From e0e4c9af4c1364b06149c2ab044fdebf5b1f9ebd Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 19 Jan 2024 13:01:47 +0000 Subject: [PATCH 01/22] Updated {Update} AAD Integration Tests --- .../M365DSCIntegration.AAD.Update.Tests.ps1 | 7 ------- 1 file changed, 7 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 index 3ef1f1d119..ead0477bf2 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 @@ -270,13 +270,6 @@ MinimumLifetimeInMinutes = 60; State = "enabled"; } - AADAuthenticationMethodPolicyVoice 'AADAuthenticationMethodPolicyVoice-Voice' - { - Credential = $Credscredential; - Ensure = "Present"; - Id = "Voice"; - State = "disabled"; - } AADAuthenticationMethodPolicyX509 'AADAuthenticationMethodPolicyX509-X509Certificate' { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ From 3398545749a63ad5e4a9139085b88c230548360d Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 19 Jan 2024 13:04:39 +0000 Subject: [PATCH 02/22] Updated {Update} AAD Integration Tests --- .../M365DSCIntegration.AAD.Remove.Tests.ps1 | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 index 38b958d5db..0c3294cc4d 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 @@ -108,20 +108,6 @@ Ensure = 'Absent' Credential = $Credscredential } - AADCrossTenantAccessPolicy 'AADCrossTenantAccessPolicy' - { - AllowedCloudEndpoints = @("microsoftonline.us"); - Credential = $Credscredential; - DisplayName = "MyXTAPPolicy"; - Ensure = "Absent"; - IsSingleInstance = "Yes"; - } - AADCrossTenantAccessPolicyConfigurationDefault 'AADCrossTenantAccessPolicyConfigurationDefault' - { - Credential = $Credscredential; - Ensure = "Absent"; - IsSingleInstance = "Yes"; - } AADCrossTenantAccessPolicyConfigurationPartner 'AADCrossTenantAccessPolicyConfigurationPartner' { Credential = $Credscredential; @@ -130,7 +116,7 @@ } AADEntitlementManagementAccessPackage 'myAccessPackage' { - DisplayName = 'General' + DisplayName = 'Integration Package' Ensure = 'Absent' Credential = $Credscredential } From 195142a591022191ea0b97a808e337dfb1b6cb43 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 19 Jan 2024 08:12:57 -0500 Subject: [PATCH 03/22] Fixes for SPOSharingSettings --- CHANGELOG.md | 3 +++ .../MSFT_SPOSharingSettings.psm1 | 4 +++ .../3-Remove.ps1 | 26 ------------------- 3 files changed, 7 insertions(+), 26 deletions(-) delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/3-Remove.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 78bafaa588..bad7eb5a77 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,9 @@ * Removed the ability to specify a value of Absent for the Ensure property. * AADCrossTenantAccessPolicyCOnfigurationDefault * Removed the ability to specify a value of Absent for the Ensure property. +* SPOSharingSettings + * Fixed an Issue where the MySiteSharingCapability could be returned as an + empty string instead of a null value from the Get method. # 1.24.117.1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 index a60538c49d..33916b54fb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 @@ -194,6 +194,10 @@ function Get-TargetResource $DefaultLinkPermission = $SPOSharingSettings.DefaultLinkPermission } + if ([System.String]::IsNullOrEmpty($MySiteSharingCapability)) + { + $MySiteSharingCapability = $null + } return @{ IsSingleInstance = 'Yes' SharingCapability = $SPOSharingSettings.SharingCapability diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/3-Remove.ps1 deleted file mode 100644 index 6ca6f1913c..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/3-Remove.ps1 +++ /dev/null @@ -1,26 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsCredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - Node localhost - { - AADAuthenticationMethodPolicyEmail "AADAuthenticationMethodPolicyEmail-Email" - { - Ensure = "Absent"; - Id = "Email"; - State = "disabled"; # Updated Property - Credential = $credsCredential; - } - } -} From bda68c7e92aa25518eefc4e6bb3efdd04f82f7ce Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 19 Jan 2024 08:21:29 -0500 Subject: [PATCH 04/22] Update MSFT_SPOSharingSettings.psm1 --- .../MSFT_SPOSharingSettings.psm1 | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 index 33916b54fb..b8dd694459 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 @@ -193,15 +193,9 @@ function Get-TargetResource { $DefaultLinkPermission = $SPOSharingSettings.DefaultLinkPermission } - - if ([System.String]::IsNullOrEmpty($MySiteSharingCapability)) - { - $MySiteSharingCapability = $null - } - return @{ + $results = @{ IsSingleInstance = 'Yes' SharingCapability = $SPOSharingSettings.SharingCapability - MySiteSharingCapability = $MySiteSharingCapability ShowEveryoneClaim = $SPOSharingSettings.ShowEveryoneClaim ShowAllUsersClaim = $SPOSharingSettings.ShowAllUsersClaim ShowEveryoneExceptExternalUsersClaim = $SPOSharingSettings.ShowEveryoneExceptExternalUsersClaim @@ -233,6 +227,12 @@ function Get-TargetResource Managedidentity = $ManagedIdentity.IsPresent Ensure = 'Present' } + + if (-not [System.String]::IsNullOrEmpty($MySiteSharingCapability)) + { + $results.Add('MySiteSharingCapability', $MySiteSharingCapability) + } + return $results } catch { From 3c28fdaccdb0d52f8fe2aee563d916098fb52d85 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 19 Jan 2024 13:49:40 +0000 Subject: [PATCH 05/22] Updated Resources and Cmdlet documentation pages --- .../AADAuthenticationMethodPolicyEmail.md | 29 ------------------- 1 file changed, 29 deletions(-) diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyEmail.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyEmail.md index 45d7db151b..369f220f49 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyEmail.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyEmail.md @@ -114,32 +114,3 @@ Configuration Example } ``` -### Example 2 - -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. - -```powershell -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsCredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - Node localhost - { - AADAuthenticationMethodPolicyEmail "AADAuthenticationMethodPolicyEmail-Email" - { - Ensure = "Absent"; - Id = "Email"; - State = "disabled"; # Updated Property - Credential = $credsCredential; - } - } -} -``` - From bf2478d1695401b59eaa5f7fa32711500addab6f Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 19 Jan 2024 09:22:35 -0500 Subject: [PATCH 06/22] Fix Integration tests of AADGroup --- .../Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 | 2 +- .../Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 index 17397660a0..41f8825460 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 @@ -24,7 +24,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" - Owners = @("AdeleV@$Domain") + Owners = @("admin@$Domain", "AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 index 0a2a11f894..7862017a86 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 @@ -23,7 +23,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" - Owners = @("AdeleV@$Domain") + Owners = @("admin@$Domain", "AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } From 5b016a74f395efd67bc948f58e85fd15a90912f7 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 19 Jan 2024 14:24:10 +0000 Subject: [PATCH 07/22] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/azure-ad/AADGroup.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/resources/azure-ad/AADGroup.md b/docs/docs/resources/azure-ad/AADGroup.md index 2c56cbc78a..dccb5a9313 100644 --- a/docs/docs/resources/azure-ad/AADGroup.md +++ b/docs/docs/resources/azure-ad/AADGroup.md @@ -98,7 +98,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" - Owners = @("AdeleV@$Domain") + Owners = @("admin@$Domain", "AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } @@ -132,7 +132,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" - Owners = @("AdeleV@$Domain") + Owners = @("admin@$Domain", "AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } From 3c451b7346abbc6ab02277e94ce8f2cd645cb6f9 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 19 Jan 2024 14:26:31 +0000 Subject: [PATCH 08/22] Updated {Create} AAD Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 index e639ffe2c2..4875dab41a 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -227,7 +227,7 @@ GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" - Owners = @("AdeleV@$Domain") + Owners = @("admin@$Domain", "AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } From dd8409b7947763e58d65771b744d629a9553e2fa Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 19 Jan 2024 14:28:45 +0000 Subject: [PATCH 09/22] Updated {Update} AAD Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 index ead0477bf2..a7e5141668 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 @@ -579,7 +579,7 @@ GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" - Owners = @("AdeleV@$Domain") + Owners = @("admin@$Domain", "AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } From 