diff --git a/DSCResources/MSFT_xADDomain/MSFT_xADDomain.psm1 b/DSCResources/MSFT_xADDomain/MSFT_xADDomain.psm1 index 3ecad350f..4fdd2f47f 100644 --- a/DSCResources/MSFT_xADDomain/MSFT_xADDomain.psm1 +++ b/DSCResources/MSFT_xADDomain/MSFT_xADDomain.psm1 @@ -85,8 +85,8 @@ function Get-TargetResource ) Assert-Module -ModuleName 'ADDSDeployment' -ImportModule - $domainFQDN = Resolve-DomainFQDN -DomainName $DomainName -ParentDomainName $ParentDomainName; - $isDomainMember = Test-DomainMember; + $domainFQDN = Resolve-DomainFQDN -DomainName $DomainName -ParentDomainName $ParentDomainName + $isDomainMember = Test-DomainMember $retries = 0 $maxRetries = 5 @@ -99,12 +99,12 @@ function Get-TargetResource if ($isDomainMember) { ## We're already a domain member, so take the credentials out of the equation - Write-Verbose ($script:localizedData.QueryDomainWithLocalCredential -f $domainFQDN); - $domain = Get-ADDomain -Identity $domainFQDN -ErrorAction Stop; + Write-Verbose ($script:localizedData.QueryDomainWithLocalCredential -f $domainFQDN) + $domain = Get-ADDomain -Identity $domainFQDN -ErrorAction Stop $forest = Get-ADForest -Identity $domain.Forest -ErrorAction Stop } else { - Write-Verbose ($script:localizedData.QueryDomainWithCredential -f $domainFQDN); + Write-Verbose ($script:localizedData.QueryDomainWithCredential -f $domainFQDN) $domain = Get-ADDomain -Identity $domainFQDN -Credential $DomainAdministratorCredential -ErrorAction Stop $forest = Get-ADForest -Identity $domain.Forest -Credential $DomainAdministratorCredential -ErrorAction Stop } @@ -112,33 +112,33 @@ function Get-TargetResource ## No need to check whether the node is actually a domain controller. If we don't throw an exception, ## the domain is already UP - and this resource shouldn't run. Domain controller functionality ## should be checked by the xADDomainController resource? - Write-Verbose ($script:localizedData.DomainFound -f $domain.DnsRoot); + Write-Verbose ($script:localizedData.DomainFound -f $domain.DnsRoot) $targetResource = @{ - DomainName = $domain.DnsRoot; - ParentDomainName = $domain.ParentDomain; - DomainNetBIOSName = $domain.NetBIOSName; + DomainName = $domain.DnsRoot + ParentDomainName = $domain.ParentDomain + DomainNetBIOSName = $domain.NetBIOSName ForestMode = (ConvertTo-DeploymentForestMode -Mode $forest.ForestMode) -as [String] DomainMode = (ConvertTo-DeploymentDomainMode -Mode $domain.DomainMode) -as [String] } - return $targetResource; + return $targetResource } catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] { - $errorMessage = $script:localizedData.ExistingDomainMemberError -f $DomainName; - ThrowInvalidOperationError -ErrorId 'xADDomain_DomainMember' -ErrorMessage $errorMessage; + $errorMessage = $script:localizedData.ExistingDomainMemberError -f $DomainName + ThrowInvalidOperationError -ErrorId 'xADDomain_DomainMember' -ErrorMessage $errorMessage } catch [Microsoft.ActiveDirectory.Management.ADServerDownException] { Write-Verbose ($script:localizedData.DomainNotFound -f $domainFQDN) - $domain = @{ }; + $domain = @{ } # will fall into retry mechanism } catch [System.Security.Authentication.AuthenticationException] { - $errorMessage = $script:localizedData.InvalidCredentialError -f $DomainName; - ThrowInvalidOperationError -ErrorId 'xADDomain_InvalidCredential' -ErrorMessage $errorMessage; + $errorMessage = $script:localizedData.InvalidCredentialError -f $DomainName + ThrowInvalidOperationError -ErrorId 'xADDomain_InvalidCredential' -ErrorMessage $errorMessage } catch { @@ -206,42 +206,42 @@ function Test-TargetResource ) $targetResource = Get-TargetResource @PSBoundParameters - $isCompliant = $true; + $isCompliant = $true ## The Get-Target resource returns .DomainName as the domain's FQDN. Therefore, we ## need to resolve this before comparison. $domainFQDN = Resolve-DomainFQDN -DomainName $DomainName -ParentDomainName $ParentDomainName if ($domainFQDN -ne $targetResource.DomainName) { - $message = $script:localizedData.ResourcePropertyValueIncorrect -f 'DomainName', $domainFQDN, $targetResource.DomainName; - Write-Verbose -Message $message; - $isCompliant = $false; + $message = $script:localizedData.ResourcePropertyValueIncorrect -f 'DomainName', $domainFQDN, $targetResource.DomainName + Write-Verbose -Message $message + $isCompliant = $false } - $propertyNames = @('ParentDomainName','DomainNetBIOSName'); + $propertyNames = @('ParentDomainName','DomainNetBIOSName') foreach ($propertyName in $propertyNames) { if ($PSBoundParameters.ContainsKey($propertyName)) { - $propertyValue = (Get-Variable -Name $propertyName).Value; + $propertyValue = (Get-Variable -Name $propertyName).Value if ($targetResource.$propertyName -ne $propertyValue) { - $message = $script:localizedData.ResourcePropertyValueIncorrect -f $propertyName, $propertyValue, $targetResource.$propertyName; - Write-Verbose -Message $message; - $isCompliant = $false; + $message = $script:localizedData.ResourcePropertyValueIncorrect -f $propertyName, $propertyValue, $targetResource.$propertyName + Write-Verbose -Message $message + $isCompliant = $false } } } if ($isCompliant) { - Write-Verbose -Message ($script:localizedData.ResourceInDesiredState -f $domainFQDN); - return $true; + Write-Verbose -Message ($script:localizedData.ResourceInDesiredState -f $domainFQDN) + return $true } else { - Write-Verbose -Message ($script:localizedData.ResourceNotInDesiredState -f $domainFQDN); - return $false; + Write-Verbose -Message ($script:localizedData.ResourceNotInDesiredState -f $domainFQDN) + return $false } } #end function Test-TargetResource @@ -297,66 +297,66 @@ function Set-TargetResource ) # Debug can pause Install-ADDSForest/Install-ADDSDomain, so we remove it. - [ref] $null = $PSBoundParameters.Remove('Debug'); + [ref] $null = $PSBoundParameters.Remove('Debug') ## Not entirely necessary, but run Get-TargetResouece to ensure we raise any pre-flight errors. - $targetResource = Get-TargetResource @PSBoundParameters; + $targetResource = Get-TargetResource @PSBoundParameters $installADDSParams = @{ - SafeModeAdministratorPassword = $SafemodeAdministratorPassword.Password; - NoRebootOnCompletion = $true; - Force = $true; + SafeModeAdministratorPassword = $SafemodeAdministratorPassword.Password + NoRebootOnCompletion = $true + Force = $true } if ($PSBoundParameters.ContainsKey('DnsDelegationCredential')) { - $installADDSParams['DnsDelegationCredential'] = $DnsDelegationCredential; - $installADDSParams['CreateDnsDelegation'] = $true; + $installADDSParams['DnsDelegationCredential'] = $DnsDelegationCredential + $installADDSParams['CreateDnsDelegation'] = $true } if ($PSBoundParameters.ContainsKey('DatabasePath')) { - $installADDSParams['DatabasePath'] = $DatabasePath; + $installADDSParams['DatabasePath'] = $DatabasePath } if ($PSBoundParameters.ContainsKey('LogPath')) { - $installADDSParams['LogPath'] = $LogPath; + $installADDSParams['LogPath'] = $LogPath } if ($PSBoundParameters.ContainsKey('SysvolPath')) { - $installADDSParams['SysvolPath'] = $SysvolPath; + $installADDSParams['SysvolPath'] = $SysvolPath } if ($PSBoundParameters.ContainsKey('DomainMode')) { - $installADDSParams['DomainMode'] = $DomainMode; + $installADDSParams['DomainMode'] = $DomainMode } if ($PSBoundParameters.ContainsKey('ParentDomainName')) { - Write-Verbose -Message ($script:localizedData.CreatingChildDomain -f $DomainName, $ParentDomainName); + Write-Verbose -Message ($script:localizedData.CreatingChildDomain -f $DomainName, $ParentDomainName) $installADDSParams['Credential'] = $DomainAdministratorCredential $installADDSParams['NewDomainName'] = $DomainName $installADDSParams['ParentDomainName'] = $ParentDomainName - $installADDSParams['DomainType'] = 'ChildDomain'; + $installADDSParams['DomainType'] = 'ChildDomain' if ($PSBoundParameters.ContainsKey('DomainNetBIOSName')) { - $installADDSParams['NewDomainNetbiosName'] = $DomainNetBIOSName; + $installADDSParams['NewDomainNetbiosName'] = $DomainNetBIOSName } - Install-ADDSDomain @installADDSParams; - Write-Verbose -Message ($script:localizedData.CreatedChildDomain); + Install-ADDSDomain @installADDSParams + Write-Verbose -Message ($script:localizedData.CreatedChildDomain) } else { - Write-Verbose -Message ($script:localizedData.CreatingForest -f $DomainName); - $installADDSParams['DomainName'] = $DomainName; + Write-Verbose -Message ($script:localizedData.CreatingForest -f $DomainName) + $installADDSParams['DomainName'] = $DomainName if ($PSBoundParameters.ContainsKey('DomainNetbiosName')) { - $installADDSParams['DomainNetbiosName'] = $DomainNetBIOSName; + $installADDSParams['DomainNetbiosName'] = $DomainNetBIOSName } if ($PSBoundParameters.ContainsKey('ForestMode')) { $installADDSParams['ForestMode'] = $ForestMode } - Install-ADDSForest @installADDSParams; - Write-Verbose -Message ($script:localizedData.CreatedForest -f $DomainName); + Install-ADDSForest @installADDSParams + Write-Verbose -Message ($script:localizedData.CreatedForest -f $DomainName) } 'Finished' | Out-File -FilePath (Get-TrackingFilename -DomainName $DomainName) -Force @@ -367,4 +367,4 @@ function Set-TargetResource } #end function Set-TargetResource -Export-ModuleMember -Function *-TargetResource; +Export-ModuleMember -Function *-TargetResource diff --git a/DSCResources/MSFT_xADDomainDefaultPasswordPolicy/MSFT_xADDomainDefaultPasswordPolicy.psm1 b/DSCResources/MSFT_xADDomainDefaultPasswordPolicy/MSFT_xADDomainDefaultPasswordPolicy.psm1 index 1271c66f3..4006db3e9 100644 --- a/DSCResources/MSFT_xADDomainDefaultPasswordPolicy/MSFT_xADDomainDefaultPasswordPolicy.psm1 +++ b/DSCResources/MSFT_xADDomainDefaultPasswordPolicy/MSFT_xADDomainDefaultPasswordPolicy.psm1 @@ -37,25 +37,25 @@ function Get-TargetResource [System.Management.Automation.CredentialAttribute()] $Credential ) - Assert-Module -ModuleName 'ActiveDirectory'; + Assert-Module -ModuleName 'ActiveDirectory' - $PSBoundParameters['Identity'] = $DomainName; - $getADDefaultDomainPasswordPolicyParams = Get-ADCommonParameters @PSBoundParameters; - Write-Verbose -Message ($script:localizedData.QueryingDomainPasswordPolicy -f $DomainName); - $policy = Get-ADDefaultDomainPasswordPolicy @getADDefaultDomainPasswordPolicyParams; + $PSBoundParameters['Identity'] = $DomainName + $getADDefaultDomainPasswordPolicyParams = Get-ADCommonParameters @PSBoundParameters + Write-Verbose -Message ($script:localizedData.QueryingDomainPasswordPolicy -f $DomainName) + $policy = Get-ADDefaultDomainPasswordPolicy @getADDefaultDomainPasswordPolicyParams $targetResource = @{ - DomainName = $DomainName; - ComplexityEnabled = $policy.ComplexityEnabled; - LockoutDuration = ConvertFrom-Timespan -Timespan $policy.LockoutDuration -TimeSpanType Minutes; - LockoutObservationWindow = ConvertFrom-Timespan -Timespan $policy.LockoutObservationWindow -TimeSpanType Minutes; - LockoutThreshold = $policy.LockoutThreshold; - MinPasswordAge = ConvertFrom-Timespan -Timespan $policy.MinPasswordAge -TimeSpanType Minutes; - MaxPasswordAge = ConvertFrom-Timespan -Timespan $policy.MaxPasswordAge -TimeSpanType Minutes; - MinPasswordLength = $policy.MinPasswordLength; - PasswordHistoryCount = $policy.PasswordHistoryCount; - ReversibleEncryptionEnabled = $policy.ReversibleEncryptionEnabled; + DomainName = $DomainName + ComplexityEnabled = $policy.ComplexityEnabled + LockoutDuration = ConvertFrom-Timespan -Timespan $policy.LockoutDuration -TimeSpanType Minutes + LockoutObservationWindow = ConvertFrom-Timespan -Timespan $policy.LockoutObservationWindow -TimeSpanType Minutes + LockoutThreshold = $policy.LockoutThreshold + MinPasswordAge = ConvertFrom-Timespan -Timespan $policy.MinPasswordAge -TimeSpanType Minutes + MaxPasswordAge = ConvertFrom-Timespan -Timespan $policy.MaxPasswordAge -TimeSpanType Minutes + MinPasswordLength = $policy.MinPasswordLength + PasswordHistoryCount = $policy.PasswordHistoryCount + ReversibleEncryptionEnabled = $policy.ReversibleEncryptionEnabled } - return $targetResource; + return $targetResource } #end Get-TargetResource function Test-TargetResource @@ -104,44 +104,44 @@ function Test-TargetResource $Credential ) $getTargetResourceParams = @{ - DomainName = $DomainName; + DomainName = $DomainName } if ($PSBoundParameters.ContainsKey('Credential')) { - $getTargetResourceParams['Credential'] = $Credential; + $getTargetResourceParams['Credential'] = $Credential } if ($PSBoundParameters.ContainsKey('DomainController')) { - $getTargetResourceParams['DomainController'] = $DomainController; + $getTargetResourceParams['DomainController'] = $DomainController } - $targetResource = Get-TargetResource @getTargetResourceParams; + $targetResource = Get-TargetResource @getTargetResourceParams - $inDesiredState = $true; + $inDesiredState = $true foreach ($property in $mutablePropertyMap) { - $propertyName = $property.Name; + $propertyName = $property.Name if ($PSBoundParameters.ContainsKey($propertyName)) { - $expectedValue = $PSBoundParameters[$propertyName]; - $actualValue = $targetResource[$propertyName]; + $expectedValue = $PSBoundParameters[$propertyName] + $actualValue = $targetResource[$propertyName] if ($expectedValue -ne $actualValue) { - $valueIncorrectMessage = $script:localizedData.ResourcePropertyValueIncorrect -f $propertyName, $expectedValue, $actualValue; - Write-Verbose -Message $valueIncorrectMessage; - $inDesiredState = $false; + $valueIncorrectMessage = $script:localizedData.ResourcePropertyValueIncorrect -f $propertyName, $expectedValue, $actualValue + Write-Verbose -Message $valueIncorrectMessage + $inDesiredState = $false } } } if ($inDesiredState) { - Write-Verbose -Message ($script:localizedData.ResourceInDesiredState -f $DomainName); - return $true; + Write-Verbose -Message ($script:localizedData.ResourceInDesiredState -f $DomainName) + return $true } else { - Write-Verbose -Message ($script:localizedData.ResourceNotInDesiredState -f $DomainName); - return $false; + Write-Verbose -Message ($script:localizedData.ResourceNotInDesiredState -f $DomainName) + return $false } } #end Test-TargetResource @@ -189,27 +189,27 @@ function Set-TargetResource [System.Management.Automation.CredentialAttribute()] $Credential ) - Assert-Module -ModuleName 'ActiveDirectory'; - $PSBoundParameters['Identity'] = $DomainName; - $setADDefaultDomainPasswordPolicyParams = Get-ADCommonParameters @PSBoundParameters; + Assert-Module -ModuleName 'ActiveDirectory' + $PSBoundParameters['Identity'] = $DomainName + $setADDefaultDomainPasswordPolicyParams = Get-ADCommonParameters @PSBoundParameters foreach ($property in $mutablePropertyMap) { - $propertyName = $property.Name; + $propertyName = $property.Name if ($PSBoundParameters.ContainsKey($propertyName)) { - $propertyValue = $PSBoundParameters[$propertyName]; + $propertyValue = $PSBoundParameters[$propertyName] if ($property.IsTimeSpan -eq $true) { - $propertyValue = ConvertTo-TimeSpan -TimeSpan $propertyValue -TimeSpanType Minutes; + $propertyValue = ConvertTo-TimeSpan -TimeSpan $propertyValue -TimeSpanType Minutes } - $setADDefaultDomainPasswordPolicyParams[$propertyName] = $propertyValue; - Write-Verbose -Message ($script:localizedData.SettingPasswordPolicyValue -f $propertyName, $propertyValue); + $setADDefaultDomainPasswordPolicyParams[$propertyName] = $propertyValue + Write-Verbose -Message ($script:localizedData.SettingPasswordPolicyValue -f $propertyName, $propertyValue) } } - Write-Verbose -Message ($script:localizedData.UpdatingDomainPasswordPolicy -f $DomainName); - [ref] $null = Set-ADDefaultDomainPasswordPolicy @setADDefaultDomainPasswordPolicyParams; + Write-Verbose -Message ($script:localizedData.UpdatingDomainPasswordPolicy -f $DomainName) + [ref] $null = Set-ADDefaultDomainPasswordPolicy @setADDefaultDomainPasswordPolicyParams } #end Set-TargetResource -Export-ModuleMember -Function *-TargetResource; +Export-ModuleMember -Function *-TargetResource diff --git a/DSCResources/MSFT_xADGroup/MSFT_xADGroup.psm1 b/DSCResources/MSFT_xADGroup/MSFT_xADGroup.psm1 index e14365963..2f9fab407 100644 --- a/DSCResources/MSFT_xADGroup/MSFT_xADGroup.psm1 +++ b/DSCResources/MSFT_xADGroup/MSFT_xADGroup.psm1 @@ -385,7 +385,7 @@ function Set-TargetResource if ($MembershipAttribute -eq 'DistinguishedName') { $AllMembers = $Members + $MembersToInclude + $MembersToExclude - $GroupMemberDomains = @(); + $GroupMemberDomains = @() foreach($member in $AllMembers) { $GroupMemberDomains += Get-ADDomainNameFromDistinguishedName -DistinguishedName $member @@ -393,7 +393,7 @@ function Set-TargetResource $GroupMemberDomainCount = ($GroupMemberDomains | Select-Object -Unique).count if( $GroupMemberDomainCount -gt 1 -or ($GroupMemberDomains -ine (Get-DomainName)).Count -gt 0 ) { - Write-Verbose -Message ($script:localizedData.GroupMembershipMultipleDomains -f $GroupMemberDomainCount); + Write-Verbose -Message ($script:localizedData.GroupMembershipMultipleDomains -f $GroupMemberDomainCount) $MembersInMultipleDomains = $true } } diff --git a/DSCResources/MSFT_xADOrganizationalUnit/MSFT_xADOrganizationalUnit.psm1 b/DSCResources/MSFT_xADOrganizationalUnit/MSFT_xADOrganizationalUnit.psm1 index 71f75122a..06a8d7d48 100644 --- a/DSCResources/MSFT_xADOrganizationalUnit/MSFT_xADOrganizationalUnit.psm1 +++ b/DSCResources/MSFT_xADOrganizationalUnit/MSFT_xADOrganizationalUnit.psm1 @@ -19,7 +19,7 @@ function Get-TargetResource [System.String] $Path ) - Assert-Module -ModuleName 'ActiveDirectory'; + Assert-Module -ModuleName 'ActiveDirectory' Write-Verbose ($script:localizedData.RetrievingOU -f $Name) $ou = Get-ADOrganizationalUnit -Filter { Name -eq $Name } -SearchBase $Path -SearchScope OneLevel -Properties ProtectedFromAccidentalDeletion, Description @@ -162,7 +162,7 @@ function Set-TargetResource $RestoreFromRecycleBin ) - Assert-Module -ModuleName 'ActiveDirectory'; + Assert-Module -ModuleName 'ActiveDirectory' $targetResource = Get-TargetResource -Name $Name -Path $Path if ($targetResource.Ensure -eq 'Present') diff --git a/DSCResources/MSFT_xADUser/MSFT_xADUser.psm1 b/DSCResources/MSFT_xADUser/MSFT_xADUser.psm1 index b15ceb1d4..dedbc6890 100644 --- a/DSCResources/MSFT_xADUser/MSFT_xADUser.psm1 +++ b/DSCResources/MSFT_xADUser/MSFT_xADUser.psm1 @@ -363,49 +363,49 @@ function Get-TargetResource $ServicePrincipalNames ) - Assert-Module -ModuleName 'ActiveDirectory'; + Assert-Module -ModuleName 'ActiveDirectory' try { - $adCommonParameters = Get-ADCommonParameters @PSBoundParameters; + $adCommonParameters = Get-ADCommonParameters @PSBoundParameters - $adProperties = @(); + $adProperties = @() # Create an array of the AD propertie names to retrieve from the property map foreach ($property in $adPropertyMap) { if ($property.ADProperty) { - $adProperties += $property.ADProperty; + $adProperties += $property.ADProperty } else { - $adProperties += $property.Parameter; + $adProperties += $property.Parameter } } - Write-Verbose -Message ($script:localizedData.RetrievingADUser -f $UserName, $DomainName); - $adUser = Get-ADUser @adCommonParameters -Properties $adProperties; - Write-Verbose -Message ($script:localizedData.ADUserIsPresent -f $UserName, $DomainName); - $Ensure = 'Present'; + Write-Verbose -Message ($script:localizedData.RetrievingADUser -f $UserName, $DomainName) + $adUser = Get-ADUser @adCommonParameters -Properties $adProperties + Write-Verbose -Message ($script:localizedData.ADUserIsPresent -f $UserName, $DomainName) + $Ensure = 'Present' } catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] { - Write-Verbose -Message ($script:localizedData.ADUserNotPresent -f $UserName, $DomainName); - $Ensure = 'Absent'; + Write-Verbose -Message ($script:localizedData.ADUserNotPresent -f $UserName, $DomainName) + $Ensure = 'Absent' } catch { - Write-Error -Message ($script:localizedData.RetrievingADUserError -f $UserName, $DomainName); - throw $_; + Write-Error -Message ($script:localizedData.RetrievingADUserError -f $UserName, $DomainName) + throw $_ } $targetResource = @{ - DomainName = $DomainName; - Password = $Password; - UserName = $UserName; + DomainName = $DomainName + Password = $Password + UserName = $UserName DistinguishedName = $adUser.DistinguishedName; # Read-only property - Ensure = $Ensure; - DomainController = $DomainController; + Ensure = $Ensure + DomainController = $DomainController } # Retrieve each property from the ADPropertyMap and add to the hashtable @@ -416,7 +416,7 @@ function Get-TargetResource # The path returned is not the parent container if (-not [System.String]::IsNullOrEmpty($adUser.DistinguishedName)) { - $targetResource['Path'] = Get-ADObjectParentDN -DN $adUser.DistinguishedName; + $targetResource['Path'] = Get-ADObjectParentDN -DN $adUser.DistinguishedName } } elseif (($property.Parameter) -eq 'ServicePrincipalNames') { @@ -434,15 +434,15 @@ function Get-TargetResource elseif ($property.ADProperty) { # The AD property name is different to the function parameter to use this - $targetResource[$property.Parameter] = $adUser.($property.ADProperty); + $targetResource[$property.Parameter] = $adUser.($property.ADProperty) } else { # The AD property name matches the function parameter - $targetResource[$property.Parameter] = $adUser.($property.Parameter); + $targetResource[$property.Parameter] = $adUser.($property.Parameter) } } - return $targetResource; + return $targetResource } #end function Get-TargetResource @@ -753,42 +753,42 @@ function Test-TargetResource $ServicePrincipalNames ) - Assert-Parameters @PSBoundParameters; - $targetResource = Get-TargetResource @PSBoundParameters; - $isCompliant = $true; + Assert-Parameters @PSBoundParameters + $targetResource = Get-TargetResource @PSBoundParameters + $isCompliant = $true if ($Ensure -eq 'Absent') { if ($targetResource.Ensure -eq 'Present') { - Write-Verbose -Message ($script:localizedData.ADUserNotDesiredPropertyState -f 'Ensure', $PSBoundParameters.Ensure, $targetResource.Ensure); - $isCompliant = $false; + Write-Verbose -Message ($script:localizedData.ADUserNotDesiredPropertyState -f 'Ensure', $PSBoundParameters.Ensure, $targetResource.Ensure) + $isCompliant = $false } } else { # Add common name, ensure and enabled as they may not be explicitly passed and we want to enumerate them - $PSBoundParameters['Ensure'] = $Ensure; - $PSBoundParameters['Enabled'] = $Enabled; + $PSBoundParameters['Ensure'] = $Ensure + $PSBoundParameters['Enabled'] = $Enabled foreach ($parameter in $PSBoundParameters.Keys) { if ($parameter -eq 'Password' -and $PasswordNeverResets -eq $false) { $testPasswordParams = @{ - Username = $UserName; - Password = $Password; - DomainName = $DomainName; - PasswordAuthentication = $PasswordAuthentication; + Username = $UserName + Password = $Password + DomainName = $DomainName + PasswordAuthentication = $PasswordAuthentication } if ($DomainAdministratorCredential) { - $testPasswordParams['DomainAdministratorCredential'] = $DomainAdministratorCredential; + $testPasswordParams['DomainAdministratorCredential'] = $DomainAdministratorCredential } if (-not (Test-Password @testPasswordParams)) { - Write-Verbose -Message ($script:localizedData.ADUserNotDesiredPropertyState -f 'Password', '', ''); - $isCompliant = $false; + Write-Verbose -Message ($script:localizedData.ADUserNotDesiredPropertyState -f 'Password', '', '') + $isCompliant = $false } } # Only check properties that are returned by Get-TargetResource @@ -802,28 +802,28 @@ function Test-TargetResource elseif ($parameter -eq 'ServicePrincipalNames') { $testMembersParams = @{ - ExistingMembers = $targetResource.ServicePrincipalNames -as [System.String[]]; - Members = $ServicePrincipalNames; + ExistingMembers = $targetResource.ServicePrincipalNames -as [System.String[]] + Members = $ServicePrincipalNames } if (-not (Test-Members @testMembersParams)) { - $existingSPNs = $testMembersParams['ExistingMembers'] -join ','; - $desiredSPNs = $ServicePrincipalNames -join ','; + $existingSPNs = $testMembersParams['ExistingMembers'] -join ',' + $desiredSPNs = $ServicePrincipalNames -join ',' Write-Verbose -Message ($script:localizedData.ADUserNotDesiredPropertyState -f ` - 'ServicePrincipalNames', $desiredSPNs, $existingSPNs); - $isCompliant = $false; + 'ServicePrincipalNames', $desiredSPNs, $existingSPNs) + $isCompliant = $false } } elseif ($PSBoundParameters.$parameter -ne $targetResource.$parameter) { - Write-Verbose -Message ($script:localizedData.ADUserNotDesiredPropertyState -f $parameter, $PSBoundParameters.$parameter, $targetResource.$parameter); - $isCompliant = $false; + Write-Verbose -Message ($script:localizedData.ADUserNotDesiredPropertyState -f $parameter, $PSBoundParameters.$parameter, $targetResource.