diff --git a/CHANGELOG.md b/CHANGELOG.md index 194930473..dd0d0a83b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -74,6 +74,9 @@ distinguished name and parameter Credential is used ([issue #451](https://github.com/PowerShell/ActiveDirectoryDsc/issues/451)). - Added integration tests ([issue #359](https://github.com/PowerShell/ActiveDirectoryDsc/issues/359)). - Changes to ADDomain + - BREAKING CHANGE: Renamed the parameter `DomainAdministratorCredential` + to `Credential` to better indicate that it is possible to impersonate + any credential with enough permission to perform the task ([issue #269](https://github.com/PowerShell/ActiveDirectoryDsc/issues/269)). - Updated tests and replaced `Write-Error` with `throw` ([issue #332](https://github.com/PowerShell/ActiveDirectoryDsc/pull/332)). - Added comment-based help ([issue #335](https://github.com/PowerShell/ActiveDirectoryDsc/issues/335)). diff --git a/DSCResources/MSFT_ADDomain/MSFT_ADDomain.psm1 b/DSCResources/MSFT_ADDomain/MSFT_ADDomain.psm1 index c0bf49cce..c2894616c 100644 --- a/DSCResources/MSFT_ADDomain/MSFT_ADDomain.psm1 +++ b/DSCResources/MSFT_ADDomain/MSFT_ADDomain.psm1 @@ -53,8 +53,9 @@ function Get-TrackingFilename .PARAMETER DomainName The fully qualified domain name (FQDN) of the new domain. - .PARAMETER DomainAdministratorCredential - Credentials used to query for domain existence. + .PARAMETER Credential + Specifies the user name and password that corresponds to the account + used to install the domain controller. .PARAMETER SafemodeAdministratorPassword Password for the administrator account when the computer is started in Safe Mode. @@ -95,7 +96,7 @@ function Get-TargetResource [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential, + $Credential, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] @@ -164,8 +165,8 @@ function Get-TargetResource else { Write-Verbose ($script:localizedData.QueryDomainWithCredential -f $domainFQDN) - $domain = Get-ADDomain -Identity $domainFQDN -Credential $DomainAdministratorCredential -ErrorAction Stop - $forest = Get-ADForest -Identity $domain.Forest -Credential $DomainAdministratorCredential -ErrorAction Stop + $domain = Get-ADDomain -Identity $domainFQDN -Credential $Credential -ErrorAction Stop + $forest = Get-ADForest -Identity $domain.Forest -Credential $Credential -ErrorAction Stop } <# @@ -237,8 +238,9 @@ function Get-TargetResource .PARAMETER DomainName The fully qualified domain name (FQDN) of the new domain. - .PARAMETER DomainAdministratorCredential - Credentials used to query for domain existence. + .PARAMETER Credential + Specifies the user name and password that corresponds to the account + used to install the domain controller. .PARAMETER SafemodeAdministratorPassword Password for the administrator account when the computer is started in Safe Mode. @@ -279,7 +281,7 @@ function Test-TargetResource [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential, + $Credential, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] @@ -376,8 +378,9 @@ function Test-TargetResource .PARAMETER DomainName The fully qualified domain name (FQDN) of the new domain. - .PARAMETER DomainAdministratorCredential - Credentials used to query for domain existence. + .PARAMETER Credential + Specifies the user name and password that corresponds to the account + used to install the domain controller. .PARAMETER SafemodeAdministratorPassword Password for the administrator account when the computer is started in Safe Mode. @@ -429,7 +432,7 @@ function Set-TargetResource [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential, + $Credential, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] @@ -517,7 +520,7 @@ function Set-TargetResource if ($PSBoundParameters.ContainsKey('ParentDomainName')) { Write-Verbose -Message ($script:localizedData.CreatingChildDomain -f $DomainName, $ParentDomainName) - $installADDSParams['Credential'] = $DomainAdministratorCredential + $installADDSParams['Credential'] = $Credential $installADDSParams['NewDomainName'] = $DomainName $installADDSParams['ParentDomainName'] = $ParentDomainName $installADDSParams['DomainType'] = 'ChildDomain' diff --git