Changes to xActiveDirectory
- Added new helper functions in xActiveDirectory.Common.
  - New-CimCredentialInstance
  - Add-TypeAssembly
  - New-ADDirectoryContext
johlju committed Jul 12, 2019
1 parent df33929 commit bb2cf2f
Showing 3 changed files with 322 additions and 7 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ ConvertFrom-StringData @'
ArrayValueThatDoesNotMatch = {0} - {1} (ADCOMMON0007)
PropertyValueOfTypeDoesNotMatch = {0} value does not match. Current value is '{1}', but expected the value '{2}'. (ADCOMMON0008)
UnableToCompareType = Unable to compare the type {0} as it is not handled by the Test-DscPropertyState cmdlet. (ADCOMMON0009)
RoleNotFoundError = Please ensure that the PowerShell module for role '{0}' is installed. (ADCOMMON0010)
ModuleNotFoundError = Please ensure that the PowerShell module for role '{0}' is installed. (ADCOMMON0010)
MembersAndIncludeExcludeError = The '{0}' and '{1}' and/or '{2}' parameters conflict. The '{0}' parameter should not be used in any combination with the '{1}' and '{2}' parameters. (ADCOMMON0011)
MembersIsNullError = The Members parameter value is null. The '{0}' parameter must be provided if neither '{1}' nor '{2}' is provided. (ADCOMMON0012)
IncludeAndExcludeConflictError = The member '{0}' is included in both '{1}' and '{2}' parameter values. The same member must not be included in both '{1}' and '{2}' parameter values. (ADCOMMON0014)
Expand Down Expand Up @@ -39,4 +39,11 @@ ConvertFrom-StringData @'
ValueOfTypeDoesNotMatch = {0} value for property {1} does not match. Current state is '{2}' and desired state is '{3}'. (ADCOMMON0039)
UnableToCompareProperty = Unable to compare property {0} as the type {1} is not handled by the Test-DscParameterState cmdlet. (ADCOMMON0040)
StartProcess = Started the process with id {0} using the path '{1}', and with a timeout value of {2} seconds. (ADCOMMON0041)
CouldNotLoadAssembly = The assembly '{0}' could not be loaded into the PowerShell session. (ADCOMMON0042)
TypeAlreadyExistInSession = The type '{0}' is already loaded into the PowerShell session. (ADCOMMON0043)
TypeDoesNotExistInSession = Missing the type '{0}' from the PowerShell session. (ADCOMMON0044)
AddingAssemblyToSession = Adding the assembly '{0}' into the PowerShell session. (ADCOMMON0045)
NewDirectoryContext = Get a new Active Directory context of the type '{0}'. (ADCOMMON0046)
NewDirectoryContextTarget = The Active Directory context will target '{0}'. (ADCOMMON0047)
NewDirectoryContextCredential = The Active Directory context will be accessed using the '{0}' credentials. (ADCOMMON0048)
189 changes: 183 additions & 6 deletions Modules/xActiveDirectory.Common/xActiveDirectory.Common.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -488,7 +488,7 @@ function Assert-Module

if (-not (Get-Module -Name $ModuleName -ListAvailable))
$errorMessage = $script:localizedData.RoleNotFoundError -f $moduleName
$errorMessage = $script:localizedData.ModuleNotFoundError -f $moduleName
New-ObjectNotFoundException -Message $errorMessage

Expand Down Expand Up @@ -1500,10 +1500,9 @@ function Convert-PropertyMapToObjectProperties
values. Normally set to $PSBoundParameters.
.PARAMETER Properties
An array of property names to filter out from the keys provided in
DesiredValues. If left out, only those keys in the DesiredValues will
be compared. This parameter can be used to remove certain keys from
the comparison.
An array of property names, from the keys provided in DesiredValues, that
will be compared. If this parameter is left out, all the keys in the
DesiredValues will be compared.
function Compare-ResourcePropertyState
Expand Down Expand Up @@ -1730,7 +1729,8 @@ function Assert-ADPSDrive

if ($null -eq $activeDirectoryPSDrive)
Write-Verbose -Message $script:localizedData.CreatingNewADPSDrive
Write-Verbose -Message $script:localizedData.CreatingNewADPSDrive -Verbose

New-PSDrive -Name AD -PSProvider 'ActiveDirectory' -Root $Root -Scope Script -ErrorAction 'Stop' |
Expand Down Expand Up @@ -1768,6 +1768,180 @@ function Set-DscADComputer
Set-ADComputer @Parameters | Out-Null

