diff --git a/CHANGELOG.md b/CHANGELOG.md index e50532ee5..c8913ff95 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,41 @@ # Change log for SharePointDsc +## v3.1 + +* Changes to SharePointDsc + * Updated LICENSE file to match the Microsoft Open Source Team standard. +* ProjectServerConnector + * Added a file hash validation check to prevent the ability to load custom code + into the module. +* SPFarm + * Fixed localization issue where TypeName was in the local language. +* SPInstallPrereqs + * Updated links in the Readme.md file to docs.microsoft.com. + * Fixed required prereqs for SharePoint 2019, added MSVCRT11. +* SPManagedMetadataServiceApp + * Fixed issue where Get-TargetResource method throws an error when the + service app proxy does not exist. +* SPSearchContentSource + * Corrected issue where the New-SPEnterpriseSearchCrawlContentSource cmdlet + was called twice. +* SPSearchServiceApp + * Fixed issue where Get-TargetResource method throws an error when the + service application pool does not exist. + * Implemented check to make sure cmdlets are only executed when it actually + has something to update. + * Deprecated WindowsServiceAccount parameter and moved functionality to + new resource (SPSearchServiceSettings). +* SPSearchServiceSettings + * Added new resource to configure search service settings. +* SPServiceAppSecurity + * Fixed unavailable utility method (ExpandAccessLevel). + * Updated the schema to no longer specify username as key for the sub class. +* SPUserProfileServiceApp + * Fixed issue where localized versions of Windows and SharePoint would throw + an error. +* SPUserProfileSyncConnection + * Corrected implementation of Ensure parameter. + ## v3.0 * Changes to SharePointDsc diff --git a/LICENSE b/LICENSE index b8b569d77..21071075c 100644 --- a/LICENSE +++ b/LICENSE @@ -1,22 +1,21 @@ -The MIT License (MIT) + MIT License -Copyright (c) 2015 Microsoft + Copyright (c) Microsoft Corporation. All rights reserved. -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPFarm/MSFT_SPFarm.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPFarm/MSFT_SPFarm.psm1 index 8aa11a3bb..9bc4c30a5 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPFarm/MSFT_SPFarm.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPFarm/MSFT_SPFarm.psm1 @@ -174,10 +174,16 @@ function Get-TargetResource } $centralAdminProvisioned = $false - $ca = Get-SPServiceInstance -Server $env:ComputerName ` - | Where-Object -Filterscript { - $_.TypeName -eq "Central Administration" -and $_.Status -eq "Online" - } + $ca = Get-SPServiceInstance -Server $env:ComputerName + if ($null -ne $ca) + { + $ca = $ca | Where-Object -Filterscript { + $_.GetType().Name -eq "SPWebServiceInstance" -and ` + $_.Name -eq "WSS_Administration" -and ` + $_.Status -eq "Online" + } + } + if ($null -ne $ca) { $centralAdminProvisioned = $true @@ -376,19 +382,22 @@ function Set-TargetResource # Provision central administration if ($params.RunCentralAdmin -eq $true) { - $serviceInstance = Get-SPServiceInstance -Server $env:COMPUTERNAME ` - | Where-Object -FilterScript { - $_.TypeName -eq "Central Administration" - } + $serviceInstance = Get-SPServiceInstance -Server $env:COMPUTERNAME if ($null -eq $serviceInstance) { $domain = (Get-CimInstance -ClassName Win32_ComputerSystem).Domain $fqdn = "$($env:COMPUTERNAME).$domain" $serviceInstance = Get-SPServiceInstance -Server $fqdn ` - | Where-Object -FilterScript { - $_.TypeName -eq "Central Administration" - } } + + if ($null -ne $serviceInstance) + { + $serviceInstance = $serviceInstance | Where-Object -FilterScript { + $_.GetType().Name -eq "SPWebServiceInstance" -and ` + $_.Name -eq "WSS_Administration" + } + } + if ($null -eq $serviceInstance) { throw [Exception] "Unable to locate Central Admin service instance on this server" @@ -398,19 +407,22 @@ function Set-TargetResource else { # Unprovision central administration - $serviceInstance = Get-SPServiceInstance -Server $env:COMPUTERNAME ` - | Where-Object -FilterScript { - $_.TypeName -eq "Central Administration" - } + $serviceInstance = Get-SPServiceInstance -Server $env:COMPUTERNAME if ($null -eq $serviceInstance) { $domain = (Get-CimInstance -ClassName Win32_ComputerSystem).Domain $fqdn = "$($env:COMPUTERNAME).