11cae9df1b844f90ddd0f65d9da6456e8367590e Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 19 Jan 2024 14:31:49 +0000 Subject: [PATCH 10/22] Updated {Update} AAD Integration Tests --- .../M365DSCIntegration.AAD.Remove.Tests.ps1 | 7 ------- 1 file changed, 7 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 index 0c3294cc4d..6415d0c12a 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 @@ -53,13 +53,6 @@ State = "enabled"; Credential = $credsCredential; } - AADAuthenticationMethodPolicyEmail 'AADAuthenticationMethodPolicyEmail-Email' - { - Ensure = "Absent"; - Id = "Email"; - State = "disabled"; # Updated Property - Credential = $credsCredential; - } AADAuthenticationMethodPolicyFido2 'AADAuthenticationMethodPolicyFido2-Fido2' { Ensure = "Absent"; From 5946f60271183ad709645d1872ebf7f76becf794 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 19 Jan 2024 09:45:23 -0500 Subject: [PATCH 11/22] AADGroup Integration Fixes --- .../Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 | 2 +- .../Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 index 41f8825460..c8192769e8 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 @@ -24,7 +24,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" - Owners = @("admin@$Domain", "AdeleV@$Domain") + Owners = @("admin@$Domain", "AdeleV@$Domain", "GitHubIntegration@$Domain") Ensure = "Present" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 index 7862017a86..9e29f075e3 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 @@ -23,7 +23,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" - Owners = @("admin@$Domain", "AdeleV@$Domain") + Owners = @("admin@$Domain", "AdeleV@$Domain", "GitHubIntegration@$Domain") Ensure = "Present" Credential = $Credscredential } From dc9dd2bb070d2737888997bf12a8af680197afe9 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 19 Jan 2024 14:46:55 +0000 Subject: [PATCH 12/22] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/azure-ad/AADGroup.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/resources/azure-ad/AADGroup.md b/docs/docs/resources/azure-ad/AADGroup.md index dccb5a9313..24fbdfaad8 100644 --- a/docs/docs/resources/azure-ad/AADGroup.md +++ b/docs/docs/resources/azure-ad/AADGroup.md @@ -98,7 +98,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" - Owners = @("admin@$Domain", "AdeleV@$Domain") + Owners = @("admin@$Domain", "AdeleV@$Domain", "GitHubIntegration@$Domain") Ensure = "Present" Credential = $Credscredential } @@ -132,7 +132,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" - Owners = @("admin@$Domain", "AdeleV@$Domain") + Owners = @("admin@$Domain", "AdeleV@$Domain", "GitHubIntegration@$Domain") Ensure = "Present" Credential = $Credscredential } From b4f62f057d46cc71c8790397587d304461969365 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 19 Jan 2024 14:48:51 +0000 Subject: [PATCH 13/22] Updated {Create} AAD Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 index 4875dab41a..d063a17932 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -227,7 +227,7 @@ GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" - Owners = @("admin@$Domain", "AdeleV@$Domain") + Owners = @("admin@$Domain", "AdeleV@$Domain", "GitHubIntegration@$Domain") Ensure = "Present" Credential = $Credscredential } From 838a5b95371057ec168e8a6daa0e78a4ec8f685d Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 19 Jan 2024 10:07:31 -0500 Subject: [PATCH 14/22] Fixes --- .../Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 | 2 +- .../Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 index c8192769e8..41f8825460 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 @@ -24,7 +24,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" - Owners = @("admin@$Domain", "AdeleV@$Domain", "GitHubIntegration@$Domain") + Owners = @("admin@$Domain", "AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 index 9e29f075e3..7862017a86 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 @@ -23,7 +23,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" - Owners = @("admin@$Domain", "AdeleV@$Domain", "GitHubIntegration@$Domain") + Owners = @("admin@$Domain", "AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } From f69052d911f168fd7d762def4177a67c0e4edf2c Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 19 Jan 2024 15:09:08 +0000 Subject: [PATCH 15/22] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/azure-ad/AADGroup.