This returns a new MSFT_Credential CIM instance credential object to be
used when returning credential objects from Get-TargetResource.
This returns a credential object without the password.
.PARAMETER Credential
The PSCredential object to return as a MSFT_Credential CIM instance
credential object.
When returning a PSCredential object from Get-TargetResource, the
credential object does not contain the username. The object is empty.
Password UserName PSComputerName
-------- -------- --------------
When the MSFT_Credential CIM instance credential object is returned by
the Get-TargetResource then the credential object contains the values
provided in the object.
Password UserName PSComputerName
-------- -------- --------------
COMPANY\TestAccount localhost
function New-CimCredentialInstance
[Parameter(Mandatory = $true)]

$newCimInstanceParameters = @{
ClassName = 'MSFT_Credential'
ClientOnly = $true
Namespace = 'root/microsoft/windows/desiredstateconfiguration'
Property = @{
UserName = [System.String] $Credential.UserName
Password = [System.String] $null

return New-CimInstance @newCimInstanceParameters

This loads the assembly type, optionally after a check
if the type is missing in the PowerShell session.
.PARAMETER AssemblyName
The assembly to load into the PowerShell session.
An optional parameter to check if the type exist, if it exist then the
assembly is not loaded again.
function Add-TypeAssembly
[Parameter(Mandatory = $true)]


if ($PSBoundParameters.ContainsKey('TypeName'))
if ($TypeName -as [Type])
Write-Verbose -Message ($script:localizedData.TypeAlreadyExistInSession -f $TypeName) -Verbose

# The type already exist so no need to load the type again.
Write-Verbose -Message ($script:localizedData.TypeDoesNotExistInSession -f $TypeName) -Verbose

Write-Verbose -Message ($script:localizedData.AddingAssemblyToSession -f $AssemblyName) -Verbose

Add-Type -AssemblyName $AssemblyName
$missingRoleMessage = $script:localizedData.CouldNotLoadAssembly -f $AssemblyName
New-ObjectNotFoundException -Message $missingRoleMessage -ErrorRecord $_

This returns a new object of the type System.DirectoryServices.ActiveDirectory.DirectoryContext.
.PARAMETER DirectoryContextType
The context type of the object to return. Valid values are 'Domain', 'Forest',
'ApplicationPartition', 'ConfigurationSet' or 'DirectoryServer'.
An optional parameter for the target of the directory context.
For the correct format for this parameter depending on context type, see
the article
function Get-ADDirectoryContext
[Parameter(Mandatory = $true)]
[ValidateSet('Domain', 'Forest', 'ApplicationPartition', 'ConfigurationSet', 'DirectoryServer')]



$typeName = 'System.DirectoryServices.ActiveDirectory.DirectoryContext'

Add-TypeAssembly -AssemblyName 'System.DirectoryServices' -TypeName $typeName

Write-Verbose -Message ($script:localizedData.NewDirectoryContext -f $DirectoryContextType) -Verbose

$newObjectArgumentList = @(

if ($PSBoundParameters.ContainsKey('Name'))
Write-Verbose -Message ($script:localizedData.NewDirectoryContextTarget -f $Name) -Verbose

$newObjectArgumentList += @(

if ($PSBoundParameters.ContainsKey('Credential'))
Write-Verbose -Message ($script:localizedData.NewDirectoryContextCredential -f $Credential.UserName) -Verbose

$newObjectArgumentList += @(

$newObjectParameters = @{
TypeName = $typeName
ArgumentList = $newObjectArgumentList

return New-Object @newObjectParameters

$script:localizedData = Get-LocalizedData -ResourceName 'xActiveDirectory.Common' -ScriptRoot $PSScriptRoot

Export-ModuleMember -Function @(
Expand Down Expand Up @@ -1802,4 +1976,7 @@ Export-ModuleMember -Function @(
131 changes: 131 additions & 0 deletions Tests/Unit/xActiveDirectory.Common.Tests.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -2133,4 +2133,135 @@ InModuleScope 'xActiveDirectory.Common' {

Describe 'xActiveDirectory.CommonNew-CimCredentialInstance' {
Context 'When creating a new MSFT_Credential CIM instance credential object' {
BeforeAll {
$mockAdministratorUser = '[email protected]'
$mockAdministratorPassword = 'P@ssw0rd-12P@ssw0rd-12'
$mockAdministratorCredential = New-Object -TypeName 'System.Management.Automation.PSCredential' -ArgumentList @(
($mockAdministratorPassword | ConvertTo-SecureString -AsPlainText -Force)

