-DscConfiguration without throwing' { + { + $script:currentConfiguration = Get-DscConfiguration -Verbose -ErrorAction Stop + } | Should -Not -Throw + } + + It 'Should have set the resource and all the parameters should match' { + $resourceCurrentState = $script:currentConfiguration | Where-Object -FilterScript { + $_.ConfigurationName -eq $configurationName ` + -and $_.ResourceId -eq $resourceId + } + + $resourceCurrentState.Ensure | Should -Be 'Present' + $resourceCurrentState.GroupName | Should -Be $ConfigurationData.AllNodes.Group1_Name + $resourceCurrentState.GroupScope | Should -Be 'Global' + $resourceCurrentState.Category | Should -Be 'Security' + $resourceCurrentState.Path | Should -Be 'CN=Users,DC=contoso,DC=com' + $resourceCurrentState.Description | Should -BeNullOrEmpty + $resourceCurrentState.DisplayName | Should -BeNullOrEmpty + $resourceCurrentState.Credential | Should -BeNullOrEmpty + $resourceCurrentState.DomainController | Should -BeNullOrEmpty + $resourceCurrentState.Members | Should -BeNullOrEmpty + $resourceCurrentState.MembersToInclude | Should -BeNullOrEmpty + $resourceCurrentState.MembersToExclude | Should -BeNullOrEmpty + $resourceCurrentState.MembershipAttribute | Should -Be 'SamAccountName' + $resourceCurrentState.ManagedBy | Should -BeNullOrEmpty + $resourceCurrentState.Notes | Should -BeNullOrEmpty + $resourceCurrentState.RestoreFromRecycleBin | Should -BeNullOrEmpty + } + + It 'Should return $true when Test-DscConfiguration is run' { + Test-DscConfiguration -Verbose | Should -Be 'True' + } + } + + $configurationName = "$($script:dscResourceName)_UpdateGroup1_Config" + + Context ('When using configuration {0}' -f $configurationName) { + It 'Should compile and apply the MOF without throwing' { + { + $configurationParameters = @{ + OutputPath = $TestDrive + # The variable $ConfigurationData was dot-sourced above. + ConfigurationData = $ConfigurationData + } + + & $configurationName @configurationParameters + + $startDscConfigurationParameters = @{ + Path = $TestDrive + ComputerName = 'localhost' + Wait = $true + Verbose = $true + Force = $true + ErrorAction = 'Stop' + } + + Start-DscConfiguration @startDscConfigurationParameters + } | Should -Not -Throw + } + + It 'Should be able to call Get-DscConfiguration without throwing' { + { + $script:currentConfiguration = Get-DscConfiguration -Verbose -ErrorAction Stop + } | Should -Not -Throw + } + + It 'Should have set the resource and all the parameters should match' { + $resourceCurrentState = $script:currentConfiguration | Where-Object -FilterScript { + $_.ConfigurationName -eq $configurationName ` + -and $_.ResourceId -eq $resourceId + } + + $resourceCurrentState.Ensure | Should -Be 'Present' + $resourceCurrentState.GroupName | Should -Be $ConfigurationData.AllNodes.Group1_Name + $resourceCurrentState.GroupScope | Should -Be 'Global' + $resourceCurrentState.Category | Should -Be 'Security' + $resourceCurrentState.Path | Should -Be 'CN=Computers,DC=contoso,DC=com' + $resourceCurrentState.Description | Should -Be 'A DSC description' + $resourceCurrentState.DisplayName | Should -Be 'DSC Group 1' + $resourceCurrentState.Credential | Should -BeNullOrEmpty + $resourceCurrentState.DomainController | Should -BeNullOrEmpty + $resourceCurrentState.Members | Should -HaveCount 2 + $resourceCurrentState.Members | Should -Contain 'Administrator' + $resourceCurrentState.Members | Should -Contain 'Guest' + $resourceCurrentState.MembersToInclude | Should -BeNullOrEmpty + $resourceCurrentState.MembersToExclude | Should -BeNullOrEmpty + $resourceCurrentState.MembershipAttribute | Should -Be 'SamAccountName' + $resourceCurrentState.ManagedBy | Should -Be 'CN=Administrator,CN=Users,DC=contoso,DC=com' + $resourceCurrentState.Notes | Should -Be 'Notes for this group' + $resourceCurrentState.RestoreFromRecycleBin | Should -BeNullOrEmpty + } + + It 'Should return $true when Test-DscConfiguration is run' { + Test-DscConfiguration -Verbose | Should -Be 'True' + } + } + + $configurationName = "$($script:dscResourceName)_CreateGroup5_Config" + + Context ('When using configuration {0}' -f $configurationName) { + It 'Should compile and apply the MOF without throwing' { + { + $configurationParameters = @{ + OutputPath = $TestDrive + # The variable $ConfigurationData was dot-sourced above. + ConfigurationData = $ConfigurationData + } + + & $configurationName @configurationParameters + + $startDscConfigurationParameters = @{ + Path = $TestDrive + ComputerName = 'localhost' + Wait = $true + Verbose = $true + Force = $true + ErrorAction = 'Stop' + } + + Start-DscConfiguration @startDscConfigurationParameters + } | Should -Not -Throw + } + + It 'Should be able to call Get-DscConfiguration without throwing' { + { + $script:currentConfiguration = Get-DscConfiguration -Verbose -ErrorAction Stop + } | Should -Not -Throw + } + + It 'Should have set the resource and all the parameters should match' { + $resourceCurrentState = $script:currentConfiguration | Where-Object -FilterScript { + $_.ConfigurationName -eq $configurationName ` + -and $_.ResourceId -eq $resourceId + } + + $resourceCurrentState.Ensure | Should -Be 'Present' + $resourceCurrentState.GroupName | Should -Be $ConfigurationData.AllNodes.Group5_Name + $resourceCurrentState.GroupScope | Should -Be $ConfigurationData.AllNodes.Group5_Scope + $resourceCurrentState.Category | Should -Be $ConfigurationData.AllNodes.Group5_Category + $resourceCurrentState.Path | Should -Be 'CN=Users,DC=contoso,DC=com' + $resourceCurrentState.Description | Should -BeNullOrEmpty + $resourceCurrentState.DisplayName | Should -BeNullOrEmpty + $resourceCurrentState.Credential | Should -BeNullOrEmpty + $resourceCurrentState.DomainController | Should -BeNullOrEmpty + $resourceCurrentState.Members | Should -HaveCount 1 + $resourceCurrentState.Members | Should -Contain 'Administrator' + $resourceCurrentState.MembersToInclude | Should -BeNullOrEmpty + $resourceCurrentState.MembersToExclude | Should -BeNullOrEmpty + $resourceCurrentState.MembershipAttribute | Should -Be 'SamAccountName' + $resourceCurrentState.ManagedBy | Should -BeNullOrEmpty + $resourceCurrentState.Notes | Should -BeNullOrEmpty + $resourceCurrentState.RestoreFromRecycleBin | Should -BeNullOrEmpty + } + + It 'Should return $true when Test-DscConfiguration is run' { + Test-DscConfiguration -Verbose | Should -Be 'True' + } + } + + $configurationName = "$($script:dscResourceName)_ModifyMembersGroup5_Config" + + Context ('When using configuration {0}' -f $configurationName) { + It 'Should compile and apply the MOF without throwing' { + { + $configurationParameters = @{ + OutputPath = $TestDrive + # The variable $ConfigurationData was dot-sourced above. + ConfigurationData = $ConfigurationData + } + + & $configurationName @configurationParameters + + $startDscConfigurationParameters = @{ + Path = $TestDrive + ComputerName = 'localhost' + Wait = $true + Verbose = $true + Force = $true + ErrorAction = 'Stop' + } + + Start-DscConfiguration @startDscConfigurationParameters + } | Should -Not -Throw + } + + It 'Should be able to call Get-DscConfiguration without throwing' { + { + $script:currentConfiguration = Get-DscConfiguration -Verbose -ErrorAction Stop + } | Should -Not -Throw + } + + It 'Should have set the resource and all the parameters should match' { + $resourceCurrentState = $script:currentConfiguration | Where-Object -FilterScript { + $_.ConfigurationName -eq $configurationName ` + -and $_.ResourceId -eq $resourceId + } + + $resourceCurrentState.Ensure | Should -Be 'Present' + $resourceCurrentState.GroupName | Should -Be $ConfigurationData.AllNodes.Group5_Name + $resourceCurrentState.GroupScope | Should -Be $ConfigurationData.AllNodes.Group5_Scope + $resourceCurrentState.Category | Should -Be $ConfigurationData.AllNodes.Group5_Category + $resourceCurrentState.Path | Should -Be 'CN=Users,DC=contoso,DC=com' + $resourceCurrentState.Description | Should -BeNullOrEmpty + $resourceCurrentState.DisplayName | Should -BeNullOrEmpty + $resourceCurrentState.Credential | Should -BeNullOrEmpty + $resourceCurrentState.DomainController | Should -BeNullOrEmpty + $resourceCurrentState.Members | Should -HaveCount 1 + $resourceCurrentState.Members | Should -Contain 'Guest' + $resourceCurrentState.MembersToInclude | Should -HaveCount 1 + $resourceCurrentState.MembersToInclude | Should -Contain 'Guest' + $resourceCurrentState.MembersToExclude | Should -HaveCount 1 + $resourceCurrentState.MembersToExclude | Should -Contain 'Administrator' + $resourceCurrentState.MembershipAttribute | Should -Be 'SamAccountName' + $resourceCurrentState.ManagedBy | Should -BeNullOrEmpty + $resourceCurrentState.Notes | Should -BeNullOrEmpty + $resourceCurrentState.RestoreFromRecycleBin | Should -BeNullOrEmpty + } + + It 'Should return $true when Test-DscConfiguration is run' { + Test-DscConfiguration -Verbose | Should -Be 'True' + } + } + + $configurationName = "$($script:dscResourceName)_EnforceMembersGroup5_Config" + + Context ('When using configuration {0}' -f $configurationName) { + It 'Should compile and apply the MOF without throwing' { + { + $configurationParameters = @{ + OutputPath = $TestDrive + # The variable $ConfigurationData was dot-sourced above. + ConfigurationData = $ConfigurationData + } + + & $configurationName @configurationParameters + + $startDscConfigurationParameters = @{ + Path = $TestDrive + ComputerName = 'localhost' + Wait = $true + Verbose = $true + Force = $true + ErrorAction = 'Stop' + } + + Start-DscConfiguration @startDscConfigurationParameters + } | Should -Not -Throw + } + + It 'Should be able to call Get-DscConfiguration without throwing' { + { + $script:currentConfiguration = Get-DscConfiguration -Verbose -ErrorAction Stop + } | Should -Not -Throw + } + + It 'Should have set the resource and all the parameters should match' { + $resourceCurrentState = $script:currentConfiguration | Where-Object -FilterScript { + $_.ConfigurationName -eq $configurationName ` + -and $_.ResourceId -eq $resourceId + } + + $resourceCurrentState.Ensure | Should -Be 'Present' + $resourceCurrentState.GroupName | Should -Be $ConfigurationData.AllNodes.Group5_Name + $resourceCurrentState.GroupScope | Should -Be $ConfigurationData.AllNodes.Group5_Scope + $resourceCurrentState.Category | Should -Be $ConfigurationData.AllNodes.Group5_Category + $resourceCurrentState.Path | Should -Be 'CN=Users,DC=contoso,DC=com' + $resourceCurrentState.Description | Should -BeNullOrEmpty + $resourceCurrentState.DisplayName | Should -BeNullOrEmpty + $resourceCurrentState.Credential | Should -BeNullOrEmpty + $resourceCurrentState.DomainController | Should -BeNullOrEmpty + $resourceCurrentState.Members | Should -HaveCount 2 + $resourceCurrentState.Members | Should -Contain 'Administrator' + $resourceCurrentState.Members | Should -Contain 