$parameter) + $isCompliant = $false } } } #end foreach PSBoundParameter } - return $isCompliant; + return $isCompliant } #end function Test-TargetResource @@ -1133,12 +1133,12 @@ function Set-TargetResource $ServicePrincipalNames ) - Assert-Parameters @PSBoundParameters; - $targetResource = Get-TargetResource @PSBoundParameters; + Assert-Parameters @PSBoundParameters + $targetResource = Get-TargetResource @PSBoundParameters # Add common name, ensure and enabled as they may not be explicitly passed - $PSBoundParameters['Ensure'] = $Ensure; - $PSBoundParameters['Enabled'] = $Enabled; + $PSBoundParameters['Ensure'] = $Ensure + $PSBoundParameters['Enabled'] = $Enabled if ($Ensure -eq 'Present') { @@ -1155,26 +1155,26 @@ function Set-TargetResource if (-not $RestoreFromRecycleBin -or ($RestoreFromRecycleBin -and -not $restorationSuccessful)) { # User does not exist and needs creating - $newADUserParams = Get-ADCommonParameters @PSBoundParameters -UseNameParameter; + $newADUserParams = Get-ADCommonParameters @PSBoundParameters -UseNameParameter if ($PSBoundParameters.ContainsKey('Path')) { - $newADUserParams['Path'] = $Path; + $newADUserParams['Path'] = $Path } # Populate the AccountPassword parameter of New-ADUser if password declared if ($PSBoundParameters.ContainsKey('Password')) { - $newADUserParams['AccountPassword'] = $Password.Password; + $newADUserParams['AccountPassword'] = $Password.Password } - Write-Verbose -Message ($script:localizedData.AddingADUser -f $UserName); - New-ADUser @newADUserParams -SamAccountName $UserName; + Write-Verbose -Message ($script:localizedData.AddingADUser -f $UserName) + New-ADUser @newADUserParams -SamAccountName $UserName # Now retrieve the newly created user - $targetResource = Get-TargetResource @PSBoundParameters; + $targetResource = Get-TargetResource @PSBoundParameters } } - $setADUserParams = Get-ADCommonParameters @PSBoundParameters; - $replaceUserProperties = @{ }; - $removeUserProperties = @{ }; + $setADUserParams = Get-ADCommonParameters @PSBoundParameters + $replaceUserProperties = @{ } + $removeUserProperties = @{ } foreach ($parameter in $PSBoundParameters.Keys) { # Only check/action properties specified/declared parameters that match one of the function's @@ -1184,43 +1184,43 @@ function Set-TargetResource if ($parameter -eq 'Path' -and ($PSBoundParameters.Path -ne $targetResource.Path)) { # Cannot move users by updating the DistinguishedName property - $adCommonParameters = Get-ADCommonParameters @PSBoundParameters; + $adCommonParameters = Get-ADCommonParameters @PSBoundParameters # Using the SamAccountName for identity with Move-ADObject does not work, use the DN instead - $adCommonParameters['Identity'] = $targetResource.DistinguishedName; - Write-Verbose -Message ($script:localizedData.MovingADUser -f $targetResource.Path, $PSBoundParameters.Path); - Move-ADObject @adCommonParameters -TargetPath $PSBoundParameters.Path; + $adCommonParameters['Identity'] = $targetResource.DistinguishedName + Write-Verbose -Message ($script:localizedData.MovingADUser -f $targetResource.Path, $PSBoundParameters.Path) + Move-ADObject @adCommonParameters -TargetPath $PSBoundParameters.Path } elseif ($parameter -eq 'CommonName' -and ($PSBoundParameters.CommonName -ne $targetResource.CommonName)) { # Cannot rename users by updating the CN property directly - $adCommonParameters = Get-ADCommonParameters @PSBoundParameters; + $adCommonParameters = Get-ADCommonParameters @PSBoundParameters # Using the SamAccountName for identity with Rename-ADObject does not work, use the DN instead - $adCommonParameters['Identity'] = $targetResource.DistinguishedName; - Write-Verbose -Message ($script:localizedData.RenamingADUser -f $targetResource.CommonName, $PSBoundParameters.CommonName); - Rename-ADObject @adCommonParameters -NewName $PSBoundParameters.CommonName; + $adCommonParameters['Identity'] = $targetResource.DistinguishedName + Write-Verbose -Message ($script:localizedData.RenamingADUser -f $targetResource.CommonName, $PSBoundParameters.CommonName) + Rename-ADObject @adCommonParameters -NewName $PSBoundParameters.CommonName } elseif ($parameter -eq 'Password' -and $PasswordNeverResets -eq $false) { - $adCommonParameters = Get-ADCommonParameters @PSBoundParameters; - Write-Verbose -Message ($script:localizedData.SettingADUserPassword -f $UserName); - Set-ADAccountPassword @adCommonParameters -Reset -NewPassword $Password.Password; + $adCommonParameters = Get-ADCommonParameters @PSBoundParameters + Write-Verbose -Message ($script:localizedData.SettingADUserPassword -f $UserName) + Set-ADAccountPassword @adCommonParameters -Reset -NewPassword $Password.Password } elseif ($parameter -eq 'Enabled' -and ($PSBoundParameters.$parameter -ne $targetResource.$parameter)) { # We cannot enable/disable an account with -Add or -Replace parameters, but inform that # we will change this as it is out of compliance (it always gets set anyway) - Write-Verbose -Message ($script:localizedData.UpdatingADUserProperty -f $parameter, $PSBoundParameters.$parameter); + Write-Verbose -Message ($script:localizedData.UpdatingADUserProperty -f $parameter, $PSBoundParameters.$parameter) } elseif ($parameter -eq 'ServicePrincipalNames') { Write-Verbose -Message ($script:localizedData.UpdatingADUserProperty -f ` - 'ServicePrincipalNames', ($ServicePrincipalNames -join ',')); - $replaceUserProperties['ServicePrincipalName'] = $ServicePrincipalNames; + 'ServicePrincipalNames', ($ServicePrincipalNames -join ',')) + $replaceUserProperties['ServicePrincipalName'] = $ServicePrincipalNames } elseif ($PSBoundParameters.$parameter -ne $targetResource.$parameter) { # Find the associated AD property - $adProperty = $adPropertyMap | Where-Object { $_.Parameter -eq $parameter }; + $adProperty = $adPropertyMap | Where-Object { $_.Parameter -eq $parameter } if ([System.String]::IsNullOrEmpty($adProperty)) { @@ -1232,38 +1232,38 @@ function Set-TargetResource # Only remove if the existing value in not null or empty if (-not ([System.String]::IsNullOrEmpty($targetResource.$parameter))) { - Write-Verbose -Message ($script:localizedData.RemovingADUserProperty -f $parameter, $PSBoundParameters.$parameter); + Write-Verbose -Message ($script:localizedData.RemovingADUserProperty -f $parameter, $PSBoundParameters.$parameter) if ($adProperty.UseCmdletParameter -eq $true) { # We need to pass the parameter explicitly to Set-ADUser, not via -Remove - $setADUserParams[$adProperty.Parameter] = $PSBoundParameters.$parameter; + $setADUserParams[$adProperty.Parameter] = $PSBoundParameters.$parameter } elseif ([System.String]::IsNullOrEmpty($adProperty.ADProperty)) { - $removeUserProperties[$adProperty.Parameter] = $targetResource.$parameter; + $removeUserProperties[$adProperty.Parameter] = $targetResource.$parameter } else { - $removeUserProperties[$adProperty.ADProperty] = $targetResource.$parameter; + $removeUserProperties[$adProperty.ADProperty] = $targetResource.$parameter } } } #end if remove existing value else { # We are replacing the existing value - Write-Verbose -Message ($script:localizedData.UpdatingADUserProperty -f $parameter, $PSBoundParameters.$parameter); + Write-Verbose -Message ($script:localizedData.UpdatingADUserProperty -f $parameter, $PSBoundParameters.$parameter) if ($adProperty.UseCmdletParameter -eq $true) { # We need to pass the parameter explicitly to Set-ADUser, not via -Replace - $setADUserParams[$adProperty.Parameter] = $PSBoundParameters.$parameter; + $setADUserParams[$adProperty.Parameter] = $PSBoundParameters.$parameter } elseif ([System.String]::IsNullOrEmpty($adProperty.ADProperty)) { - $replaceUserProperties[$adProperty.Parameter] = $PSBoundParameters.$parameter; + $replaceUserProperties[$adProperty.Parameter] = $PSBoundParameters.$parameter } else { - $replaceUserProperties[$adProperty.ADProperty] = $PSBoundParameters.$parameter; + $replaceUserProperties[$adProperty.ADProperty] = $PSBoundParameters.$parameter } } #end if replace existing value } @@ -1274,22 +1274,22 @@ function Set-TargetResource # Only pass -Remove and/or -Replace if we have something to set/change if ($replaceUserProperties.Count -gt 0) { - $setADUserParams['Replace'] = $replaceUserProperties; + $setADUserParams['Replace'] = $replaceUserProperties } if ($removeUserProperties.Count -gt 0) { - $setADUserParams['Remove'] = $removeUserProperties; + $setADUserParams['Remove'] = $removeUserProperties } - Write-Verbose -Message ($script:localizedData.UpdatingADUser -f $UserName); - [ref] $null = Set-ADUser @setADUserParams -Enabled $Enabled; + Write-Verbose -Message ($script:localizedData.UpdatingADUser -f $UserName) + [ref] $null = Set-ADUser @setADUserParams -Enabled $Enabled } elseif (($Ensure -eq 'Absent') -and ($targetResource.Ensure -eq 'Present')) { # User exists and needs removing - Write-Verbose ($script:localizedData.RemovingADUser -f $UserName); - $adCommonParameters = Get-ADCommonParameters @PSBoundParameters; - [ref] $null = Remove-ADUser @adCommonParameters -Confirm:$false; + Write-Verbose ($script:localizedData.RemovingADUser -f $UserName) + $adCommonParameters = Get-ADCommonParameters @PSBoundParameters + [ref] $null = Remove-ADUser @adCommonParameters -Confirm:$false } } #end function Set-TargetResource @@ -1328,10 +1328,10 @@ function Assert-Parameters if (($PSBoundParameters.ContainsKey('Password')) -and ($Enabled -eq $false)) { $throwInvalidArgumentErrorParams = @{ - ErrorId = 'xADUser_DisabledAccountPasswordConflict'; - ErrorMessage = $script:localizedData.PasswordParameterConflictError -f 'Enabled', $false, 'Password'; + ErrorId = 'xADUser_DisabledAccountPasswordConflict' + ErrorMessage = $script:localizedData.PasswordParameterConflictError -f 'Enabled', $false, 'Password' } - ThrowInvalidArgumentError @throwInvalidArgumentErrorParams; + ThrowInvalidArgumentError @throwInvalidArgumentErrorParams } # ChangePasswordAtLogon cannot be set for an account that also has PasswordNeverExpires set @@ -1379,8 +1379,8 @@ function Test-Password $PasswordAuthentication ) - Write-Verbose -Message ($script:localizedData.CreatingADDomainConnection -f $DomainName); - Add-Type -AssemblyName 'System.DirectoryServices.AccountManagement'; + Write-Verbose -Message ($script:localizedData.CreatingADDomainConnection -f $DomainName) + Add-Type -AssemblyName 'System.DirectoryServices.AccountManagement' if ($DomainAdministratorCredential) { @@ -1389,7 +1389,7 @@ function Test-Password $DomainName, $DomainAdministratorCredential.UserName, $DomainAdministratorCredential.GetNetworkCredential().Password - ); + ) } else { @@ -1398,9 +1398,9 @@ function Test-Password $DomainName, $null, $null - ); + ) } - Write-Verbose -Message ($script:localizedData.CheckingADUserPassword -f $UserName); + Write-Verbose -Message ($script:localizedData.CheckingADUserPassword -f $UserName) if ($PasswordAuthentication -eq 'Negotiate') { @@ -1410,7 +1410,7 @@ function Test-Password [System.DirectoryServices.AccountManagement.ContextOptions]::Negotiate -bor [System.DirectoryServices.AccountManagement.ContextOptions]::Signing -bor [System.DirectoryServices.AccountManagement.ContextOptions]::Sealing - ); + ) } else { @@ -1418,7 +1418,7 @@ function Test-Password return $principalContext.ValidateCredentials( $UserName, $Password.GetNetworkCredential().Password - ); + ) } } #end function Test-Password diff --git a/DSCResources/MSFT_xWaitForADDomain/MSFT_xWaitForADDomain.psm1 b/DSCResources/MSFT_xWaitForADDomain/MSFT_xWaitForADDomain.psm1 index e1fe97e18..a72664ec2 100644 --- a/DSCResources/MSFT_xWaitForADDomain/MSFT_xWaitForADDomain.psm1 +++ b/DSCResources/MSFT_xWaitForADDomain/MSFT_xWaitForADDomain.psm1 @@ -98,7 +98,7 @@ function Set-TargetResource Remove-Item $rebootLogFile -ErrorAction SilentlyContinue } - break; + break } else { diff --git a/Tests/Unit/MSFT_xADDomain.Tests.ps1 b/Tests/Unit/MSFT_xADDomain.Tests.ps1 index 86d3b0671..dd7f18ad1 100644 --- a/Tests/Unit/MSFT_xADDomain.Tests.ps1 +++ b/Tests/Unit/MSFT_xADDomain.Tests.ps1 @@ -50,19 +50,19 @@ try Invoke-TestSetup InModuleScope $script:dscResourceName { - $correctDomainName = 'present.com'; - $incorrectDomainName = 'incorrect.com'; - $missingDomainName = 'missing.com'; + $correctDomainName = 'present.com' + $incorrectDomainName = 'incorrect.com' + $missingDomainName = 'missing.com' $forestMode = [Microsoft.DirectoryServices.Deployment.Types.ForestMode]::Win2012R2 $mgmtForestMode = [Microsoft.ActiveDirectory.Management.ADForestMode]::Windows2012R2Forest $domainMode = [Microsoft.DirectoryServices.Deployment.Types.DomainMode]::Win2012R2 $mgmtDomainMode = [Microsoft.ActiveDirectory.Management.ADDomainMode]::Windows2012R2Domain - $testAdminCredential = New-Object System.Management.Automation.PSCredential 'DummyUser', (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force); - $invalidCredential = New-Object System.Management.Automation.PSCredential 'Invalid', (ConvertTo-SecureString 'InvalidPassword' -AsPlainText -Force); + $testAdminCredential = New-Object System.Management.Automation.PSCredential 'DummyUser', (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force) + $invalidCredential = New-Object System.Management.Automation.PSCredential 'Invalid', (ConvertTo-SecureString 'InvalidPassword' -AsPlainText -Force) $testDefaultParams = @{ - DomainAdministratorCredential = $testAdminCredential; - SafemodeAdministratorPassword = $testAdminCredential; + DomainAdministratorCredential = $testAdminCredential + SafemodeAdministratorPassword = $testAdminCredential } #region Function Get-TargetResource @@ -78,7 +78,7 @@ try } Mock -CommandName Get-ADForest -MockWith { [psobject]@{ForestMode = $mgmtForestMode} } - $result = Get-TargetResource @testDefaultParams -DomainName $correctDomainName; + $result = Get-TargetResource @testDefaultParams -DomainName $correctDomainName Assert-MockCalled -CommandName Assert-Module -ParameterFilter { $ModuleName -eq 'ADDSDeployment' } -Scope