It 'Should return the correct values' {
$newCimCredentialInstanceResult = New-CimCredentialInstance -Credential $mockAdministratorCredential
$newCimCredentialInstanceResult | Should -BeOfType 'Microsoft.Management.Infrastructure.CimInstance'
$newCimCredentialInstanceResult.CimClass.CimClassName | Should -Be 'MSFT_Credential'
$newCimCredentialInstanceResult.UserName | Should -Be $mockAdministratorUser
$newCimCredentialInstanceResult.Password | Should -BeNullOrEmpty

Describe 'xActiveDirectory.Common\Add-TypeAssembly' {
Context 'When assembly fails to load' {
BeforeAll {
Mock -CommandName Add-Type -MockWith {

$mockAssembly = 'MyAssembly'

It 'Should throw the correct error' {
{ Add-TypeAssembly -AssemblyName $mockAssembly } | Should -Throw ($script:localizedData.CouldNotLoadAssembly -f $mockAssembly)

Context 'When loading an assembly into the session' {
BeforeAll {
Mock -CommandName Add-Type

$mockAssembly = 'MyAssembly'

It 'Should not throw and call the correct mocks' {
{ Add-TypeAssembly -AssemblyName $mockAssembly } | Should -Not -Throw

Assert-MockCalled -CommandName Add-Type -ParameterFilter {
$AssemblyName -eq $mockAssembly
} -Exactly -Times 1 -Scope It

Context 'When the type is already loaded into the session' {
It 'Should not throw and not call any mocks' {
{ Add-TypeAssembly -AssemblyName $mockAssembly -TypeName 'System.String' } | Should -Not -Throw

Assert-MockCalled -CommandName Add-Type -Exactly -Times 0 -Scope It

Context 'When the type is missing from the session' {
It 'Should not throw and call the correct mocks' {
{ Add-TypeAssembly -AssemblyName $mockAssembly -TypeName 'My.Type' } | Should -Not -Throw

Assert-MockCalled -CommandName Add-Type -ParameterFilter {
$AssemblyName -eq $mockAssembly
} -Exactly -Times 1 -Scope It

Describe 'xActiveDirectory.Common\New-ADDirectoryContext' {
Context 'When creating a new Active Directory context' {
BeforeAll {
# This credential object must be created before we mock New-Object.
$mockAdministratorUser = '[email protected]'
$mockAdministratorPassword = 'P@ssw0rd-12P@ssw0rd-12'
$mockAdministratorCredential = New-Object -TypeName 'System.Management.Automation.PSCredential' -ArgumentList @(
($mockAdministratorPassword | ConvertTo-SecureString -AsPlainText -Force)

Mock -CommandName Add-TypeAssembly -Verifiable
Mock -CommandName New-Object

Context 'When the calling with only parameter DirectoryContextType' {
It 'Should not throw and call the correct mocks' {
{ Get-ADDirectoryContext -DirectoryContextType 'Domain' } | Should -Not -Throw

Assert-MockCalled -CommandName New-Object -ParameterFilter {
$ArgumentList.Count -eq 1 `
-and $ArgumentList[0] -eq 'Domain'
} -Exactly -Times 1 -Scope It

Context 'When the calling with parameters DirectoryContextType and Name' {
It 'Should not throw and call the correct mocks' {
Get-ADDirectoryContext -DirectoryContextType 'Domain' -Name 'my.domain'
} | Should -Not -Throw

Assert-MockCalled -CommandName New-Object -ParameterFilter {
$ArgumentList.Count -eq 2 `
-and $ArgumentList[0] -eq 'Domain' `
-and $ArgumentList[1] -eq 'my.domain'
} -Exactly -Times 1 -Scope It

Context 'When the calling with parameters DirectoryContextType, Name and Credential' {
It 'Should not throw and call the correct mocks' {
Get-ADDirectoryContext -DirectoryContextType 'Domain' -Name 'my.domain' -Credential $mockAdministratorCredential
} | Should -Not -Throw

Assert-MockCalled -CommandName New-Object -ParameterFilter {
$ArgumentList.Count -eq 4 `
-and $ArgumentList[0] -eq 'Domain' `
-and $ArgumentList[1] -eq 'my.domain' `
-and $ArgumentList[2] -eq $mockAdministratorUser `
-and $ArgumentList[3] -eq $mockAdministratorPassword
} -Exactly -Times 1 -Scope It