$domain" - $serviceInstance = Get-SPServiceInstance -Server $fqdn ` - | Where-Object -FilterScript { - $_.TypeName -eq "Central Administration" - } + $serviceInstance = Get-SPServiceInstance -Server $fqdn } + + if ($null -ne $serviceInstance) + { + $serviceInstance = $serviceInstance | Where-Object -FilterScript { + $_.GetType().Name -eq "SPWebServiceInstance" -and ` + $_.Name -eq "WSS_Administration" + } + } + if ($null -eq $serviceInstance) { throw "Unable to locate Central Admin service instance on this server" @@ -644,19 +656,22 @@ function Set-TargetResource } else { - $serviceInstance = Get-SPServiceInstance -Server $env:COMPUTERNAME ` - | Where-Object -FilterScript { - $_.TypeName -eq "Central Administration" - } + $serviceInstance = Get-SPServiceInstance -Server $env:COMPUTERNAME if ($null -eq $serviceInstance) { $domain = (Get-CimInstance -ClassName Win32_ComputerSystem).Domain $fqdn = "$($env:COMPUTERNAME).$domain" - $serviceInstance = Get-SPServiceInstance -Server $fqdn ` - | Where-Object -FilterScript { - $_.TypeName -eq "Central Administration" - } + $serviceInstance = Get-SPServiceInstance -Server $fqdn } + + if ($null -ne $serviceInstance) + { + $serviceInstance = $serviceInstance | Where-Object -FilterScript { + $_.GetType().Name -eq "SPWebServiceInstance" -and ` + $_.Name -eq "WSS_Administration" + } + } + if ($null -eq $serviceInstance) { throw [Exception] "Unable to locate Central Admin service instance on this server" diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPInstallPrereqs/MSFT_SPInstallPrereqs.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPInstallPrereqs/MSFT_SPInstallPrereqs.psm1 index 20f2594e2..c6df94910 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPInstallPrereqs/MSFT_SPInstallPrereqs.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPInstallPrereqs/MSFT_SPInstallPrereqs.psm1 @@ -608,7 +608,7 @@ function Set-TargetResource { Write-Verbose -Message "Version: SharePoint 2019" $requiredParams = @("SQLNCli","Sync","AppFabric","IDFX11","MSIPCClient","KB3092423", - "WCFDataServices56","DotNet472","MSVCRT141") + "WCFDataServices56","DotNet472","MSVCRT11","MSVCRT141") if ($osVersion.Major -eq 11) { diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPInstallPrereqs/Readme.md b/Modules/SharePointDsc/DSCResources/MSFT_SPInstallPrereqs/Readme.md index 3b712b1d7..fadf9a00d 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPInstallPrereqs/Readme.md +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPInstallPrereqs/Readme.md @@ -42,9 +42,10 @@ then execute the installation from there. The SharePoint prerequisites can be downloaded from the following locations: SharePoint 2013: -https://technet.microsoft.com/library/a88d3f72-7ac3-4f08-b302-c4ca0a796268%28v=office.16%29.aspx?#section5 +https://docs.microsoft.com/en-us/SharePoint/install/hardware-and-software-requirements-0#section5 SharePoint 2016: -https://technet.microsoft.com/en-us/library/cc262485(v=office.16).aspx#section5 +https://docs.microsoft.com/en-us/SharePoint/install/hardware-and-software-requirements#section5 SharePoint 2019: +https://docs.microsoft.com/en-us/sharepoint/install/hardware-and-software-requirements-2019#links-to-applicable-software diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPManagedMetadataServiceApp/MSFT_SPManagedMetaDataServiceApp.