a/DSCResources/MSFT_ADDomain/MSFT_ADDomain.schema.mof b/DSCResources/MSFT_ADDomain/MSFT_ADDomain.schema.mof index 56c1de216..99488a5fe 100644 --- a/DSCResources/MSFT_ADDomain/MSFT_ADDomain.schema.mof +++ b/DSCResources/MSFT_ADDomain/MSFT_ADDomain.schema.mof @@ -2,7 +2,7 @@ class MSFT_ADDomain : OMI_BaseResource { [Key, Description("The fully qualified domain name (FQDN) of the new domain.")] String DomainName; - [Required, Description("Credentials used to query for domain existence."), EmbeddedInstance("MSFT_Credential")] String DomainAdministratorCredential; + [Required, Description("Specifies the user name and password that corresponds to the account used to install the domain controller."), EmbeddedInstance("MSFT_Credential")] String Credential; [Required, Description("Password for the administrator account when the computer is started in Safe Mode."), EmbeddedInstance("MSFT_Credential")] String SafemodeAdministratorPassword; [Write, Description("Fully qualified domain name (FQDN) of the parent domain.")] String ParentDomainName; [Write, Description("NetBIOS name for the new domain.")] String DomainNetbiosName; diff --git a/DSCResources/MSFT_ADDomain/en-US/about_ADDomain.help.txt b/DSCResources/MSFT_ADDomain/en-US/about_ADDomain.help.txt index 75f1bfd3a..bed7c8467 100644 --- a/DSCResources/MSFT_ADDomain/en-US/about_ADDomain.help.txt +++ b/DSCResources/MSFT_ADDomain/en-US/about_ADDomain.help.txt @@ -12,9 +12,9 @@ Key - String The fully qualified domain name (FQDN) of the new domain. -.PARAMETER DomainAdministratorCredential +.PARAMETER Credential Required - String - Credentials used to query for domain existence. + Specifies the user name and password that corresponds to the account used to install the domain controller. .PARAMETER SafemodeAdministratorPassword Required - String @@ -66,7 +66,12 @@ Configuration ADDomain_NewForest_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -89,8 +94,8 @@ Configuration ADDomain_NewForest_Config ADDomain $Node.DomainName { DomainName = $Node.DomainName - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafemodeAdministratorPassword = $SafeModePassword ForestMode = $Node.FFL } } @@ -118,7 +123,12 @@ Configuration ADDomain_NewChildDomain_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -141,8 +151,8 @@ Configuration ADDomain_NewChildDomain_Config ADDomain $Node.DomainName { DomainName = $Node.DomainName - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafemodeAdministratorPassword = $SafeModePassword DomainMode = $Node.DFL ParentDomainName = $node.ParentDomain } @@ -170,20 +180,22 @@ Configuration ADDomain_NewForestWithParentAndChildDomain_Config param ( [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $SafemodeAdministratorCred, + $Credential, [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainCred, + $SafeModePassword, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $DnsDelegationCred, + $DnsDelegationCredential, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $NewADUserCred + $NewADUserPassword ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -199,28 +211,31 @@ Configuration ADDomain_NewForestWithParentAndChildDomain_Config ADDomain 'FirstDS' { DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $SafemodeAdministratorCred - DnsDelegationCredential = $DnsDelegationCred + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword + DnsDelegationCredential = $DnsDelegationCredential + DependsOn = '[WindowsFeature]ADDSInstall' } WaitForADDomain 'DscForestWait' { DomainName = $Node.DomainName - DomainUserCredential = $domainCred + DomainUserCredential = $Credential RetryCount = $Node.RetryCount RetryIntervalSec = $Node.RetryIntervalSec + DependsOn = '[ADDomain]FirstDS' } ADUser 'FirstUser' { DomainName = $Node.DomainName - DomainAdministratorCredential = $domaincred + DomainAdministratorCredential = $Credential UserName = 'dummy' - Password = $NewADUserCred + Password = $NewADUserPassword Ensure = 'Present' + DependsOn = '[WaitForADDomain]DscForestWait' } @@ -237,9 +252,10 @@ Configuration ADDomain_NewForestWithParentAndChildDomain_Config WaitForADDomain 'DscForestWait' { DomainName = $Node.ParentDomainName - DomainUserCredential = $domainCred + DomainUserCredential = $Credential RetryCount = $Node.RetryCount RetryIntervalSec = $Node.RetryIntervalSec + DependsOn = '[WindowsFeature]ADDSInstall' } @@ -247,8 +263,9 @@ Configuration ADDomain_NewForestWithParentAndChildDomain_Config { DomainName = $Node.DomainName ParentDomainName = $Node.ParentDomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $SafemodeAdministratorCred + DomainAdministratorCredential = $Credential + SafeModeAdministratorPassword = $SafeModePassword + DependsOn = '[WaitForADDomain]DscForestWait' } } @@ -291,20 +308,22 @@ Configuration ADDomain_NewDomainWithTwoDCs_Config param ( [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $SafemodeAdministratorCred, + $Credential, [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $domainCred, + $SafeModePassword, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $DNSDelegationCred, + $DnsDelegationCredential, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $NewADUserCred + $NewADUserPassword ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -320,16 +339,16 @@ Configuration ADDomain_NewDomainWithTwoDCs_Config ADDomain 'FirstDS' { DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $SafemodeAdministratorCred - DnsDelegationCredential = $DNSDelegationCred + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword + DnsDelegationCredential = $DnsDelegationCredential DependsOn = '[WindowsFeature]ADDSInstall' } WaitForADDomain 'DscForestWait' { DomainName = $Node.DomainName - DomainUserCredential = $domainCred + DomainUserCredential = $Credential RetryCount = $Node.RetryCount RetryIntervalSec = $Node.RetryIntervalSec DependsOn = '[ADDomain]FirstDS' @@ -338,9 +357,9 @@ Configuration ADDomain_NewDomainWithTwoDCs_Config ADUser 'FirstUser' { DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred + DomainAdministratorCredential = $Credential UserName = 'dummy' - Password = $NewADUserCred + Password = $NewADUserPassword Ensure = 'Present' DependsOn = '[WaitForADDomain]DscForestWait' } @@ -357,7 +376,7 @@ Configuration ADDomain_NewDomainWithTwoDCs_Config WaitForADDomain 'DscForestWait' { DomainName = $Node.DomainName - DomainUserCredential = $domainCred + DomainUserCredential = $Credential RetryCount = $Node.RetryCount RetryIntervalSec = $Node.RetryIntervalSec DependsOn = '[WindowsFeature]ADDSInstall' @@ -366,8 +385,8 @@ Configuration ADDomain_NewDomainWithTwoDCs_Config ADDomainController 'SecondDC' { DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $SafemodeAdministratorCred + DomainAdministratorCredential = $Credential + SafeModeAdministratorPassword = $SafeModePassword DependsOn = '[WaitForADDomain]DscForestWait' } } diff --git a/Examples/Resources/ADDomain/1-ADDomain_NewForest_Config.ps1 b/Examples/Resources/ADDomain/1-ADDomain_NewForest_Config.ps1 index 500480ca9..c07eb0e4d 100644 --- a/Examples/Resources/ADDomain/1-ADDomain_NewForest_Config.ps1 +++ b/Examples/Resources/ADDomain/1-ADDomain_NewForest_Config.ps1 @@ -29,7 +29,12 @@ Configuration ADDomain_NewForest_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -52,8 +57,8 @@ Configuration ADDomain_NewForest_Config ADDomain $Node.DomainName { DomainName = $Node.DomainName - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafemodeAdministratorPassword = $SafeModePassword ForestMode = $Node.FFL } } diff --git a/Examples/Resources/ADDomain/2-ADDomain_NewChildDomain_Config.ps1 b/Examples/Resources/ADDomain/2-ADDomain_NewChildDomain_Config.ps1 index 425d7ec85..0953c323e 100644 --- a/Examples/Resources/ADDomain/2-ADDomain_NewChildDomain_Config.ps1 +++ b/Examples/Resources/ADDomain/2-ADDomain_NewChildDomain_Config.ps1 @@ -29,7 +29,12 @@ Configuration ADDomain_NewChildDomain_Config [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainAdministratorCredential + $Credential, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential] + $SafeModePassword ) Import-DscResource -ModuleName PSDscResources @@ -52,8 +57,8 @@ Configuration ADDomain_NewChildDomain_Config ADDomain $Node.DomainName { DomainName = $Node.DomainName - DomainAdministratorCredential = $DomainAdministratorCredential - SafemodeAdministratorPassword = $DomainAdministratorCredential + Credential = $Credential + SafemodeAdministratorPassword = $SafeModePassword DomainMode = $Node.DFL ParentDomainName = $node.ParentDomain } diff --git a/Examples/Resources/ADDomain/3-ADDomain_NewForestwithParentAndChildDomain_Config.ps1 b/Examples/Resources/ADDomain/3-ADDomain_NewForestwithParentAndChildDomain_Config.ps1 index f702a56c9..f61002a64 100644 --- a/Examples/Resources/ADDomain/3-ADDomain_NewForestwithParentAndChildDomain_Config.ps1 +++ b/Examples/Resources/ADDomain/3-ADDomain_NewForestwithParentAndChildDomain_Config.ps1 @@ -52,20 +52,22 @@ Configuration ADDomain_NewForestWithParentAndChildDomain_Config param ( [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $SafemodeAdministratorCred, + $Credential, [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $DomainCred, + $SafeModePassword, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $DnsDelegationCred, + $DnsDelegationCredential, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $NewADUserCred + $NewADUserPassword ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -81,28 +83,31 @@ Configuration ADDomain_NewForestWithParentAndChildDomain_Config ADDomain 'FirstDS' { DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $SafemodeAdministratorCred - DnsDelegationCredential = $DnsDelegationCred + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword + DnsDelegationCredential = $DnsDelegationCredential + DependsOn = '[WindowsFeature]ADDSInstall' } WaitForADDomain 'DscForestWait' { DomainName = $Node.DomainName - DomainUserCredential = $domainCred + DomainUserCredential = $Credential RetryCount = $Node.RetryCount RetryIntervalSec = $Node.RetryIntervalSec + DependsOn = '[ADDomain]FirstDS' } ADUser 'FirstUser' { DomainName = $Node.DomainName - Credential = $domaincred + Credential = $Credential UserName = 'dummy' - Password = $NewADUserCred + Password = $NewADUserPassword Ensure = 'Present' + DependsOn = '[WaitForADDomain]DscForestWait' } @@ -119,9 +124,10 @@ Configuration ADDomain_NewForestWithParentAndChildDomain_Config WaitForADDomain 'DscForestWait' { DomainName = $Node.ParentDomainName - DomainUserCredential = $domainCred + DomainUserCredential = $Credential RetryCount = $Node.RetryCount RetryIntervalSec = $Node.RetryIntervalSec + DependsOn = '[WindowsFeature]ADDSInstall' } @@ -129,8 +135,9 @@ Configuration ADDomain_NewForestWithParentAndChildDomain_Config { DomainName = $Node.DomainName ParentDomainName = $Node.ParentDomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $SafemodeAdministratorCred + DomainAdministratorCredential = $Credential + SafeModeAdministratorPassword = $SafeModePassword + DependsOn = '[WaitForADDomain]DscForestWait' } } diff --git a/Examples/Resources/ADDomain/4-ADDomain_NewDomainWithTwoDCs_Config.ps1 b/Examples/Resources/ADDomain/4-ADDomain_NewDomainWithTwoDCs_Config.ps1 index bd519bb2d..45c52f31f 100644 --- a/Examples/Resources/ADDomain/4-ADDomain_NewDomainWithTwoDCs_Config.ps1 +++ b/Examples/Resources/ADDomain/4-ADDomain_NewDomainWithTwoDCs_Config.ps1 @@ -53,20 +53,22 @@ Configuration ADDomain_NewDomainWithTwoDCs_Config param ( [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $SafemodeAdministratorCred, + $Credential, [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] [System.Management.Automation.PSCredential] - $domainCred, + $SafeModePassword, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $DNSDelegationCred, + $DnsDelegationCredential, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] - $NewADUserCred + $NewADUserPassword ) Import-DscResource -ModuleName ActiveDirectoryDsc @@ -82,28 +84,31 @@ Configuration ADDomain_NewDomainWithTwoDCs_Config ADDomain 'FirstDS' { DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $SafemodeAdministratorCred - DnsDelegationCredential = $DNSDelegationCred + Credential = $Credential + SafeModeAdministratorPassword = $SafeModePassword + DnsDelegationCredential = $DnsDelegationCredential + DependsOn = '[WindowsFeature]ADDSInstall' } WaitForADDomain 'DscForestWait' { DomainName = $Node.DomainName - DomainUserCredential = $domainCred + DomainUserCredential = $Credential RetryCount = $Node.RetryCount RetryIntervalSec = $Node.RetryIntervalSec + DependsOn = '[ADDomain]FirstDS' } ADUser 'FirstUser' { DomainName = $Node.DomainName - Credential = $domainCred + Credential = $Credential UserName = 'dummy' - Password = $NewADUserCred + Password = $NewADUserPassword Ensure = 'Present' + DependsOn = '[WaitForADDomain]DscForestWait' } } @@ -119,17 +124,19 @@ Configuration ADDomain_NewDomainWithTwoDCs_Config WaitForADDomain 'DscForestWait' { DomainName = $Node.DomainName - DomainUserCredential = $domainCred + DomainUserCredential = $Credential RetryCount = $Node.RetryCount RetryIntervalSec = $Node.RetryIntervalSec + DependsOn = '[WindowsFeature]ADDSInstall' } ADDomainController 'SecondDC' { DomainName = $Node.DomainName - DomainAdministratorCredential = $domainCred - SafemodeAdministratorPassword = $SafemodeAdministratorCred + DomainAdministratorCredential = $Credential + SafeModeAdministratorPassword = $SafeModePassword + DependsOn = '[WaitForADDomain]DscForestWait' } } diff --git a/Tests/Unit/MSFT_ADDomain.Tests.ps1 b/Tests/Unit/MSFT_ADDomain.Tests.ps1 index af49d4bc6..deeb7483e 100644 --- a/Tests/Unit/MSFT_ADDomain.Tests.ps1 +++ b/Tests/Unit/MSFT_ADDomain.Tests.ps1 @@ -66,8 +66,8 @@ try ) $testDefaultParams = @{ - DomainAdministratorCredential = $testAdminCredential - SafemodeAdministratorPassword = $testAdminCredential + Credential = $testAdminCredential + SafeModeAdministratorPassword = $testAdminCredential } #region Function Get-TargetResource @@ -220,8 +220,8 @@ try ) $testDefaultParams = @{ - DomainAdministratorCredential = $testAdminCredential - SafemodeAdministratorPassword = $testAdminCredential + Credential = $testAdminCredential + SafeModeAdministratorPassword = $testAdminCredential } $stubDomain = @{ @@ -352,15 +352,15 @@ try $newForestParams = @{ DomainName = $testDomainName - DomainAdministratorCredential = $testAdminCredential - SafemodeAdministratorPassword = $testSafemodeCredential + Credential = $testAdminCredential + SafeModeAdministratorPassword = $testSafemodeCredential } $newDomainParams = @{ DomainName = $testDomainName ParentDomainName = $testParentDomainName - DomainAdministratorCredential = $testAdminCredential - SafemodeAdministratorPassword = $testSafemodeCredential + Credential = $testAdminCredential + SafeModeAdministratorPassword = $testSafemodeCredential } $stubTargetResource = @{ @@ -381,12 +381,12 @@ try Assert-MockCalled -CommandName Install-ADDSForest -ParameterFilter { $DomainName -eq $testDomainName } -Scope It } - It 'Calls "Install-ADDSForest" with "SafemodeAdministratorPassword" when creating forest' { - Mock -CommandName Install-ADDSForest -ParameterFilter { $SafemodeAdministratorPassword -eq $testSafemodePassword } + It 'Calls "Install-ADDSForest" with "SafeModeAdministratorPassword" when creating forest' { + Mock -CommandName Install-ADDSForest -ParameterFilter { $SafeModeAdministratorPassword -eq $testSafemodePassword } Set-TargetResource @newForestParams - Assert-MockCalled -CommandName Install-ADDSForest -ParameterFilter { $SafemodeAdministratorPassword -eq $testSafemodePassword } -Scope It + Assert-MockCalled -CommandName Install-ADDSForest -ParameterFilter { $SafeModeAdministratorPassword -eq $testSafemodePassword } -Scope It } It 'Calls "Install-ADDSForest" with "DnsDelegationCredential" when creating forest, if specified' { @@ -482,12 +482,12 @@ try Assert-MockCalled -CommandName Install-ADDSDomain -ParameterFilter { $DomainType -eq 'ChildDomain' } -Scope It } - It 'Calls "Install-ADDSDomain" with "SafemodeAdministratorPassword" when creating child domain' { - Mock -CommandName Install-ADDSDomain -ParameterFilter { $SafemodeAdministratorPassword -eq $testSafemodePassword } + It 'Calls "Install-ADDSDomain" with "SafeModeAdministratorPassword" when creating child domain' { + Mock -CommandName Install-ADDSDomain -ParameterFilter { $SafeModeAdministratorPassword -eq $testSafemodePassword } Set-TargetResource @newDomainParams - Assert-MockCalled -CommandName Install-ADDSDomain -ParameterFilter { $SafemodeAdministratorPassword -eq $testSafemodePassword } -Scope It + Assert-MockCalled -CommandName Install-ADDSDomain -ParameterFilter { $SafeModeAdministratorPassword -eq $testSafemodePassword } -Scope It } It 'Calls "Install-ADDSDomain" with "Credential" when creating child domain' {