It } @@ -93,9 +93,9 @@ try Mock -CommandName Get-ADForest -MockWith { [psobject]@{ForestMode = $mgmtForestMode} } - $result = Get-TargetResource @testDefaultParams -DomainName $correctDomainName; + $result = Get-TargetResource @testDefaultParams -DomainName $correctDomainName - $result -is [System.Collections.Hashtable] | Should Be $true; + $result -is [System.Collections.Hashtable] | Should Be $true } It 'Calls "Get-ADDomain" without credentials if domain member' { @@ -107,7 +107,7 @@ try } } - $result = Get-TargetResource @testDefaultParams -DomainName $correctDomainName; + $result = Get-TargetResource @testDefaultParams -DomainName $correctDomainName Assert-MockCalled -CommandName Get-ADDomain -ParameterFilter { $Credential -eq $null } -Scope It } @@ -122,34 +122,34 @@ try } Mock -CommandName Get-ADForest -ParameterFilter { $Credential -eq $null } -MockWith { [psobject]@{ForestMode = $mgmtForestMode} } - $result = Get-TargetResource @testDefaultParams -DomainName $correctDomainName; + $result = Get-TargetResource @testDefaultParams -DomainName $correctDomainName Assert-MockCalled -CommandName Get-ADForest -ParameterFilter { $Credential -eq $null } -Scope It } It 'Throws "Invalid credentials" when domain is available but authentication fails' { Mock -CommandName Get-ADDomain -ParameterFilter { $Identity.ToString() -eq $incorrectDomainName } -MockWith { - Write-Error -Exception (New-Object System.Security.Authentication.AuthenticationException); + Write-Error -Exception (New-Object System.Security.Authentication.AuthenticationException) } ## Match operator is case-sensitive! - { Get-TargetResource @testDefaultParams -DomainName $incorrectDomainName } | Should Throw 'invalid credentials'; + { Get-TargetResource @testDefaultParams -DomainName $incorrectDomainName } | Should Throw 'invalid credentials' } It 'Throws "Computer is already a domain member" when is already a domain member' { Mock -CommandName Get-ADDomain -ParameterFilter { $Identity.ToString() -eq $incorrectDomainName } -MockWith { - Write-Error -Exception (New-Object Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException); + Write-Error -Exception (New-Object Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException) } - { Get-TargetResource @testDefaultParams -DomainName $incorrectDomainName } | Should Throw 'Computer is already a domain member'; + { Get-TargetResource @testDefaultParams -DomainName $incorrectDomainName } | Should Throw 'Computer is already a domain member' } It 'Does not throw when domain cannot be located' { Mock -CommandName Get-ADDomain -ParameterFilter { $Identity.ToString() -eq $missingDomainName } -MockWith { - Write-Error -Exception (New-Object Microsoft.ActiveDirectory.Management.ADServerDownException); + Write-Error -Exception (New-Object Microsoft.ActiveDirectory.Management.ADServerDownException) } - { Get-TargetResource @testDefaultParams -DomainName $missingDomainName } | Should Not Throw; + { Get-TargetResource @testDefaultParams -DomainName $missingDomainName } | Should Not Throw } It 'Returns the correct domain mode' { @@ -180,76 +180,76 @@ try #region Function Test-TargetResource Describe 'xADDomain\Test-TargetResource' { - $correctDomainName = 'present.com'; - $correctChildDomainName = 'present'; - $correctDomainNetBIOSName = 'PRESENT'; - $incorrectDomainName = 'incorrect.com'; - $parentDomainName = 'parent.com'; - $testAdminCredential = New-Object System.Management.Automation.PSCredential 'DummyUser', (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force); + $correctDomainName = 'present.com' + $correctChildDomainName = 'present' + $correctDomainNetBIOSName = 'PRESENT' + $incorrectDomainName = 'incorrect.com' + $parentDomainName = 'parent.com' + $testAdminCredential = New-Object System.Management.Automation.PSCredential 'DummyUser', (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force) $testDefaultParams = @{ - DomainAdministratorCredential = $testAdminCredential; - SafemodeAdministratorPassword = $testAdminCredential; + DomainAdministratorCredential = $testAdminCredential + SafemodeAdministratorPassword = $testAdminCredential } $stubDomain = @{ - DomainName = $correctDomainName; - DomainNetBIOSName = $correctDomainNetBIOSName; + DomainName = $correctDomainName + DomainNetBIOSName = $correctDomainNetBIOSName } ## Get-TargetResource returns the domain FQDN for .DomainName $stubChildDomain = @{ - DomainName = "$correctChildDomainName.$parentDomainName"; - ParentDomainName = $parentDomainName; - DomainNetBIOSName = $correctDomainNetBIOSName; + DomainName = "$correctChildDomainName.$parentDomainName" + ParentDomainName = $parentDomainName + DomainNetBIOSName = $correctDomainNetBIOSName } It 'Returns "True" when "DomainName" matches' { Mock -CommandName Get-TargetResource -MockWith { return $stubDomain; } - $result = Test-TargetResource @testDefaultParams -DomainName $correctDomainName; + $result = Test-TargetResource @testDefaultParams -DomainName $correctDomainName - $result | Should Be $true; + $result | Should Be $true } It 'Returns "False" when "DomainName" does not match' { Mock -CommandName Get-TargetResource -MockWith { return $stubDomain; } - $result = Test-TargetResource @testDefaultParams -DomainName $incorrectDomainName; + $result = Test-TargetResource @testDefaultParams -DomainName $incorrectDomainName - $result | Should Be $false; + $result | Should Be $false } It 'Returns "True" when "DomainNetBIOSName" matches' { Mock -CommandName Get-TargetResource -MockWith { return $stubDomain; } - $result = Test-TargetResource @testDefaultParams -DomainName $correctDomainName -DomainNetBIOSName $correctDomainNetBIOSName; + $result = Test-TargetResource @testDefaultParams -DomainName $correctDomainName -DomainNetBIOSName $correctDomainNetBIOSName - $result | Should Be $true; + $result | Should Be $true } It 'Returns "False" when "DomainNetBIOSName" does not match' { Mock -CommandName Get-TargetResource -MockWith { return $stubDomain; } - $result = Test-TargetResource @testDefaultParams -DomainName $correctDomainName -DomainNetBIOSName 'INCORRECT'; + $result = Test-TargetResource @testDefaultParams -DomainName $correctDomainName -DomainNetBIOSName 'INCORRECT' - $result | Should Be $false; + $result | Should Be $false } It 'Returns "True" when "ParentDomainName" matches' { Mock -CommandName Get-TargetResource -MockWith { return $stubChildDomain; } - $result = Test-TargetResource @testDefaultParams -DomainName $correctChildDomainName -ParentDomainName $parentDomainName; + $result = Test-TargetResource @testDefaultParams -DomainName $correctChildDomainName -ParentDomainName $parentDomainName - $result | Should Be $true; + $result | Should Be $true } It 'Returns "False" when "ParentDomainName" does not match' { Mock -CommandName Get-TargetResource -MockWith { return $stubChildDomain; } - $result = Test-TargetResource @testDefaultParams -DomainName $correctChildDomainName -ParentDomainName 'incorrect.com'; + $result = Test-TargetResource @testDefaultParams -DomainName $correctChildDomainName -ParentDomainName 'incorrect.com' - $result | Should Be $false; + $result | Should Be $false } } @@ -275,32 +275,32 @@ try ) } - $testDomainName = 'present.com'; - $testParentDomainName = 'parent.com'; - $testDomainNetBIOSNameName = 'PRESENT'; - $testDomainForestMode = 'WinThreshold'; - $testAdminCredential = New-Object System.Management.Automation.PSCredential 'Admin', (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force); - $testSafemodePassword = (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force); - $testSafemodeCredential = New-Object System.Management.Automation.PSCredential 'Safemode', $testSafemodePassword; - $testDelegationCredential = New-Object System.Management.Automation.PSCredential 'Delegation', (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force); + $testDomainName = 'present.com' + $testParentDomainName = 'parent.com' + $testDomainNetBIOSNameName = 'PRESENT' + $testDomainForestMode = 'WinThreshold' + $testAdminCredential = New-Object System.Management.Automation.PSCredential 'Admin', (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force) + $testSafemodePassword = (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force) + $testSafemodeCredential = New-Object System.Management.Automation.PSCredential 'Safemode', $testSafemodePassword + $testDelegationCredential = New-Object System.Management.Automation.PSCredential 'Delegation', (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force) $newForestParams = @{ - DomainName = $testDomainName; - DomainAdministratorCredential = $testAdminCredential; - SafemodeAdministratorPassword = $testSafemodeCredential; + DomainName = $testDomainName + DomainAdministratorCredential = $testAdminCredential + SafemodeAdministratorPassword = $testSafemodeCredential } $newDomainParams = @{ - DomainName = $testDomainName; - ParentDomainName = $testParentDomainName; - DomainAdministratorCredential = $testAdminCredential; - SafemodeAdministratorPassword = $testSafemodeCredential; + DomainName = $testDomainName + ParentDomainName = $testParentDomainName + DomainAdministratorCredential = $testAdminCredential + SafemodeAdministratorPassword = $testSafemodeCredential } $stubTargetResource = @{ - DomainName = $testDomainName; - ParentDomainName = $testParentDomainName; - DomainNetBIOSName = $testDomainNetBIOSNameName; + DomainName = $testDomainName + ParentDomainName = $testParentDomainName + DomainNetBIOSName = $testDomainNetBIOSNameName ForestName = $testParentDomainName ForestMode = $testDomainForestMode DomainMode = $testDomainForestMode @@ -310,7 +310,7 @@ try It 'Calls "Install-ADDSForest" with "DomainName" when creating forest' { Mock -CommandName Install-ADDSForest -ParameterFilter { $DomainName -eq $testDomainName } - Set-TargetResource @newForestParams; + Set-TargetResource @newForestParams Assert-MockCalled -CommandName Install-ADDSForest -ParameterFilter { $DomainName -eq $testDomainName } -Scope It } @@ -318,7 +318,7 @@ try It 'Calls "Install-ADDSForest" with "SafemodeAdministratorPassword" when creating forest' { Mock -CommandName Install-ADDSForest -ParameterFilter { $SafemodeAdministratorPassword -eq $testSafemodePassword } - Set-TargetResource @newForestParams; + Set-TargetResource @newForestParams Assert-MockCalled -CommandName Install-ADDSForest -ParameterFilter { $SafemodeAdministratorPassword -eq $testSafemodePassword } -Scope It } @@ -326,7 +326,7 @@ try It 'Calls "Install-ADDSForest" with "DnsDelegationCredential" when creating forest, if specified' { Mock -CommandName Install-ADDSForest -ParameterFilter { $DnsDelegationCredential -eq $testDelegationCredential } - Set-TargetResource @newForestParams -DnsDelegationCredential $testDelegationCredential; + Set-TargetResource @newForestParams -DnsDelegationCredential $testDelegationCredential Assert-MockCalled -CommandName Install-ADDSForest -ParameterFilter { $DnsDelegationCredential -eq $testDelegationCredential } -Scope It } @@ -334,34 +334,34 @@ try It 'Calls "Install-ADDSForest" with "CreateDnsDelegation" when creating forest, if specified' { Mock -CommandName Install-ADDSForest -ParameterFilter { $CreateDnsDelegation -eq $true } - Set-TargetResource @newForestParams -DnsDelegationCredential $testDelegationCredential; + Set-TargetResource @newForestParams -DnsDelegationCredential $testDelegationCredential Assert-MockCalled -CommandName Install-ADDSForest -ParameterFilter { $CreateDnsDelegation -eq $true } -Scope It } It 'Calls "Install-ADDSForest" with "DatabasePath" when creating forest, if specified' { - $testPath = 'TestPath'; + $testPath = 'TestPath' Mock -CommandName Install-ADDSForest -ParameterFilter { $DatabasePath -eq $testPath } - Set-TargetResource @newForestParams -DatabasePath $testPath; + Set-TargetResource @newForestParams -DatabasePath $testPath Assert-MockCalled -CommandName Install-ADDSForest -ParameterFilter { $DatabasePath -eq $testPath } -Scope It } It 'Calls "Install-ADDSForest" with "LogPath" when creating forest, if specified' { - $testPath = 'TestPath'; + $testPath = 'TestPath' Mock -CommandName Install-ADDSForest -ParameterFilter { $LogPath -eq $testPath } - Set-TargetResource @newForestParams -LogPath $testPath; + Set-TargetResource @newForestParams -LogPath $testPath Assert-MockCalled -CommandName Install-ADDSForest -ParameterFilter { $LogPath -eq $testPath } -Scope It } It 'Calls "Install-ADDSForest" with "SysvolPath" when creating forest, if specified' { - $testPath = 'TestPath'; + $testPath = 'TestPath' Mock -CommandName Install-ADDSForest -ParameterFilter { $SysvolPath -eq $testPath } - Set-TargetResource @newForestParams -SysvolPath $testPath; + Set-TargetResource @newForestParams -SysvolPath $testPath Assert-MockCalled -CommandName Install-ADDSForest -ParameterFilter { $SysvolPath -eq $testPath } -Scope