'Guest' + $resourceCurrentState.MembersToInclude | Should -BeNullOrEmpty + $resourceCurrentState.MembersToExclude | Should -BeNullOrEmpty + $resourceCurrentState.MembershipAttribute | Should -Be 'SamAccountName' + $resourceCurrentState.ManagedBy | Should -BeNullOrEmpty + $resourceCurrentState.Notes | Should -BeNullOrEmpty + $resourceCurrentState.RestoreFromRecycleBin | Should -BeNullOrEmpty + } + + It 'Should return $true when Test-DscConfiguration is run' { + Test-DscConfiguration -Verbose | Should -Be 'True' + } + } + + $configurationName = "$($script:dscResourceName)_Cleanup_Config" + + Context ('When using configuration {0}' -f $configurationName) { + It 'Should compile and apply the MOF without throwing' { + { + $configurationParameters = @{ + OutputPath = $TestDrive + # The variable $ConfigurationData was dot-sourced above. + ConfigurationData = $ConfigurationData + } + + & $configurationName @configurationParameters + + $startDscConfigurationParameters = @{ + Path = $TestDrive + ComputerName = 'localhost' + Wait = $true + Verbose = $true + Force = $true + ErrorAction = 'Stop' + } + + Start-DscConfiguration @startDscConfigurationParameters + } | Should -Not -Throw + } + } + } +} +finally +{ + #region FOOTER + Restore-TestEnvironment -TestEnvironment $TestEnvironment + #endregion +} diff --git a/Tests/Integration/MSFT_ADGroup.config.ps1 b/Tests/Integration/MSFT_ADGroup.config.ps1 new file mode 100644 index 000000000..b544647a7 --- /dev/null +++ b/Tests/Integration/MSFT_ADGroup.config.ps1 @@ -0,0 +1,447 @@ +#region HEADER +# Integration Test Config Template Version: 1.2.0 +#endregion + +$configFile = [System.IO.Path]::ChangeExtension($MyInvocation.MyCommand.Path, 'json') +if (Test-Path -Path $configFile) +{ + <# + Allows reading the configuration data from a JSON file, for real testing + scenarios outside of the CI. + #> + $ConfigurationData = Get-Content -Path $configFile | ConvertFrom-Json +} +else +{ + $currentDomain = Get-ADDomain + $netBiosDomainName = $currentDomain.NetBIOSName + + $ConfigurationData = @{ + AllNodes = @( + @{ + NodeName = 'localhost' + CertificateFile = $env:DscPublicCertificatePath + + Group1_Name = 'DscGroup1' + + Group2_Name = 'DscGroup2' + Group2_Scope = 'Global' + + Group3_Name = 'DscGroup3' + Group3_Scope = 'Universal' + + Group4_Name = 'DscGroup4' + Group4_Scope = 'DomainLocal' + + Group5_Name = 'DscDistributionGroup1' + Group5_Scope = 'Universal' + Group5_Category = 'Distribution' + + AdministratorUserName = ('{0}\Administrator' -f $netBiosDomainName) + AdministratorPassword = 'P@ssw0rd1' + } + ) + } +} + +<# + .SYNOPSIS + Add a group using default values. +#> +Configuration MSFT_ADGroup_CreateGroup1_Config +{ + Import-DscResource -ModuleName 'ActiveDirectoryDsc' + + node $AllNodes.NodeName + { + ADGroup 'Integration_Test' + { + GroupName = $Node.Group1_Name + + Credential = New-Object ` + -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @( + $Node.AdministratorUserName, + (ConvertTo-SecureString -String $Node.AdministratorPassword -AsPlainText -Force) + ) + } + } +} + +<# + .SYNOPSIS + Add a global group using default values. +#> +Configuration MSFT_ADGroup_CreateGroup2_Config +{ + Import-DscResource -ModuleName 'ActiveDirectoryDsc' + + node $AllNodes.NodeName + { + ADGroup 'Integration_Test' + { + GroupName = $Node.Group2_Name + GroupScope = $Node.Group2_Scope + + Credential = New-Object ` + -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @( + $Node.AdministratorUserName, + (ConvertTo-SecureString -String $Node.AdministratorPassword -AsPlainText -Force) + ) + } + } +} + +<# + .SYNOPSIS + Add