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/resources/azure-ad/AADGroup.md b/docs/docs/resources/azure-ad/AADGroup.md index 24fbdfaad8..dccb5a9313 100644 --- a/docs/docs/resources/azure-ad/AADGroup.md +++ b/docs/docs/resources/azure-ad/AADGroup.md @@ -98,7 +98,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" - Owners = @("admin@$Domain", "AdeleV@$Domain", "GitHubIntegration@$Domain") + Owners = @("admin@$Domain", "AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } @@ -132,7 +132,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" - Owners = @("admin@$Domain", "AdeleV@$Domain", "GitHubIntegration@$Domain") + Owners = @("admin@$Domain", "AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } From ff8cdce03f28a49c91bcccc280dfc1635aa5ec6e Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 19 Jan 2024 15:10:55 +0000 Subject: [PATCH 16/22] Updated {Create} AAD Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 index d063a17932..4875dab41a 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -227,7 +227,7 @@ GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" - Owners = @("admin@$Domain", "AdeleV@$Domain", "GitHubIntegration@$Domain") + Owners = @("admin@$Domain", "AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } From a46fcc7c08c7f437921d9909adf14b6ff0d9994e Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 19 Jan 2024 12:47:37 -0500 Subject: [PATCH 17/22] AAD Group Restore from Deleted --- CHANGELOG.md | 3 + .../MSFT_AADGroup/MSFT_AADGroup.psm1 | 56 ++++++++++++++----- 2 files changed, 45 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bad7eb5a77..ce029d2282 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,9 @@ * Removed the ability to specify a value of Absent for the Ensure property. * AADCrossTenantAccessPolicyCOnfigurationDefault * Removed the ability to specify a value of Absent for the Ensure property. +* AADGroup + * Changed Set logic to restore groups from the deleted list if a match by + DisplayName is found. * SPOSharingSettings * Fixed an Issue where the MySiteSharingCapability could be returned as an empty string instead of a null value from the Get method. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index 293ac6fd29..1c9ae1a71b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -559,26 +559,44 @@ function Set-TargetResource } elseif ($Ensure -eq 'Present' -and $currentGroup.Ensure -eq 'Absent') { - Write-Verbose -Message "Creating new group {$DisplayName}" - $currentParameters.Remove('Id') | Out-Null + Write-Verbose -Message "Checking to see if an existing deleted group exists with DisplayName {$DisplayName}" + $restorinExisting = $false + [Array]$groups = Get-MgBetaDirectoryDeletedItemAsGroup -Filter "DisplayName eq '$DisplayName'" + if ($groups.Length -gt 1) + { + throw "Multiple deleted groups with the name {$DisplayName} were found. Cannot restore the existig group. Please ensure that you either have no instance of the group in the deleted list or that you have a single one." + } - try + if ($groups.Length -eq 1) + { + Write-Verbose -Message "Found an instance of a deleted group {$DisplayName}. Restoring it." + Restore-MgBetaDirectoryDeletedItem -DirectoryObjectId $groups[0].Id + $restoringExisting = $true + $currentGroup = Get-MgGroup -Filter "DisplayName eq '$DisplayName'" -ErrorAction Stop + } + + if (-not $restoringExisting) { - Write-Verbose -Message "Creating Group with Values: $(Convert-M365DscHashtableToString -Hashtable $currentParameters)" - $currentGroup = New-MgGroup @currentParameters + Write-Verbose -Message "Creating new group {$DisplayName}" + $currentParameters.Remove('Id') | Out-Null - Write-Verbose -Message "Created Group $($currentGroup.id)" - if ($assignedLicensesGUIDs.Length -gt 0) + try { - Set-MgGroupLicense -GroupId $currentGroup.Id -AddLicenses $licensesToAdd -RemoveLicenses @() + Write-Verbose -Message "Creating Group with Values: $(Convert-M365DscHashtableToString -Hashtable $currentParameters)" + $currentGroup = New-MgGroup @currentParameters + Write-Verbose -Message "Created Group $($currentGroup.id)" + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message "Couldn't create group $DisplayName" ` + -Exception $_ ` + -Source $MyInvocation.MyCommand.ModuleName } } - catch + if ($assignedLicensesGUIDs.Length -gt 0) { - Write-Verbose -Message $_ - New-M365DSCLogEntry -Message "Couldn't create group $DisplayName" ` - -Exception $_ ` - -Source $MyInvocation.MyCommand.ModuleName + Set-MgGroupLicense -GroupId $currentGroup.Id -AddLicenses $licensesToAdd -RemoveLicenses @() } } elseif ($Ensure -eq 