It } @@ -369,7 +369,7 @@ try It 'Calls "Install-ADDSForest" with "DomainNetbiosName" when creating forest, if specified' { Mock -CommandName Install-ADDSForest -ParameterFilter { $DomainNetbiosName -eq $testDomainNetBIOSNameName } - Set-TargetResource @newForestParams -DomainNetBIOSName $testDomainNetBIOSNameName; + Set-TargetResource @newForestParams -DomainNetBIOSName $testDomainNetBIOSNameName Assert-MockCalled -CommandName Install-ADDSForest -ParameterFilter { $DomainNetbiosName -eq $testDomainNetBIOSNameName } -Scope It } @@ -377,7 +377,7 @@ try It 'Calls "Install-ADDSForest" with "ForestMode" when creating forest, if specified' { Mock -CommandName Install-ADDSForest -ParameterFilter { $ForestMode -eq $testDomainForestMode } - Set-TargetResource @newForestParams -ForestMode $testDomainForestMode; + Set-TargetResource @newForestParams -ForestMode $testDomainForestMode Assert-MockCalled -CommandName Install-ADDSForest -ParameterFilter { $ForestMode -eq $testDomainForestMode } -Scope It } @@ -385,7 +385,7 @@ try It 'Calls "Install-ADDSForest" with "DomainMode" when creating forest, if specified' { Mock -CommandName Install-ADDSForest -ParameterFilter { $DomainMode -eq $testDomainForestMode } - Set-TargetResource @newForestParams -DomainMode $testDomainForestMode; + Set-TargetResource @newForestParams -DomainMode $testDomainForestMode Assert-MockCalled -CommandName Install-ADDSForest -ParameterFilter { $DomainMode -eq $testDomainForestMode } -Scope It } @@ -395,7 +395,7 @@ try It 'Calls "Install-ADDSDomain" with "NewDomainName" when creating child domain' { Mock -CommandName Install-ADDSDomain -ParameterFilter { $NewDomainName -eq $testDomainName } - Set-TargetResource @newDomainParams; + Set-TargetResource @newDomainParams Assert-MockCalled -CommandName Install-ADDSDomain -ParameterFilter { $NewDomainName -eq $testDomainName } -Scope It } @@ -403,7 +403,7 @@ try It 'Calls "Install-ADDSDomain" with "ParentDomainName" when creating child domain' { Mock -CommandName Install-ADDSDomain -ParameterFilter { $ParentDomainName -eq $testParentDomainName } - Set-TargetResource @newDomainParams; + Set-TargetResource @newDomainParams Assert-MockCalled -CommandName Install-ADDSDomain -ParameterFilter { $ParentDomainName -eq $testParentDomainName } -Scope It } @@ -411,7 +411,7 @@ try It 'Calls "Install-ADDSDomain" with "DomainType" when creating child domain' { Mock -CommandName Install-ADDSDomain -ParameterFilter { $DomainType -eq 'ChildDomain' } - Set-TargetResource @newDomainParams; + Set-TargetResource @newDomainParams Assert-MockCalled -CommandName Install-ADDSDomain -ParameterFilter { $DomainType -eq 'ChildDomain' } -Scope It } @@ -419,7 +419,7 @@ try It 'Calls "Install-ADDSDomain" with "SafemodeAdministratorPassword" when creating child domain' { Mock -CommandName Install-ADDSDomain -ParameterFilter { $SafemodeAdministratorPassword -eq $testSafemodePassword } - Set-TargetResource @newDomainParams; + Set-TargetResource @newDomainParams Assert-MockCalled -CommandName Install-ADDSDomain -ParameterFilter { $SafemodeAdministratorPassword -eq $testSafemodePassword } -Scope It } @@ -427,7 +427,7 @@ try It 'Calls "Install-ADDSDomain" with "Credential" when creating child domain' { Mock -CommandName Install-ADDSDomain -ParameterFilter { $Credential -eq $testParentDomainName } - Set-TargetResource @newDomainParams; + Set-TargetResource @newDomainParams Assert-MockCalled -CommandName Install-ADDSDomain -ParameterFilter { $ParentDomainName -eq $testParentDomainName } -Scope It } @@ -435,7 +435,7 @@ try It 'Calls "Install-ADDSDomain" with "ParentDomainName" when creating child domain' { Mock -CommandName Install-ADDSDomain -ParameterFilter { $ParentDomainName -eq $testParentDomainName } - Set-TargetResource @newDomainParams; + Set-TargetResource @newDomainParams Assert-MockCalled -CommandName Install-ADDSDomain -ParameterFilter { $ParentDomainName -eq $testParentDomainName } -Scope It } @@ -443,7 +443,7 @@ try It 'Calls "Install-ADDSDomain" with "DnsDelegationCredential" when creating child domain, if specified' { Mock -CommandName Install-ADDSDomain -ParameterFilter { $DnsDelegationCredential -eq $testDelegationCredential } - Set-TargetResource @newDomainParams -DnsDelegationCredential $testDelegationCredential; + Set-TargetResource @newDomainParams -DnsDelegationCredential $testDelegationCredential Assert-MockCalled -CommandName Install-ADDSDomain -ParameterFilter { $DnsDelegationCredential -eq $testDelegationCredential } -Scope It } @@ -451,34 +451,34 @@ try It 'Calls "Install-ADDSDomain" with "CreateDnsDelegation" when creating child domain, if specified' { Mock -CommandName Install-ADDSDomain -ParameterFilter { $CreateDnsDelegation -eq $true } - Set-TargetResource @newDomainParams -DnsDelegationCredential $testDelegationCredential; + Set-TargetResource @newDomainParams -DnsDelegationCredential $testDelegationCredential Assert-MockCalled -CommandName Install-ADDSDomain -ParameterFilter { $CreateDnsDelegation -eq $true } -Scope It } It 'Calls "Install-ADDSDomain" with "DatabasePath" when creating child domain, if specified' { - $testPath = 'TestPath'; + $testPath = 'TestPath' Mock -CommandName Install-ADDSDomain -ParameterFilter { $DatabasePath -eq $testPath } - Set-TargetResource @newDomainParams -DatabasePath $testPath; + Set-TargetResource @newDomainParams -DatabasePath $testPath Assert-MockCalled -CommandName Install-ADDSDomain -ParameterFilter { $DatabasePath -eq $testPath } -Scope It } It 'Calls "Install-ADDSDomain" with "LogPath" when creating child domain, if specified' { - $testPath = 'TestPath'; + $testPath = 'TestPath' Mock -CommandName Install-ADDSDomain -ParameterFilter { $LogPath -eq $testPath } - Set-TargetResource @newDomainParams -LogPath $testPath; + Set-TargetResource @newDomainParams -LogPath $testPath Assert-MockCalled -CommandName Install-ADDSDomain -ParameterFilter { $LogPath -eq $testPath } -Scope It } It 'Calls "Install-ADDSDomain" with "SysvolPath" when creating child domain, if specified' { - $testPath = 'TestPath'; + $testPath = 'TestPath' Mock -CommandName Install-ADDSDomain -ParameterFilter { $SysvolPath -eq $testPath } - Set-TargetResource @newDomainParams -SysvolPath $testPath; + Set-TargetResource @newDomainParams -SysvolPath $testPath Assert-MockCalled -CommandName Install-ADDSDomain -ParameterFilter { $SysvolPath -eq $testPath } -Scope It } @@ -486,7 +486,7 @@ try It 'Calls "Install-ADDSDomain" with "NewDomainNetbiosName" when creating child domain, if specified' { Mock -CommandName Install-ADDSDomain -ParameterFilter { $NewDomainNetbiosName -eq $testDomainNetBIOSNameName } - Set-TargetResource @newDomainParams -DomainNetBIOSName $testDomainNetBIOSNameName; + Set-TargetResource @newDomainParams -DomainNetBIOSName $testDomainNetBIOSNameName Assert-MockCalled -CommandName Install-ADDSDomain -ParameterFilter { $NewDomainNetbiosName -eq $testDomainNetBIOSNameName } -Scope It } @@ -494,7 +494,7 @@ try It 'Calls "Install-ADDSDomain" with "DomainMode" when creating child domain, if specified' { Mock -CommandName Install-ADDSDomain -ParameterFilter { $DomainMode -eq $testDomainForestMode } - Set-TargetResource @newDomainParams -DomainMode $testDomainForestMode; + Set-TargetResource @newDomainParams -DomainMode $testDomainForestMode Assert-MockCalled -CommandName Install-ADDSDomain -ParameterFilter { $DomainMode -eq $testDomainForestMode } -Scope It } diff --git a/Tests/Unit/MSFT_xADDomainDefaultPasswordPolicy.Tests.ps1 b/Tests/Unit/MSFT_xADDomainDefaultPasswordPolicy.Tests.ps1 index 471947270..b55ace962 100644 --- a/Tests/Unit/MSFT_xADDomainDefaultPasswordPolicy.Tests.ps1 +++ b/Tests/Unit/MSFT_xADDomainDefaultPasswordPolicy.Tests.ps1 @@ -39,24 +39,24 @@ try Invoke-TestSetup InModuleScope $script:dscResourceName { - $testDomainName = 'contoso.com'; + $testDomainName = 'contoso.com' $testDefaultParams = @{ - DomainName = $testDomainName; + DomainName = $testDomainName } - $testDomainController = 'testserver.contoso.com'; - $testPassword = (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force); - $testCredential = New-Object System.Management.Automation.PSCredential 'Safemode', $testPassword; + $testDomainController = 'testserver.contoso.com' + $testPassword = (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force) + $testCredential = New-Object System.Management.Automation.PSCredential 'Safemode', $testPassword $fakePasswordPolicy = @{ - ComplexityEnabled = $true; - LockoutDuration = New-TimeSpan -Minutes 30; - LockoutObservationWindow = New-TimeSpan -Minutes 30; - LockoutThreshold = 3; - MinPasswordAge = New-TimeSpan -Days 1; - MaxPasswordAge = New-TimeSpan -Days 42; - MinPasswordLength = 7; - PasswordHistoryCount = 12; - ReversibleEncryptionEnabled = $false; + ComplexityEnabled = $true + LockoutDuration = New-TimeSpan -Minutes 30 + LockoutObservationWindow = New-TimeSpan -Minutes 30 + LockoutThreshold = 3 + MinPasswordAge = New-TimeSpan -Days 1 + MaxPasswordAge = New-TimeSpan -Days 42 + MinPasswordLength = 7 + PasswordHistoryCount = 12 + ReversibleEncryptionEnabled = $false } #region Function Get-TargetResource @@ -66,7 +66,7 @@ try It 'Calls "Assert-Module" to check "ActiveDirectory" module is installed' { Mock -CommandName Get-ADDefaultDomainPasswordPolicy { return $fakePasswordPolicy; } - $result = Get-TargetResource @testDefaultParams; + $result = Get-TargetResource @testDefaultParams Assert-MockCalled -CommandName Assert-Module -ParameterFilter { $ModuleName -eq 'ActiveDirectory' } -Scope It } @@ -74,15 +74,15 @@ try It 'Returns "System.Collections.Hashtable" object type' { Mock -CommandName Get-ADDefaultDomainPasswordPolicy { return $fakePasswordPolicy; } - $result = Get-TargetResource @testDefaultParams; + $result = Get-TargetResource @testDefaultParams - $result -is [System.Collections.Hashtable] | Should Be $true; + $result -is [System.Collections.Hashtable] | Should Be $true } It 'Calls "Get-ADDefaultDomainPasswordPolicy" without credentials by default' { Mock -CommandName Get-ADDefaultDomainPasswordPolicy -ParameterFilter { $Credential -eq $null } -MockWith { return $fakePasswordPolicy; } - $result = Get-TargetResource @testDefaultParams; + $result = Get-TargetResource @testDefaultParams Assert-MockCalled -CommandName Get-ADDefaultDomainPasswordPolicy -ParameterFilter { $Credential -eq $null } -Scope It } @@ -90,7 +90,7 @@ try It 'Calls "Get-ADDefaultDomainPasswordPolicy" with credentials when specified' { Mock -CommandName Get-ADDefaultDomainPasswordPolicy -ParameterFilter { $Credential -eq $testCredential } -MockWith { return $fakePasswordPolicy; } - $result = Get-TargetResource @testDefaultParams -Credential $testCredential; + $result = Get-TargetResource @testDefaultParams -Credential $testCredential Assert-MockCalled -CommandName Get-ADDefaultDomainPasswordPolicy -ParameterFilter { $Credential -eq $testCredential } -Scope It } @@ -98,7 +98,7 @@ try It 'Calls "Get-ADDefaultDomainPasswordPolicy" without server by default' { Mock -CommandName Get-ADDefaultDomainPasswordPolicy -ParameterFilter { $Server -eq $null } -MockWith { return $fakePasswordPolicy; } - $result = Get-TargetResource @testDefaultParams; + $result = Get-TargetResource @testDefaultParams Assert-MockCalled -CommandName Get-ADDefaultDomainPasswordPolicy -ParameterFilter { $Server -eq $null } -Scope It } @@ -106,7 +106,7 @@ try It 'Calls "Get-ADDefaultDomainPasswordPolicy" with server when specified' { Mock -CommandName Get-ADDefaultDomainPasswordPolicy -ParameterFilter { $Server -eq $testDomainController } -MockWith { return $fakePasswordPolicy; } - $result = Get-TargetResource @testDefaultParams -DomainController $testDomainController; + $result = Get-TargetResource @testDefaultParams -DomainController $testDomainController Assert-MockCalled -CommandName Get-ADDefaultDomainPasswordPolicy -ParameterFilter { $Server -eq $testDomainController } -Scope It } @@ -116,38 +116,38 @@ try #region Function Test-TargetResource Describe 'xADDomainDefaultPasswordPolicy\Test-TargetResource' { - $testDomainName = 'contoso.com'; + $testDomainName = 'contoso.com' $testDefaultParams = @{ - DomainName = $testDomainName; + DomainName = $testDomainName } - $testDomainController = 'testserver.contoso.com'; - $testPassword = (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force); - $testCredential = New-Object System.Management.Automation.PSCredential 'Safemode', $testPassword; + $testDomainController = 'testserver.contoso.com' + $testPassword = (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force) + $testCredential = New-Object System.Management.Automation.PSCredential 'Safemode', $testPassword $stubPasswordPolicy = @{ - ComplexityEnabled = $true; - LockoutDuration = (New-TimeSpan -Minutes 30).TotalMinutes; - LockoutObservationWindow = (New-TimeSpan -Minutes 30).TotalMinutes; - LockoutThreshold = 3; - MinPasswordAge = (New-TimeSpan -Days 1).TotalMinutes; - MaxPasswordAge = (New-TimeSpan -Days 42).TotalMinutes; - MinPasswordLength = 7; - PasswordHistoryCount = 12; - ReversibleEncryptionEnabled = $true; + ComplexityEnabled = $true + LockoutDuration = (New-TimeSpan -Minutes 30).TotalMinutes + LockoutObservationWindow = (New-TimeSpan -Minutes 30).TotalMinutes + LockoutThreshold = 3 + MinPasswordAge = (New-TimeSpan -Days 1).TotalMinutes + MaxPasswordAge = (New-TimeSpan -Days 42).TotalMinutes + MinPasswordLength = 7 + PasswordHistoryCount = 12 + ReversibleEncryptionEnabled = $true } It 'Returns "System.Boolean" object type' { Mock -CommandName Get-TargetResource -MockWith { return $stubPasswordPolicy; } - $result = Test-TargetResource @testDefaultParams; + $result = Test-TargetResource @testDefaultParams - $result -is [System.Boolean] | Should Be $true; + $result -is [System.Boolean] | Should Be $true } It 'Calls "Get-TargetResource" with "Credential" parameter when specified' { Mock -CommandName Get-TargetResource -ParameterFilter { $Credential -eq $testCredential } { return $stubPasswordPolicy; } - $result = Test-TargetResource @testDefaultParams -Credential $testCredential; + $result = Test-TargetResource @testDefaultParams -Credential $testCredential Assert-MockCalled -CommandName Get-TargetResource -ParameterFilter { $Credential -eq $testCredential } -Scope It } @@ -155,7 +155,7 @@ try It 'Calls "Get-TargetResource" with "DomainController" parameter when specified' { Mock -CommandName Get-TargetResource -ParameterFilter { $DomainController -eq $testDomainController } { return $stubPasswordPolicy; } - $result = Test-TargetResource @testDefaultParams -DomainController $testDomainController; + $result = Test-TargetResource @testDefaultParams -DomainController $testDomainController Assert-MockCalled -CommandName Get-TargetResource -ParameterFilter { $DomainController -eq $testDomainController } -Scope It } @@ -164,34 +164,34 @@ try { It "Passes when '$propertyName' parameter matches resource property value" { Mock -CommandName Get-TargetResource -MockWith { return $stubPasswordPolicy; } - $propertyDefaultParams = $testDefaultParams.Clone(); - $propertyDefaultParams[$propertyName] = $stubPasswordPolicy[$propertyName]; + $propertyDefaultParams = $testDefaultParams.Clone() + $propertyDefaultParams[$propertyName] = $stubPasswordPolicy[$propertyName] - $result = Test-TargetResource @propertyDefaultParams; + $result = Test-TargetResource @propertyDefaultParams - $result | Should Be $true; + $result | Should Be $true } It "Fails when '$propertyName' parameter does not match resource property value" { Mock -CommandName Get-TargetResource -MockWith { return $stubPasswordPolicy; } - $propertyDefaultParams = $testDefaultParams.Clone(); + $propertyDefaultParams = $testDefaultParams.Clone() switch ($stubPasswordPolicy[$propertyName].GetType()) { 'bool' { - $propertyDefaultParams[$propertyName] = -not $stubPasswordPolicy[$propertyName]; + $propertyDefaultParams[$propertyName] = -not $stubPasswordPolicy[$propertyName] } 'string' { - $propertyDefaultParams[$propertyName] = 'not{0}' -f $stubPasswordPolicy[$propertyName]; + $propertyDefaultParams[$propertyName] = 'not{0}' -f $stubPasswordPolicy[$propertyName] } default { - $propertyDefaultParams[$propertyName] = $stubPasswordPolicy[$propertyName] + 1; + $propertyDefaultParams[$propertyName] = $stubPasswordPolicy[$propertyName] + 1 } } - $result = Test-TargetResource @propertyDefaultParams; + $result = Test-TargetResource @propertyDefaultParams - $result | Should Be $false; + $result | Should Be $false } } #end foreach property @@ -200,24 +200,24 @@ try #region Function Set-TargetResource Describe 'xADDomainDefaultPasswordPolicy\Set-TargetResource' { - $testDomainName = 'contoso.com'; + $testDomainName = 'contoso.com' $testDefaultParams = @{ - DomainName = $testDomainName; + DomainName = $testDomainName } - $testDomainController = 'testserver.contoso.com'; - $testPassword = (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force); - $testCredential = New-Object System.Management.Automation.PSCredential 'Safemode', $testPassword; + $testDomainController = 'testserver.contoso.com' + $testPassword = (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force) + $testCredential = New-Object System.Management.Automation.PSCredential 'Safemode', $testPassword $stubPasswordPolicy = @{ - ComplexityEnabled = $true; - LockoutDuration = (New-TimeSpan -Minutes 30).TotalMinutes; - LockoutObservationWindow = (New-TimeSpan -Minutes 30).TotalMinutes; - LockoutThreshold = 3; - MinPasswordAge = (New-TimeSpan -Days 1).TotalMinutes; - MaxPasswordAge = (New-TimeSpan -Days 42).TotalMinutes; - MinPasswordLength = 7; - PasswordHistoryCount = 12; - ReversibleEncryptionEnabled = $true; + ComplexityEnabled = $true + LockoutDuration = (New-TimeSpan -Minutes 30).TotalMinutes + LockoutObservationWindow = (New-TimeSpan -Minutes 30).TotalMinutes + LockoutThreshold = 3 + MinPasswordAge = (New-TimeSpan -Days 1).TotalMinutes + MaxPasswordAge = (New-TimeSpan -Days 42).TotalMinutes + MinPasswordLength = 7 + PasswordHistoryCount = 12 + ReversibleEncryptionEnabled = $true } Mock -CommandName Assert-Module -ParameterFilter { $ModuleName -eq 'ActiveDirectory' } @@ -225,7 +225,7 @@ try It 'Calls "Assert-Module" to check "ActiveDirectory" module is installed' { Mock -CommandName Set-ADDefaultDomainPasswordPolicy - $result = Set-TargetResource @testDefaultParams; + $result = Set-TargetResource @testDefaultParams Assert-MockCalled -CommandName Assert-Module -ParameterFilter { $ModuleName -eq 'ActiveDirectory' } -Scope It } @@ -233,7 +233,7 @@ try It 'Calls "Set-ADDefaultDomainPasswordPolicy" without "Credential" parameter by default' { Mock -CommandName Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $Credential -eq $null } - $result = Set-TargetResource @testDefaultParams; + $result = Set-TargetResource @testDefaultParams Assert-MockCalled -CommandName Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $Credential -eq $null } -Scope It } @@ -241,7 +241,7 @@ try It 'Calls "Set-ADDefaultDomainPasswordPolicy" with "Credential" parameter when specified' { Mock -CommandName Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $Credential -eq $testCredential } - $result = Set-TargetResource @testDefaultParams -Credential $testCredential; + $result = Set-TargetResource @testDefaultParams -Credential $testCredential Assert-MockCalled -CommandName Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $Credential -eq $testCredential } -Scope It } @@ -249,7 +249,7 @@ try It 'Calls "Set-ADDefaultDomainPasswordPolicy" without "Server" parameter by default' { Mock -CommandName Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $Server -eq $null } - $result = Set-TargetResource @testDefaultParams; + $result = Set-TargetResource @testDefaultParams Assert-MockCalled -CommandName Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $Server -eq $null } -Scope It } @@ -257,7 +257,7 @@ try It 'Calls "Set-ADDefaultDomainPasswordPolicy" with "Server" parameter when specified' { Mock -CommandName Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $Server -eq $testDomainController } - $result = Set-TargetResource @testDefaultParams -DomainController $testDomainController; + $result = Set-TargetResource @testDefaultParams -DomainController $testDomainController Assert-MockCalled -CommandName Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $Server -eq $testDomainController } -Scope It } @@ -265,11 +265,11 @@ try foreach ($propertyName in $stubPasswordPolicy.Keys) { It "Calls 'Set-ADDefaultDomainPasswordPolicy' with '$propertyName' parameter when specified" { - $propertyDefaultParams = $testDefaultParams.Clone(); - $propertyDefaultParams[$propertyName] = $stubPasswordPolicy[$propertyName]; + $propertyDefaultParams = $testDefaultParams.Clone() + $propertyDefaultParams[$propertyName] = $stubPasswordPolicy[$propertyName] Mock -CommandName Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $PSBoundParameters.ContainsKey($propertyName) } - $result = Set-TargetResource @propertyDefaultParams; + $result = Set-TargetResource @propertyDefaultParams Assert-MockCalled -CommandName Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $PSBoundParameters.ContainsKey($propertyName) } -Scope It } diff --git a/Tests/Unit/MSFT_xADGroup.Tests.ps1 b/Tests/Unit/MSFT_xADGroup.Tests.ps1 index 8428a6c49..64322d7b3 100644 --- a/Tests/Unit/MSFT_xADGroup.Tests.ps1 +++ b/Tests/Unit/MSFT_xADGroup.Tests.ps1 @@ -41,60 +41,60 @@ try InModuleScope $script:dscResourceName { $testPresentParams = @{ GroupName = 'TestGroup' - GroupScope = 'Global'; - Category = 'Security'; - Path = 'OU=Fake,DC=contoso,DC=com'; - Description = 'Test AD group description'; - DisplayName = 'Test display name'; - Ensure = 'Present'; - Notes = 'This is a test AD group'; - ManagedBy = 'CN=User 1,CN=Users,DC=contoso,DC=com'; + GroupScope = 'Global' + Category = 'Security' + Path = 'OU=Fake,DC=contoso,DC=com' + Description = 'Test AD group description' + DisplayName = 'Test display name' + Ensure = 'Present' + Notes = 'This is a test AD group' + ManagedBy = 'CN=User 1,CN=Users,DC=contoso,DC=com' } - $testAbsentParams = $testPresentParams.Clone(); - $testAbsentParams['Ensure'] = 'Absent'; + $testAbsentParams = $testPresentParams.Clone() + $testAbsentParams['Ensure'] = 'Absent' $testPresentParamsMultiDomain = $testPresentParams.Clone() $testPresentParamsMultiDomain.MembershipAttribute = 'DistinguishedName' $fakeADGroup = @{ - Name = $testPresentParams.GroupName; - Identity = $testPresentParams.GroupName; - GroupScope = $testPresentParams.GroupScope; - GroupCategory = $testPresentParams.Category; - DistinguishedName = "CN=$($testPresentParams.GroupName),$($testPresentParams.Path)"; - Description = $testPresentParams.Description; - DisplayName = $testPresentParams.DisplayName; - ManagedBy = $testPresentParams.ManagedBy; - Info = $testPresentParams.Notes; + Name = $testPresentParams.GroupName + Identity = $testPresentParams.GroupName + GroupScope = $testPresentParams.GroupScope + GroupCategory = $testPresentParams.Category + DistinguishedName = "CN=$($testPresentParams.GroupName),$($testPresentParams.Path)" + Description = $testPresentParams.Description + DisplayName = $testPresentParams.DisplayName + ManagedBy = $testPresentParams.ManagedBy + Info = $testPresentParams.Notes } $fakeADUser1 = [PSCustomObject] @{ - DistinguishedName = 'CN=User 1,CN=Users,DC=contoso,DC=com'; - ObjectGUID = 'a97cc867-0c9e-4928-8387-0dba0c883b8e'; - SamAccountName = 'USER1'; + DistinguishedName = 'CN=User 1,CN=Users,DC=contoso,DC=com' + ObjectGUID = 'a97cc867-0c9e-4928-8387-0dba0c883b8e' + SamAccountName = 'USER1' SID = 'S-1-5-21-1131554080-2861379300-292325817-1106' } $fakeADUser2 = [PSCustomObject] @{ - DistinguishedName = 'CN=User 2,CN=Users,DC=contoso,DC=com'; - ObjectGUID = 'a97cc867-0c9e-4928-8387-0dba0c883b8f'; - SamAccountName = 'USER2'; + DistinguishedName = 'CN=User 2,CN=Users,DC=contoso,DC=com' + ObjectGUID = 'a97cc867-0c9e-4928-8387-0dba0c883b8f' + SamAccountName = 'USER2' SID = 'S-1-5-21-1131554080-2861379300-292325817-1107' } $fakeADUser3 = [PSCustomObject] @{ - DistinguishedName = 'CN=User 3,CN=Users,DC=contoso,DC=com'; - ObjectGUID = 'a97cc867-0c9e-4928-8387-0dba0c883b90'; - SamAccountName = 'USER3'; + DistinguishedName = 'CN=User 3,CN=Users,DC=contoso,DC=com' + ObjectGUID = 'a97cc867-0c9e-4928-8387-0dba0c883b90' + SamAccountName = 'USER3' SID = 'S-1-5-21-1131554080-2861379300-292325817-1108' } $fakeADUser4 = [PSCustomObject] @{ - DistinguishedName = 'CN=User 4,CN=Users,DC=sub,DC=contoso,DC=com'; - ObjectGUID = 'ebafa34e-b020-40cd-8652-ee7286419869'; - SamAccountName = 'USER4'; + DistinguishedName = 'CN=User 4,CN=Users,DC=sub,DC=contoso,DC=com' + ObjectGUID = 'ebafa34e-b020-40cd-8652-ee7286419869' + SamAccountName = 'USER4' SID = 'S-1-5-21-1131554080-2861379300-292325817-1109' } - $testDomainController = 'TESTDC'; - $testCredentials = New-Object System.Management.Automation.PSCredential 'DummyUser', (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force); + $testDomainController = 'TESTDC' + $testCredentials = New-Object System.Management.Automation.PSCredential 'DummyUser', (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force) #region Function Get-TargetResource Describe 'xADGroup\Get-TargetResource' { @@ -104,7 +104,7 @@ try Mock -CommandName Get-ADGroup { return $fakeADGroup; } Mock -CommandName Get-ADGroupMember { return @($fakeADUser1, $fakeADUser2); } - $result = Get-TargetResource @testPresentParams; # -DomainName $correctDomainName; + $result = Get-TargetResource @testPresentParams; # -DomainName $correctDomainName Assert-MockCalled -CommandName Assert-Module -ParameterFilter { $ModuleName -eq 'ActiveDirectory' } -Scope It } @@ -113,13 +113,13 @@ try