a universal group using default values. +#> +Configuration MSFT_ADGroup_CreateGroup3_Config +{ + Import-DscResource -ModuleName 'ActiveDirectoryDsc' + + node $AllNodes.NodeName + { + ADGroup 'Integration_Test' + { + GroupName = $Node.Group3_Name + GroupScope = $Node.Group3_Scope + + Credential = New-Object ` + -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @( + $Node.AdministratorUserName, + (ConvertTo-SecureString -String $Node.AdministratorPassword -AsPlainText -Force) + ) + } + } +} + +<# + .SYNOPSIS + Changes the category for an existing universal group. +#> +Configuration MSFT_ADGroup_ChangeCategoryGroup3_Config +{ + Import-DscResource -ModuleName 'ActiveDirectoryDsc' + + node $AllNodes.NodeName + { + ADGroup 'Integration_Test' + { + GroupName = $Node.Group3_Name + Category = 'Distribution' + + Credential = New-Object ` + -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @( + $Node.AdministratorUserName, + (ConvertTo-SecureString -String $Node.AdministratorPassword -AsPlainText -Force) + ) + } + } +} + +<# + .SYNOPSIS + Add a domain local group using default values. +#> +Configuration MSFT_ADGroup_CreateGroup4_Config +{ + Import-DscResource -ModuleName 'ActiveDirectoryDsc' + + node $AllNodes.NodeName + { + ADGroup 'Integration_Test' + { + GroupName = $Node.Group4_Name + GroupScope = $Node.Group4_Scope + + Credential = New-Object ` + -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @( + $Node.AdministratorUserName, + (ConvertTo-SecureString -String $Node.AdministratorPassword -AsPlainText -Force) + ) + } + } +} + +<# + .SYNOPSIS + Change existing domain local group to global group. +#> +Configuration MSFT_ADGroup_ChangeScopeGroup4_Config +{ + Import-DscResource -ModuleName 'ActiveDirectoryDsc' + + node $AllNodes.NodeName + { + ADGroup 'Integration_Test' + { + Ensure = 'Present' + GroupName = $Node.Group4_Name + GroupScope = 'Global' + + Credential = New-Object ` + -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @( + $Node.AdministratorUserName, + (ConvertTo-SecureString -String $Node.AdministratorPassword -AsPlainText -Force) + ) + } + } +} + +<# + .SYNOPSIS + Remove a group. +#> +Configuration MSFT_ADGroup_RemoveGroup1_Config +{ + Import-DscResource -ModuleName 'ActiveDirectoryDsc' + + node $AllNodes.NodeName + { + ADGroup 'Integration_Test' + { + Ensure = 'Absent' + GroupName = $Node.Group1_Name + + Credential = New-Object ` + -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @( + $Node.AdministratorUserName, + (ConvertTo-SecureString -String $Node.AdministratorPassword -AsPlainText -Force) + ) + } + } +} + +<# + .SYNOPSIS + Restore a group from recycle bin. +#> +Configuration MSFT_ADGroup_RestoreGroup1_Config +{ + Import-DscResource -ModuleName 'ActiveDirectoryDsc' + + node $AllNodes.NodeName + { + ADGroup 'Integration_Test' + { + Ensure = 'Present' + GroupName = $Node.Group1_Name + RestoreFromRecycleBin = $true + + Credential = New-Object ` + -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @( + $Node.AdministratorUserName, + (ConvertTo-SecureString -String $Node.AdministratorPassword -AsPlainText -Force) + ) + } + } +} + +<# + .SYNOPSIS + Update an existing group. +#> +Configuration MSFT_ADGroup_UpdateGroup1_Config +{ + Import-DscResource -ModuleName 'ActiveDirectoryDsc' + + node $AllNodes.NodeName + { + ADGroup 'Integration_Test' + { + Ensure = 'Present' + GroupName = $Node.Group1_Name + Path = 'CN=Computers,DC=contoso,DC=com' + DisplayName = 'DSC Group 1' + Description = 'A DSC description' + Notes = 'Notes for this group' + ManagedBy = 'CN=Administrator,CN=Users,DC=contoso,DC=com' + Members = @( + 