'Absent' -and $currentGroup.Ensure -eq 'Present') @@ -623,7 +641,17 @@ function Set-TargetResource $ownerObject = @{ '@odata.id' = "https://graph.microsoft.com/v1.0/users/{$($user.Id)}" } - New-MgGroupOwnerByRef -GroupId ($currentGroup.Id) -BodyParameter $ownerObject | Out-Null + try + { + New-MgGroupOwnerByRef -GroupId ($currentGroup.Id) -BodyParameter $ownerObject -ErrorAction Stop| Out-Null + } + catch + { + if ($_.Exception.Message -notlike "*One or more added object references already exist for the following modified properties*") + { + throw $_ + } + } } elseif ($diff.SideIndicator -eq '<=') { From 15829d52eb2654ce26e7313406c10f0fb4b9b4e9 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 19 Jan 2024 13:12:21 -0500 Subject: [PATCH 18/22] Fixes AADGroup Logic --- .../MSFT_AADGroup/MSFT_AADGroup.psm1 | 86 +++++++++---------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index 1c9ae1a71b..a0b411cc71 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -511,7 +511,49 @@ function Set-TargetResource $currentParameters.Remove('AssignedLicenses') | Out-Null - if ($Ensure -eq 'Present' -and $currentGroup.Ensure -eq 'Present') + if ($Ensure -eq 'Present' -and $currentGroup.Ensure -eq 'Absent') + { + Write-Verbose -Message "Checking to see if an existing deleted group exists with DisplayName {$DisplayName}" + $restorinExisting = $false + [Array]$groups = Get-MgBetaDirectoryDeletedItemAsGroup -Filter "DisplayName eq '$DisplayName'" + if ($groups.Length -gt 1) + { + throw "Multiple deleted groups with the name {$DisplayName} were found. Cannot restore the existig group. Please ensure that you either have no instance of the group in the deleted list or that you have a single one." + } + + if ($groups.Length -eq 1) + { + Write-Verbose -Message "Found an instance of a deleted group {$DisplayName}. Restoring it." + Restore-MgBetaDirectoryDeletedItem -DirectoryObjectId $groups[0].Id + $restoringExisting = $true + $currentGroup = Get-MgGroup -Filter "DisplayName eq '$DisplayName'" -ErrorAction Stop + } + + if (-not $restoringExisting) + { + Write-Verbose -Message "Creating new group {$DisplayName}" + $currentParameters.Remove('Id') | Out-Null + + try + { + Write-Verbose -Message "Creating Group with Values: $(Convert-M365DscHashtableToString -Hashtable $currentParameters)" + $currentGroup = New-MgGroup @currentParameters + Write-Verbose -Message "Created Group $($currentGroup.id)" + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message "Couldn't create group $DisplayName" ` + -Exception $_ ` + -Source $MyInvocation.MyCommand.ModuleName + } + } + if ($assignedLicensesGUIDs.Length -gt 0) + { + Set-MgGroupLicense -GroupId $currentGroup.Id -AddLicenses $licensesToAdd -RemoveLicenses @() + } + } + if ($Ensure -eq 'Present') { Write-Verbose -Message "Group {$DisplayName} exists and it should." try @@ -557,48 +599,6 @@ function Set-TargetResource -Source $MyInvocation.MyCommand.ModuleName } } - elseif ($Ensure -eq 'Present' -and $currentGroup.Ensure -eq 'Absent') - { - Write-Verbose -Message "Checking to see if an existing deleted group exists with DisplayName {$DisplayName}" - $restorinExisting = $false - [Array]$groups = Get-MgBetaDirectoryDeletedItemAsGroup -Filter "DisplayName eq '$DisplayName'" - if ($groups.Length -gt 1) - { - throw "Multiple deleted groups with the name {$DisplayName} were found. Cannot restore the existig group. Please ensure that you either have no instance of the group in the deleted list or that you have a single one." - } - - if ($groups.Length -eq 1) - { - Write-Verbose -Message "Found an instance of a deleted group {$DisplayName}. Restoring it." - Restore-MgBetaDirectoryDeletedItem -DirectoryObjectId $groups[0].Id - $restoringExisting = $true - $currentGroup = Get-MgGroup -Filter "DisplayName eq '$DisplayName'" -ErrorAction Stop - } - - if (-not $restoringExisting) - { - Write-Verbose -Message "Creating new group {$DisplayName}" - $currentParameters.Remove('Id') | Out-Null - - try - { - Write-Verbose -Message "Creating Group with Values: $(Convert-M365DscHashtableToString -Hashtable $currentParameters)" - $currentGroup = New-MgGroup @currentParameters - Write-Verbose -Message "Created Group $($currentGroup.id)" - } - catch - { - Write-Verbose -Message $_ - New-M365DSCLogEntry -Message "Couldn't create group $DisplayName" ` - -Exception $_ ` - -Source $MyInvocation.MyCommand.ModuleName - } - } - if ($assignedLicensesGUIDs.Length -gt 0) - { - Set-MgGroupLicense -GroupId $currentGroup.Id -AddLicenses $licensesToAdd -RemoveLicenses @() - } - } elseif ($Ensure -eq 'Absent' -and $currentGroup.Ensure -eq 'Present') { try From cbe00aba3e6647762846859e4de656be27a947d9 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 19 Jan 2024 14:14:48 -0500 Subject: [PATCH 19/22] Fixes --- .../Microsoft365DSC.AADGroup.Tests.ps1 | 8 +++++++- Tests/Unit/Stubs/Microsoft365.psm1 | 16 +++++++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 index be6fd42cef..27ffcd81bc 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 @@ -37,6 +37,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgGroupMember -MockWith { } + Mock -CommandName Restore-MgBetaDirectoryDeletedItem -MockWith { + } + + Mock -CommandName Get-MgBetaDirectoryDeletedItem -MockWith { + } + Mock -CommandName Get-MgGroupMemberOf -MockWith { } @@ -395,7 +401,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { MailNickname = 'M365DSC' GroupTypes = @() } - + # Set-TargetResource expects object-type of answer to contain 'group' $returnData.psobject.TypeNames.insert(0, 'Group') return $returnData diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index f5544b9f0f..9280d71b9c 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -1,4 +1,4 @@ -#region ExchangeOnlineManagement +# region ExchangeOnlineManagement function Get-DefaultTenantBriefingConfig { [CmdletBinding()] @@ -51825,6 +51825,20 @@ function Remove-MgBetaDirectoryAdministrativeUnitMemberByRef $Break ) } +function Restore-MgBetaDirectoryDeletedItem +{ + [CmdletBinding()] + param( + [Parameter()] + [String] + $DirectoryObjectId + ) +} +function Get-MgBetaDirectoryDeletedItem +{ + [CmdletBinding()] +} + function Remove-MgBetaDirectoryAdministrativeUnitScopedRoleMember { [CmdletBinding()] From 5a3ddf68f4ef2c7a53b92a4c0485b8d4a6dc37f5 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 19 Jan 2024 14:22:24 -0500 Subject: [PATCH 20/22] Update Microsoft365.psm1 --- Tests/Unit/Stubs/Microsoft365.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 9280d71b9c..f0614e47d1 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -51837,6 +51837,7 @@ function Restore-MgBetaDirectoryDeletedItem function Get-MgBetaDirectoryDeletedItem { [CmdletBinding()] + param() } function Remove-MgBetaDirectoryAdministrativeUnitScopedRoleMember From 0438cda4b4309685433aaccbb2b5ec0124dd5215 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 19 Jan 2024 14:36:21 -0500 Subject: [PATCH 21/22] Fixes --- .../Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 | 2 ++ Tests/Unit/Stubs/Microsoft365.psm1 | 10 ++++++++++ 2 files changed, 12 insertions(+) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 index 27ffcd81bc..115cf92bd1 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 @@ -39,6 +39,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Restore-MgBetaDirectoryDeletedItem -MockWith { } + Mock -CommandName Get-MgBetaDirectoryDeletedItemAsGroup -MockWith { + } Mock -CommandName Get-MgBetaDirectoryDeletedItem -MockWith { } diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index f0614e47d1..af4f47bb78 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -51840,6 +51840,16 @@ function Get-MgBetaDirectoryDeletedItem param() } +function Get-MgBetaDirectoryDeletedItem +{ + [CmdletBinding()] + param( + [Parameter()] + [String] + $Filter + ) +} + function Remove-MgBetaDirectoryAdministrativeUnitScopedRoleMember { [CmdletBinding()] From 88326f9350627cbfef103022ad2dec62721ecdf8 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 19 Jan 2024 14:44:46 -0500 Subject: [PATCH 22/22] Fixes --- .../Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 | 3 --- Tests/Unit/Stubs/Microsoft365.psm1 | 7 +------ 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 index 115cf92bd1..a07cd9c6d9 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 @@ -42,9 +42,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgBetaDirectoryDeletedItemAsGroup -MockWith { } - Mock -CommandName Get-MgBetaDirectoryDeletedItem -MockWith { - } - Mock -CommandName Get-MgGroupMemberOf -MockWith { } diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index af4f47bb78..dc213dcafb 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -51834,13 +51834,8 @@ function Restore-MgBetaDirectoryDeletedItem $DirectoryObjectId ) } -function Get-MgBetaDirectoryDeletedItem -{ - [CmdletBinding()] - param() -} -function Get-MgBetaDirectoryDeletedItem +function Get-MgBetaDirectoryDeletedItemAsGroup { [CmdletBinding()] param(