Mock -CommandName Get-ADGroup { return $fakeADGroup; } Mock -CommandName Get-ADGroupMember { return @($fakeADUser1, $fakeADUser2); } - (Get-TargetResource @testPresentParams).Ensure | Should Be 'Present'; + (Get-TargetResource @testPresentParams).Ensure | Should Be 'Present' } It "Returns 'Ensure' is 'Absent' when group does not exist" { Mock -CommandName Get-ADGroup { throw New-Object Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException } - (Get-TargetResource @testPresentParams).Ensure | Should Be 'Absent'; + (Get-TargetResource @testPresentParams).Ensure | Should Be 'Absent' } @@ -127,7 +127,7 @@ try Mock -CommandName Get-ADGroup -ParameterFilter { $Server -eq $testDomainController } -MockWith { return $fakeADGroup; } Mock -CommandName Get-ADGroupMember { return @($fakeADUser1, $fakeADUser2); } - Get-TargetResource @testPresentParams -DomainController $testDomainController; + Get-TargetResource @testPresentParams -DomainController $testDomainController Assert-MockCalled -CommandName Get-ADGroup -ParameterFilter { $Server -eq $testDomainController } -Scope It } @@ -136,7 +136,7 @@ try Mock -CommandName Get-ADGroup -ParameterFilter { $Credential -eq $testCredentials } -MockWith { return $fakeADGroup; } Mock -CommandName Get-ADGroupMember { return @($fakeADUser1, $fakeADUser2); } - Get-TargetResource @testPresentParams -Credential $testCredentials; + Get-TargetResource @testPresentParams -Credential $testCredentials Assert-MockCalled -CommandName Get-ADGroup -ParameterFilter { $Credential -eq $testCredentials } -Scope It } @@ -145,7 +145,7 @@ try Mock -CommandName Get-ADGroup -MockWith { return $fakeADGroup; } Mock -CommandName Get-ADGroupMember -ParameterFilter { $Server -eq $testDomainController } -MockWith { return @($fakeADUser1, $fakeADUser2); } - Get-TargetResource @testPresentParams -DomainController $testDomainController; + Get-TargetResource @testPresentParams -DomainController $testDomainController Assert-MockCalled -CommandName Get-ADGroupMember -ParameterFilter { $Server -eq $testDomainController } -Scope It } @@ -154,7 +154,7 @@ try Mock -CommandName Get-ADGroup -MockWith { return $fakeADGroup; } Mock -CommandName Get-ADGroupMember -ParameterFilter { $Credential -eq $testCredentials } -MockWith { return @($fakeADUser1, $fakeADUser2); } - Get-TargetResource @testPresentParams -Credential $testCredentials; + Get-TargetResource @testPresentParams -Credential $testCredentials Assert-MockCalled -CommandName Get-ADGroupMember -ParameterFilter { $Credential -eq $testCredentials } -Scope It } @@ -172,63 +172,63 @@ try Mock -CommandName Get-ADGroup { return $fakeADGroup; } Mock -CommandName Get-ADGroupMember { return @($fakeADUser1, $fakeADUser2); } - $targetResource = Test-TargetResource @testPresentParams -Members $fakeADUser1.$attribute, $fakeADUser2.$attribute -MembershipAttribute $attribute; + $targetResource = Test-TargetResource @testPresentParams -Members $fakeADUser1.$attribute, $fakeADUser2.$attribute -MembershipAttribute $attribute - $targetResource | Should Be $true; + $targetResource | Should Be $true } It "Fails when group membership counts do not match using '$attribute'" { Mock -CommandName Get-ADGroup { return $fakeADGroup; } Mock -CommandName Get-ADGroupMember { return @($fakeADUser1); } - $targetResource = Test-TargetResource @testPresentParams -Members $fakeADUser2.$attribute, $fakeADUser3.$attribute -MembershipAttribute $attribute; + $targetResource = Test-TargetResource @testPresentParams -Members $fakeADUser2.$attribute, $fakeADUser3.$attribute -MembershipAttribute $attribute - $targetResource | Should Be $false; + $targetResource | Should Be $false } It "Fails when group 'Members' do not match using '$attribute'" { Mock -CommandName Get-ADGroup { return $fakeADGroup; } Mock -CommandName Get-ADGroupMember { return @($fakeADUser1, $fakeADUser2); } - $targetResource = Test-TargetResource @testPresentParams -Members $fakeADUser2.$attribute, $fakeADUser3.$attribute -MembershipAttribute $attribute; + $targetResource = Test-TargetResource @testPresentParams -Members $fakeADUser2.$attribute, $fakeADUser3.$attribute -MembershipAttribute $attribute - $targetResource | Should Be $false; + $targetResource | Should Be $false } It "Passes when specified 'MembersToInclude' match using '$attribute'" { Mock -CommandName Get-ADGroup { return $fakeADGroup; } Mock -CommandName Get-ADGroupMember { return @($fakeADUser1, $fakeADUser2); } - $targetResource = Test-TargetResource @testPresentParams -MembersToInclude $fakeADUser2.$attribute -MembershipAttribute $attribute; + $targetResource = Test-TargetResource @testPresentParams -MembersToInclude $fakeADUser2.$attribute -MembershipAttribute $attribute - $targetResource | Should Be $true; + $targetResource | Should Be $true } It "Fails when specified 'MembersToInclude' are missing using '$attribute'" { Mock -CommandName Get-ADGroup { return $fakeADGroup; } Mock -CommandName Get-ADGroupMember { return @($fakeADUser1, $fakeADUser2); } - $targetResource = Test-TargetResource @testPresentParams -MembersToInclude $fakeADUser3.$attribute -MembershipAttribute $attribute; + $targetResource = Test-TargetResource @testPresentParams -MembersToInclude $fakeADUser3.$attribute -MembershipAttribute $attribute - $targetResource | Should Be $false; + $targetResource | Should Be $false } It "Passes when specified 'MembersToExclude' are missing using '$attribute'" { Mock -CommandName Get-ADGroup { return $fakeADGroup; } Mock -CommandName Get-ADGroupMember { return @($fakeADUser1, $fakeADUser2); } - $targetResource = Test-TargetResource @testPresentParams -MembersToExclude $fakeADUser3.$attribute -MembershipAttribute $attribute; + $targetResource = Test-TargetResource @testPresentParams -MembersToExclude $fakeADUser3.$attribute -MembershipAttribute $attribute - $targetResource | Should Be $true; + $targetResource | Should Be $true } It "Fails when when specified 'MembersToExclude' match using '$attribute'" { Mock -CommandName Get-ADGroup { return $fakeADGroup; } Mock -CommandName Get-ADGroupMember { return @($fakeADUser1, $fakeADUser2); } - $targetResource = Test-TargetResource @testPresentParams -MembersToExclude $fakeADUser2.$attribute -MembershipAttribute $attribute; + $targetResource = Test-TargetResource @testPresentParams -MembersToExclude $fakeADUser2.$attribute -MembershipAttribute $attribute - $targetResource | Should Be $false; + $targetResource | Should Be $false } } #end foreach attribute @@ -241,72 +241,72 @@ try It "Fails when group exists, 'Ensure' is 'Present' but 'Scope' is wrong" { Mock -CommandName Get-TargetResource -MockWith { - $duffADGroup = $testPresentParams.Clone(); - $duffADGroup['GroupScope'] = 'Universal'; - return $duffADGroup; + $duffADGroup = $testPresentParams.Clone() + $duffADGroup['GroupScope'] = 'Universal' + return $duffADGroup } - Test-TargetResource @testPresentParams | Should Be $false; + Test-TargetResource @testPresentParams | Should Be $false } It "Fails when group exists, 'Ensure' is 'Present' but 'Category' is wrong" { Mock -CommandName Get-TargetResource -MockWith { - $duffADGroup = $testPresentParams.Clone(); - $duffADGroup['Category'] = 'Distribution'; - return $duffADGroup; + $duffADGroup = $testPresentParams.Clone() + $duffADGroup['Category'] = 'Distribution' + return $duffADGroup } - Test-TargetResource @testPresentParams | Should Be $false; + Test-TargetResource @testPresentParams | Should Be $false } It "Fails when group exists, 'Ensure' is 'Present' but 'Path' is wrong" { Mock -CommandName Get-TargetResource -MockWith { - $duffADGroup = $testPresentParams.Clone(); - $duffADGroup['Path'] = 'OU=WrongPath,DC=contoso,DC=com'; - return $duffADGroup; + $duffADGroup = $testPresentParams.Clone() + $duffADGroup['Path'] = 'OU=WrongPath,DC=contoso,DC=com' + return $duffADGroup } - Test-TargetResource @testPresentParams | Should Be $false; + Test-TargetResource @testPresentParams | Should Be $false } It "Fails when group exists, 'Ensure' is 'Present' but 'Description' is wrong" { Mock -CommandName Get-TargetResource -MockWith { - $duffADGroup = $testPresentParams.Clone(); - $duffADGroup['Description'] = 'Test AD group description is wrong'; - return $duffADGroup; + $duffADGroup = $testPresentParams.Clone() + $duffADGroup['Description'] = 'Test AD group description is wrong' + return $duffADGroup } - Test-TargetResource @testPresentParams | Should Be $false; + Test-TargetResource @testPresentParams | Should Be $false } It "Fails when group exists, 'Ensure' is 'Present' but 'DisplayName' is wrong" { Mock -CommandName Get-TargetResource -MockWith { - $duffADGroup = $testPresentParams.Clone(); - $duffADGroup['DisplayName'] = 'Wrong display name'; - return $duffADGroup; + $duffADGroup = $testPresentParams.Clone() + $duffADGroup['DisplayName'] = 'Wrong display name' + return $duffADGroup } - Test-TargetResource @testPresentParams | Should Be $false; + Test-TargetResource @testPresentParams | Should Be $false } It "Fails when group exists, 'Ensure' is 'Present' but 'ManagedBy' is wrong" { Mock -CommandName Get-TargetResource -MockWith { - $duffADGroup = $testPresentParams.Clone(); - $duffADGroup['ManagedBy'] = $fakeADUser3.DistinguishedName; - return $duffADGroup; + $duffADGroup = $testPresentParams.Clone() + $duffADGroup['ManagedBy'] = $fakeADUser3.DistinguishedName + return $duffADGroup } - Test-TargetResource @testPresentParams | Should Be $false; + Test-TargetResource @testPresentParams | Should Be $false } It "Fails when group exists, 'Ensure' is 'Present' but 'Notes' is wrong" { Mock -CommandName Get-TargetResource -MockWith { - $duffADGroup = $testPresentParams.Clone(); - $duffADGroup['Notes'] = 'These notes are clearly wrong'; - return $duffADGroup; + $duffADGroup = $testPresentParams.Clone() + $duffADGroup['Notes'] = 'These notes are clearly wrong' + return $duffADGroup } - Test-TargetResource @testPresentParams | Should Be $false; + Test-TargetResource @testPresentParams | Should Be $false } It "Fails when group exists and 'Ensure' is 'Absent'" { @@ -339,15 +339,15 @@ try Mock -CommandName Set-ADGroup Mock -CommandName New-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup; } - Set-TargetResource @testPresentParams; + Set-TargetResource @testPresentParams Assert-MockCalled -CommandName New-ADGroup -Scope It } $testProperties = @{ - Description = 'Test AD Group description is wrong'; - ManagedBy = $fakeADUser3.DistinguishedName; - DisplayName = 'Test DisplayName'; + Description = 'Test AD Group description is wrong' + ManagedBy = $fakeADUser3.DistinguishedName + DisplayName = 'Test DisplayName' } foreach ($property in $testProperties.Keys) @@ -356,14 +356,14 @@ try Mock -CommandName Set-ADGroup Mock -CommandName Get-ADGroupMember Mock -CommandName Get-ADGroup -MockWith { - $duffADGroup = $fakeADGroup.Clone(); - $duffADGroup[$property] = $testProperties.$property; - return $duffADGroup; + $duffADGroup = $fakeADGroup.Clone() + $duffADGroup[$property] = $testProperties.$property + return $duffADGroup } - Set-TargetResource @testPresentParams; + Set-TargetResource @testPresentParams - Assert-MockCalled -CommandName Set-ADGroup -Scope It -Exactly 1; + Assert-MockCalled -CommandName Set-ADGroup -Scope It -Exactly 1 } } @@ -371,42 +371,42 @@ try Mock -CommandName Set-ADGroup -ParameterFilter { $GroupCategory -eq $testPresentParams.Category } Mock -CommandName Get-ADGroupMember Mock -CommandName Get-ADGroup -MockWith { - $duffADGroup = $fakeADGroup.Clone(); - $duffADGroup['GroupCategory'] = 'Distribution'; - return $duffADGroup; + $duffADGroup = $fakeADGroup.Clone() + $duffADGroup['GroupCategory'] = 'Distribution' + return $duffADGroup } - Set-TargetResource @testPresentParams; + Set-TargetResource @testPresentParams - Assert-MockCalled -CommandName Set-ADGroup -ParameterFilter { $GroupCategory -eq $testPresentParams.Category } -Scope It -Exactly 1; + Assert-MockCalled -CommandName Set-ADGroup -ParameterFilter { $GroupCategory -eq $testPresentParams.Category } -Scope It -Exactly 1 } It "Calls 'Set-ADGroup' when 'Ensure' is 'Present' and 'Notes' is specified" { Mock -CommandName Set-ADGroup -ParameterFilter { $Replace -ne $null } Mock -CommandName Get-ADGroupMember Mock -CommandName Get-ADGroup { - $duffADGroup = $fakeADGroup.Clone(); - $duffADGroup['Info'] = 'My test note..'; - return $duffADGroup; + $duffADGroup = $fakeADGroup.Clone() + $duffADGroup['Info'] = 'My test note..' + return $duffADGroup } - Set-TargetResource @testPresentParams; + Set-TargetResource @testPresentParams - Assert-MockCalled -CommandName Set-ADGroup -ParameterFilter { $Replace -ne $null } -Scope It -Exactly 1; + Assert-MockCalled -CommandName Set-ADGroup -ParameterFilter { $Replace -ne $null } -Scope It -Exactly 1 } It "Calls 'Set-ADGroup' twice when 'Ensure' is 'Present', the group exists but the 'Scope' has changed" { Mock -CommandName Set-ADGroup Mock -CommandName Get-ADGroupMember Mock -CommandName Get-ADGroup -MockWith { - $duffADGroup = $fakeADGroup.Clone(); - $duffADGroup['GroupScope'] = 'DomainLocal'; - return $duffADGroup; + $duffADGroup = $fakeADGroup.Clone() + $duffADGroup['GroupScope'] = 'DomainLocal' + return $duffADGroup } - Set-TargetResource @testPresentParams; + Set-TargetResource @testPresentParams - Assert-MockCalled -CommandName Set-ADGroup -Scope It -Exactly 2; + Assert-MockCalled -CommandName Set-ADGroup -Scope It -Exactly 2 } It "Adds group members when 'Ensure' is 'Present', the group exists and 'Members' are specified" { @@ -415,7 +415,7 @@ try Mock -CommandName Add-ADCommonGroupMember Mock -CommandName New-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup; } - Set-TargetResource @testPresentParams -Members @($fakeADUser1.SamAccountName, $fakeADUser2.SamAccountName); + Set-TargetResource @testPresentParams -Members @($fakeADUser1.SamAccountName, $fakeADUser2.SamAccountName) Assert-MockCalled -CommandName Add-ADCommonGroupMember -Scope It } @@ -429,7 +429,7 @@ try Mock -CommandName Get-ADDomainNameFromDistinguishedName -MockWith { return 'contoso.com' } Mock -CommandName Write-Verbose -ParameterFilter { $Message -and $Message -match 'Group membership objects are in .