'Administrator', + 'Guest' + ) + + Credential = New-Object ` + -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @( + $Node.AdministratorUserName, + (ConvertTo-SecureString -String $Node.AdministratorPassword -AsPlainText -Force) + ) + } + } +} + +<# + .SYNOPSIS + Add a universal distribution group with one member. +#> +Configuration MSFT_ADGroup_CreateGroup5_Config +{ + Import-DscResource -ModuleName 'ActiveDirectoryDsc' + + node $AllNodes.NodeName + { + ADGroup 'Integration_Test' + { + GroupName = $Node.Group5_Name + GroupScope = $Node.Group5_Scope + Category = $Node.Group5_Category + + Members = @( + 'Administrator' + ) + + Credential = New-Object ` + -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @( + $Node.AdministratorUserName, + (ConvertTo-SecureString -String $Node.AdministratorPassword -AsPlainText -Force) + ) + } + } +} + +<# + .SYNOPSIS + Add and remove members from a group. +#> +Configuration MSFT_ADGroup_ModifyMembersGroup5_Config +{ + Import-DscResource -ModuleName 'ActiveDirectoryDsc' + + node $AllNodes.NodeName + { + ADGroup 'Integration_Test' + { + GroupName = $Node.Group5_Name + + MembersToInclude = @( + 'Guest' + ) + + MembersToExclude = @( + 'Administrator' + ) + + Credential = New-Object ` + -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @( + $Node.AdministratorUserName, + (ConvertTo-SecureString -String $Node.AdministratorPassword -AsPlainText -Force) + ) + } + } +} + +<# + .SYNOPSIS + Enforce members in a group. +#> +Configuration MSFT_ADGroup_EnforceMembersGroup5_Config +{ + Import-DscResource -ModuleName 'ActiveDirectoryDsc' + + node $AllNodes.NodeName + { + ADGroup 'Integration_Test' + { + GroupName = $Node.Group5_Name + Members = @( + 'Administrator' + 'Guest' + ) + + Credential = New-Object ` + -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @( + $Node.AdministratorUserName, + (ConvertTo-SecureString -String $Node.AdministratorPassword -AsPlainText -Force) + ) + } + } +} + +<# + .SYNOPSIS + Cleanup everything +#> +Configuration MSFT_ADGroup_Cleanup_Config +{ + Import-DscResource -ModuleName 'ActiveDirectoryDsc' + + node $AllNodes.NodeName + { + ADGroup 'RemoveGroup1' + { + Ensure = 'Absent' + GroupName = $Node.Group1_Name + + Credential = New-Object ` + -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @( + $Node.AdministratorUserName, + (ConvertTo-SecureString -String $Node.AdministratorPassword -AsPlainText -Force) + ) + } + + ADGroup 'RemoveGroup2' + { + Ensure = 'Absent' + GroupName = $Node.Group2_Name + + Credential = New-Object ` + -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @( + $Node.AdministratorUserName, + (ConvertTo-SecureString -String $Node.AdministratorPassword -AsPlainText -Force) + ) + } + + ADGroup 'RemoveGroup3' + { + Ensure = 'Absent' + GroupName = $Node.Group3_Name + + Credential = New-Object ` + -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @( + $Node.AdministratorUserName, + (ConvertTo-SecureString -String $Node.AdministratorPassword -AsPlainText -Force) + ) + } + + ADGroup 'RemoveGroup4' + { + Ensure = 'Absent' + GroupName = $Node.Group4_Name + + Credential = New-Object ` + -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @( + $Node.AdministratorUserName, + (ConvertTo-SecureString -String $Node.AdministratorPassword -AsPlainText -Force) + ) + } + + ADGroup 'RemoveGroup5' + { + Ensure = 'Absent' + GroupName = $Node.Group5_Name + + Credential = New-Object ` + -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @( + $Node.AdministratorUserName, + (ConvertTo-SecureString -String $Node.AdministratorPassword -AsPlainText -Force) + ) + } + } +}