* different AD Domains.'} - Set-TargetResource @testPresentParamsMultiDomain -Members @($fakeADUser1.distinguishedName, $fakeADUser2.distinguishedName); + Set-TargetResource @testPresentParamsMultiDomain -Members @($fakeADUser1.distinguishedName, $fakeADUser2.distinguishedName) Assert-MockCalled -CommandName Get-ADDomainNameFromDistinguishedName Assert-MockCalled -CommandName Add-ADCommonGroupMember -Scope It @@ -460,7 +460,7 @@ try } Mock -CommandName Write-Verbose -ParameterFilter { $Message -and $Message -match 'Group membership objects are in .* different AD Domains.'} - Set-TargetResource @testPresentParamsMultiDomain -Members @($fakeADUser1.distinguishedName, $fakeADUser4.distinguishedName); + Set-TargetResource @testPresentParamsMultiDomain -Members @($fakeADUser1.distinguishedName, $fakeADUser4.distinguishedName) Assert-MockCalled -CommandName Get-ADDomainNameFromDistinguishedName Assert-MockCalled -CommandName Add-ADCommonGroupMember -Scope It @@ -473,7 +473,7 @@ try Mock -CommandName Add-ADCommonGroupMember Mock -CommandName New-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup; } - Set-TargetResource @testPresentParams -MembersToInclude @($fakeADUser1.SamAccountName, $fakeADUser2.SamAccountName); + Set-TargetResource @testPresentParams -MembersToInclude @($fakeADUser1.SamAccountName, $fakeADUser2.SamAccountName) Assert-MockCalled -CommandName Add-ADCommonGroupMember -Scope It } @@ -483,12 +483,12 @@ try Mock -CommandName Get-ADGroupMember Mock -CommandName Move-ADObject Mock -CommandName Get-ADGroup -MockWith { - $duffADGroup = $fakeADGroup.Clone(); - $duffADGroup['DistinguishedName'] = "CN=$($testPresentParams.GroupName),OU=WrongPath,DC=contoso,DC=com"; - return $duffADGroup; + $duffADGroup = $fakeADGroup.Clone() + $duffADGroup['DistinguishedName'] = "CN=$($testPresentParams.GroupName),OU=WrongPath,DC=contoso,DC=com" + return $duffADGroup } - Set-TargetResource @testPresentParams; + Set-TargetResource @testPresentParams Assert-MockCalled -CommandName Move-ADObject -Scope It } @@ -500,10 +500,10 @@ try Mock -CommandName Add-ADCommonGroupMember Mock -CommandName Remove-ADGroupMember - Set-TargetResource @testPresentParams -Members $fakeADuser1.SamAccountName; + Set-TargetResource @testPresentParams -Members $fakeADuser1.SamAccountName - Assert-MockCalled -CommandName Remove-ADGroupMember -Scope It -Exactly 1; - Assert-MockCalled -CommandName Add-ADCommonGroupMember -Scope It -Exactly 1; + Assert-MockCalled -CommandName Remove-ADGroupMember -Scope It -Exactly 1 + Assert-MockCalled -CommandName Add-ADCommonGroupMember -Scope It -Exactly 1 } It "Does not reset group membership when 'Ensure' is 'Present' and existing group is empty" { @@ -512,9 +512,9 @@ try Mock -CommandName Get-ADGroupMember Mock -CommandName Remove-ADGroupMember - Set-TargetResource @testPresentParams -MembersToExclude $fakeADuser1.SamAccountName; + Set-TargetResource @testPresentParams -MembersToExclude $fakeADuser1.SamAccountName - Assert-MockCalled -CommandName Remove-ADGroupMember -Scope It -Exactly 0; + Assert-MockCalled -CommandName Remove-ADGroupMember -Scope It -Exactly 0 } It "Removes members when 'Ensure' is 'Present' and 'MembersToExclude' is incorrect" { @@ -523,9 +523,9 @@ try Mock -CommandName Get-ADGroupMember -MockWith { return @($fakeADUser1, $fakeADUser2); } Mock -CommandName Remove-ADGroupMember - Set-TargetResource @testPresentParams -MembersToExclude $fakeADuser1.SamAccountName; + Set-TargetResource @testPresentParams -MembersToExclude $fakeADuser1.SamAccountName - Assert-MockCalled -CommandName Remove-ADGroupMember -Scope It -Exactly 1; + Assert-MockCalled -CommandName Remove-ADGroupMember -Scope It -Exactly 1 } It "Adds members when 'Ensure' is 'Present' and 'MembersToInclude' is incorrect" { @@ -534,16 +534,16 @@ try Mock -CommandName Get-ADGroupMember -MockWith { return @($fakeADUser1, $fakeADUser2); } Mock -CommandName Add-ADCommonGroupMember - Set-TargetResource @testPresentParams -MembersToInclude $fakeADuser3.SamAccountName; + Set-TargetResource @testPresentParams -MembersToInclude $fakeADuser3.SamAccountName - Assert-MockCalled -CommandName Add-ADCommonGroupMember -Scope It -Exactly 1; + Assert-MockCalled -CommandName Add-ADCommonGroupMember -Scope It -Exactly 1 } It "Removes group when 'Ensure' is 'Absent' and group exists" { Mock -CommandName Get-ADGroup -MockWith { return $fakeADGroup; } Mock -CommandName Remove-ADGroup - Set-TargetResource @testAbsentParams; + Set-TargetResource @testAbsentParams Assert-MockCalled -CommandName Remove-ADGroup -Scope It } @@ -554,7 +554,7 @@ try Mock -CommandName Get-ADGroupMember Mock -CommandName Set-ADGroup -ParameterFilter { $Credential -eq $testCredentials } - Set-TargetResource @testPresentParams -Credential $testCredentials; + Set-TargetResource @testPresentParams -Credential $testCredentials Assert-MockCalled -CommandName Set-ADGroup -ParameterFilter { $Credential -eq $testCredentials } -Scope It } @@ -564,7 +564,7 @@ try Mock -CommandName Set-ADGroup -ParameterFilter { $Credential -eq $testCredentials } Mock -CommandName New-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup; } - Set-TargetResource @testPresentParams -Credential $testCredentials; + Set-TargetResource @testPresentParams -Credential $testCredentials Assert-MockCalled -CommandName Set-ADGroup -ParameterFilter { $Credential -eq $testCredentials } -Scope It } @@ -574,12 +574,12 @@ try Mock -CommandName Get-ADGroupMember Mock -CommandName Move-ADObject -ParameterFilter { $Credential -eq $testCredentials } Mock -CommandName Get-ADGroup -MockWith { - $duffADGroup = $fakeADGroup.Clone(); - $duffADGroup['DistinguishedName'] = "CN=$($testPresentParams.GroupName),OU=WrongPath,DC=contoso,DC=com"; - return $duffADGroup; + $duffADGroup = $fakeADGroup.Clone() + $duffADGroup['DistinguishedName'] = "CN=$($testPresentParams.GroupName),OU=WrongPath,DC=contoso,DC=com" + return $duffADGroup } - Set-TargetResource @testPresentParams -Credential $testCredentials; + Set-TargetResource @testPresentParams -Credential $testCredentials Assert-MockCalled -CommandName Move-ADObject -ParameterFilter { $Credential -eq $testCredentials } -Scope It } @@ -655,7 +655,7 @@ try Mock -CommandName New-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup; } Mock -CommandName Restore-ADCommonObject -MockWith { return [PSCustomObject] $fakeADGroup;} - Set-TargetResource @restoreParam; + Set-TargetResource @restoreParam Assert-MockCalled -CommandName Restore-AdCommonObject -Scope It Assert-MockCalled -CommandName New-ADGroup -Scope It -Exactly -Times 0 @@ -670,7 +670,7 @@ try Mock -CommandName New-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup; } Mock -CommandName Restore-ADCommonObject - Set-TargetResource @restoreParam; + Set-TargetResource @restoreParam Assert-MockCalled -CommandName Restore-AdCommonObject -Scope It Assert-MockCalled -CommandName New-ADGroup -Scope It diff --git a/Tests/Unit/MSFT_xADManagedServiceAccount.Tests.ps1 b/Tests/Unit/MSFT_xADManagedServiceAccount.Tests.ps1 index 55d0595c1..ffe98a7f2 100644 --- a/Tests/Unit/MSFT_xADManagedServiceAccount.Tests.ps1 +++ b/Tests/Unit/MSFT_xADManagedServiceAccount.Tests.ps1 @@ -58,7 +58,7 @@ try $mockPath = 'OU=Fake,DC=contoso,DC=com' $mockDomainController = 'MockDC' - $mockCredentials = New-Object System.Management.Automation.PSCredential 'DummyUser', (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force); + $mockCredentials = New-Object System.Management.Automation.PSCredential 'DummyUser', (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force) $mockADUSer = @{ SamAccountName = 'User1' diff --git a/Tests/Unit/MSFT_xADOrganizationalUnit.Tests.ps1 b/Tests/Unit/MSFT_xADOrganizationalUnit.Tests.ps1 index 31486a75b..0e97af33f 100644 --- a/Tests/Unit/MSFT_xADOrganizationalUnit.Tests.ps1 +++ b/Tests/Unit/MSFT_xADOrganizationalUnit.Tests.ps1 @@ -44,22 +44,22 @@ try function Remove-ADOrganizationalUnit { param ($Name, $Credential) } function New-ADOrganizationalUnit { param ($Name, $Credential) } - $testCredential = New-Object System.Management.Automation.PSCredential 'DummyUser', (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force); + $testCredential = New-Object System.Management.Automation.PSCredential 'DummyUser', (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force) $testPresentParams = @{ Name = 'TestOU' - Path = 'OU=Fake,DC=contoso,DC=com'; - Description = 'Test AD OU description'; - Ensure = 'Present'; + Path = 'OU=Fake,DC=contoso,DC=com' + Description = 'Test AD OU description' + Ensure = 'Present' } - $testAbsentParams = $testPresentParams.Clone(); - $testAbsentParams['Ensure'] = 'Absent'; + $testAbsentParams = $testPresentParams.Clone() + $testAbsentParams['Ensure'] = 'Absent' $protectedFakeAdOu = @{ - Name = $testPresentParams.Name; - ProtectedFromAccidentalDeletion = $true; - Description = $testPresentParams.Description; + Name = $testPresentParams.Name + ProtectedFromAccidentalDeletion = $true + Description = $testPresentParams.Description } #region Function Get-TargetResource @@ -99,8 +99,8 @@ try It 'Returns "ProtectedFromAccidentalDeletion" = "$false" when OU is not protected' { Mock -CommandName Assert-Module Mock -CommandName Get-ADOrganizationalUnit -MockWith { - $unprotectedFakeAdOu = $protectedFakeAdOu.Clone(); - $unprotectedFakeAdOu['ProtectedFromAccidentalDeletion'] = $false; + $unprotectedFakeAdOu = $protectedFakeAdOu.Clone() + $unprotectedFakeAdOu['ProtectedFromAccidentalDeletion'] = $false return [PSCustomObject] $unprotectedFakeAdOu } $targetResource = Get-TargetResource -Name $testPresentParams.Name -Path $testPresentParams.Path @@ -111,8 +111,8 @@ try It 'Returns an empty description' { Mock -CommandName Assert-Module Mock -CommandName Get-ADOrganizationalUnit -MockWith { - $noDescriptionFakeAdOu = $protectedFakeAdOu.Clone(); - $noDescriptionFakeAdOu['Description'] = ''; + $noDescriptionFakeAdOu = $protectedFakeAdOu.Clone() + $noDescriptionFakeAdOu['Description'] = '' return [PSCustomObject] $noDescriptionFakeAdOu } @@ -291,7 +291,7 @@ try Mock -CommandName Get-TargetResource -MockWith { return @{Ensure = 'Absent'}} Mock -CommandName Restore-ADCommonObject -MockWith { return [PSCustomObject] $protectedFakeAdOu } - Set-TargetResource @restoreParam; + Set-TargetResource @restoreParam Assert-MockCalled -CommandName Restore-AdCommonObject -Scope It Assert-MockCalled -CommandName New-ADOrganizationalUnit -Scope It -Exactly -Times 0 @@ -304,7 +304,7 @@ try Mock -CommandName New-ADOrganizationalUnit Mock -CommandName Restore-ADCommonObject - Set-TargetResource @restoreParam; + Set-TargetResource @restoreParam Assert-MockCalled -CommandName Restore-AdCommonObject -Scope It Assert-MockCalled -CommandName New-ADOrganizationalUnit -Scope It diff --git a/Tests/Unit/MSFT_xADUser.Tests.ps1 b/Tests/Unit/MSFT_xADUser.Tests.ps1 index 4368e6f0e..16ed801a4 100644 --- a/Tests/Unit/MSFT_xADUser.Tests.ps1 +++ b/Tests/Unit/MSFT_xADUser.Tests.ps1 @@ -65,7 +65,7 @@ try 'EmailAddress', 'EmployeeID', 'EmployeeNumber', 'HomeDirectory', 'HomeDrive', 'HomePage', 'ProfilePath', 'LogonScript', 'Notes', 'OfficePhone', 'MobilePhone', 'Fax', 'Pager', 'IPPhone', 'HomePhone', 'CommonName' ) - $testBooleanProperties = @('PasswordNeverExpires', 'CannotChangePassword', 'ChangePasswordAtLogon', 'TrustedForDelegation', 'Enabled'); + $testBooleanProperties = @('PasswordNeverExpires', 'CannotChangePassword', 'ChangePasswordAtLogon', 'TrustedForDelegation', 'Enabled') $testArrayProperties = @('ServicePrincipalNames') #region Function Get-TargetResource