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPManagedMetadataServiceApp/MSFT_SPManagedMetaDataServiceApp.psm1 index e2599318f..eb75440ec 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPManagedMetadataServiceApp/MSFT_SPManagedMetaDataServiceApp.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPManagedMetadataServiceApp/MSFT_SPManagedMetaDataServiceApp.psm1 @@ -104,7 +104,8 @@ function Get-TargetResource } } - $proxy = Get-SPMetadataServiceApplicationProxy -Identity $proxyName + $proxy = Get-SPMetadataServiceApplicationProxy -Identity $proxyName ` + -ErrorAction SilentlyContinue if ($null -ne $proxy) { $contentTypePushDownEnabled = $proxy.Properties["IsContentTypePushdownEnabled"] diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPSearchContentSource/MSFT_SPSearchContentSource.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPSearchContentSource/MSFT_SPSearchContentSource.psm1 index aed463463..da2cbac13 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPSearchContentSource/MSFT_SPSearchContentSource.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPSearchContentSource/MSFT_SPSearchContentSource.psm1 @@ -427,12 +427,6 @@ function Set-TargetResource -LOBSystemSet $params.LOBSystemSet } - $source = New-SPEnterpriseSearchCrawlContentSource ` - -SearchApplication $params.ServiceAppName ` - -Type $newType ` - -Name $params.Name ` - -StartAddresses $startAddresses - if ($null -eq $source) { throw ("An error occurred during creation of the Content Source, " + ` diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceApp/MSFT_SPSearchServiceApp.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceApp/MSFT_SPSearchServiceApp.psm1 index ac4f5f547..29a989135 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceApp/MSFT_SPSearchServiceApp.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceApp/MSFT_SPSearchServiceApp.psm1 @@ -55,6 +55,12 @@ function Get-TargetResource Write-Verbose -Message "Getting Search service application '$Name'" + if ($PSBoundParameters.ContainsKey("WindowsServiceAccount")) + { + Write-Verbose -Message ("This parameter is deprecated in this resource. Please use " + ` + "SPSearchServiceSettings instead.") + } + $result = Invoke-SPDSCCommand -Credential $InstallAccount ` -Arguments @($PSBoundParameters, $PSScriptRoot) ` -ScriptBlock { @@ -69,7 +75,8 @@ function Get-TargetResource [void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server.Search") [void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server") - $serviceAppPool = Get-SPServiceApplicationPool $params.ApplicationPool + $serviceAppPool = Get-SPServiceApplicationPool -Identity $params.ApplicationPool ` + -ErrorAction SilentlyContinue if ($null -eq $serviceAppPool) { Write-Verbose -Message ("Specified service application pool $($params.ApplicationPool) " + ` @@ -128,10 +135,6 @@ function Get-TargetResource } } - $searchService = Get-SPEnterpriseSearchService - $windowsAccount = New-Object -TypeName System.Management.Automation.PSCredential ` - -ArgumentList @($searchService.ProcessIdentity, $dummyPassword) - $returnVal = @{ Name = $serviceApp.DisplayName ProxyName = $pName @@ -142,7 +145,7 @@ function Get-TargetResource SearchCenterUrl = $serviceApp.SearchCenterUrl DefaultContentAccessAccount = $defaultAccount CloudIndex = $cloudIndex - WindowsServiceAccount = $windowsAccount + WindowsServiceAccount = $params.WindowsServiceAccount InstallAccount = $params.InstallAccount } return $returnVal @@ -204,6 +207,12 @@ function Set-TargetResource Write-Verbose -Message "Setting Search service application '$Name'" + if ($PSBoundParameters.ContainsKey("WindowsServiceAccount")) + { + Write-Verbose -Message ("This parameter is deprecated in this resource. Please use " + ` + "SPSearchServiceSettings instead.") + } + $result = Get-TargetResource @PSBoundParameters if ($result.Ensure -eq "Absent" -and $Ensure -eq "Present") @@ -264,9 +273,14 @@ function Set-TargetResource { $pName = $params.ProxyName } + + Write-Verbose -Message "Creating proxy with name $pName" New-SPEnterpriseSearchServiceApplicationProxy -Name $pName -SearchApplication $app + if ($params.ContainsKey("DefaultContentAccessAccount") -eq $true) { + Write-Verbose -Message ("Setting DefaultContentAccessAccount to " + ` + $params.DefaultContentAccessAccount.UserName) $appPool = Get-SPServiceApplicationPool -Identity $params.ApplicationPool $account = $params.DefaultContentAccessAccount $setParams = @{ @@ -280,6 +294,7 @@ function Set-TargetResource if ($params.ContainsKey("SearchCenterUrl") -eq $true) { + Write-Verbose -Message "Setting SearchCenterUrl to $($params.SearchCenterUrl)" $serviceApp = Get-SPServiceApplication -Name $params.Name | ` Where-Object -FilterScript { $_.GetType().FullName -eq "Microsoft.Office.Server.Search.Administration.SearchServiceApplication" @@ -287,12 +302,6 @@ function Set-TargetResource $serviceApp.SearchCenterUrl = $params.SearchCenterUrl $serviceApp.Update() } - - if ($params.ContainsKey("WindowsServiceAccount") -eq $true) - { - Set-SPEnterpriseSearchService -ServiceAccount $params.WindowsServiceAccount.UserName ` - -ServicePassword $params.WindowsServiceAccount.Password - } } } } @@ -325,10 +334,12 @@ function Set-TargetResource { if ($null -eq $result.ProxyName) { + Write-Verbose -Message "Creating proxy with name $pName" New-SPEnterpriseSearchServiceApplicationProxy -Name $pName -SearchApplication $serviceApp } else { + Write-Verbose -Message "Updating proxy name to $pName" $serviceAppProxy = Get-SPServiceApplicationProxy | Where-Object -FilterScript { $_.Name -eq $result.ProxyName } @@ -337,21 +348,38 @@ function Set-TargetResource } } - $appPool = Get-SPServiceApplicationPool -Identity $params.ApplicationPool $setParams = @{ - ApplicationPool = $appPool Identity = $serviceApp } - if ($params.ContainsKey("DefaultContentAccessAccount") -eq $true) + + if ($result.ApplicationPool -ne $params.ApplicationPool) { + Write-Verbose -Message "Updating ApplicationPool to $($params.ApplicationPool)" + + $appPool = Get-SPServiceApplicationPool -Identity $params.ApplicationPool + $setParams.Add("ApplicationPool", $appPool) + } + + if ($params.ContainsKey("DefaultContentAccessAccount") -eq $true -and ` + $result.DefaultContentAccessAccount.UserName -ne $params.DefaultContentAccessAccount.UserName) + { + Write-Verbose -Message ("Updating DefaultContentAccessAccount to " + ` + $params.DefaultContentAccessAccount.UserName) + $account = $params.DefaultContentAccessAccount $setParams.Add("DefaultContentAccessAccountName", $account.UserName) $setParams.Add("DefaultContentAccessAccountPassword", $account.Password) } - Set-SPEnterpriseSearchServiceApplication @setParams - if ($params.ContainsKey("SearchCenterUrl") -eq $true) + if ($setParams.Count -gt 1) { + Set-SPEnterpriseSearchServiceApplication @setParams + } + + if ($params.ContainsKey("SearchCenterUrl") -eq $true -and ` + $result.SearchCenterUrl -ne $params.SearchCenterUrl) + { + Write-Verbose -Message "Updating SearchCenterUrl to $($params.SearchCenterUrl)" $serviceApp = Get-SPServiceApplication -Name $params.Name | ` Where-Object -FilterScript { $_.GetType().FullName -eq "Microsoft.Office.Server.Search.Administration.SearchServiceApplication" @@ -359,13 +387,6 @@ function Set-TargetResource $serviceApp.SearchCenterUrl = $params.SearchCenterUrl $serviceApp.Update() } - - if ($params.ContainsKey("WindowsServiceAccount") -eq $true -and ` - $result.WindowsServiceAccount.UserName -ne $params.WindowsServiceAccount.UserName) - { - Set-SPEnterpriseSearchService -ServiceAccount $params.WindowsServiceAccount.UserName ` - -ServicePassword $params.WindowsServiceAccount.Password - } } } @@ -451,6 +472,12 @@ function Test-TargetResource Write-Verbose -Message "Testing Search service application '$Name'" + if ($PSBoundParameters.ContainsKey("WindowsServiceAccount")) + { + Write-Verbose -Message ("This parameter is deprecated in this resource. Please use " + ` + "SPSearchServiceSettings instead.") + } + $PSBoundParameters.Ensure = $Ensure $CurrentValues = Get-TargetResource @PSBoundParameters @@ -458,21 +485,13 @@ function Test-TargetResource if ($PSBoundParameters.ContainsKey("DefaultContentAccessAccount") ` -and $Ensure -eq "Present") { - if ($DefaultContentAccessAccount.UserName ` - -ne $CurrentValues.DefaultContentAccessAccount.UserName) - { - Write-Verbose -Message "Default content access account is different, returning false" - return $false - } - } + $desired = $DefaultContentAccessAccount.UserName + $current = $CurrentValues.DefaultContentAccessAccount.UserName - if ($PSBoundParameters.ContainsKey("WindowsServiceAccount") ` - -and $Ensure -eq "Present") - { - if ($WindowsServiceAccount.UserName ` - -ne $CurrentValues.WindowsServiceAccount.UserName) + if ($desired -ne $current) { - Write-Verbose -Message "Windows service account is different, returning false" + Write-Verbose -Message "Default content access account is different, returning false" + Write-Verbose -Message "Desired: $desired. Current: $current." return $false } } diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceApp/MSFT_SPSearchServiceApp.schema.mof b/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceApp/MSFT_SPSearchServiceApp.schema.mof index e187966a6..45f739f59 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceApp/MSFT_SPSearchServiceApp.schema.mof +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceApp/MSFT_SPSearchServiceApp.schema.mof @@ -10,7 +10,7 @@ class MSFT_SPSearchServiceApp : OMI_BaseResource [Write, Description("The default content access account for this search service app"), EmbeddedInstance("MSFT_Credential")] String DefaultContentAccessAccount; [Write, Description("Should this search service application be a cloud based service app")] boolean CloudIndex; [Write, Description("Present if the service app should exist, absent if it should not"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; - [Write, Description("Sets the windows services for search to run as this account"), EmbeddedInstance("MSFT_Credential")] string WindowsServiceAccount; + [Write, Description("This setting is moved to SPSearchServiceSettings and deprecated here."), EmbeddedInstance("MSFT_Credential")] string WindowsServiceAccount; [Write, Description("POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5"), EmbeddedInstance("MSFT_Credential")] String InstallAccount; }; diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceApp/readme.md b/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceApp/readme.md index 74cc92457..9a2b282e0 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceApp/readme.md +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceApp/readme.md @@ -13,3 +13,7 @@ the admin database which matches the name, and then The default value for the Ensure parameter is Present. When not specifying this parameter, the service application is provisioned. + +NOTE: The WindowsServiceAccount parameter is deprecated and no longer does +anything. The functionality for changing this account has been moved to +SPSearchServiceSettings. diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceSettings/MSFT_SPSearchServiceSettings.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceSettings/MSFT_SPSearchServiceSettings.psm1 new file mode 100644 index 000000000..d51e03e5f --- /dev/null +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceSettings/MSFT_SPSearchServiceSettings.psm1 @@ -0,0 +1,240 @@ +function Get-TargetResource +{ + # Ignoring this because we need to generate a stub credential to return up the current + # crawl account as a PSCredential + [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingConvertToSecureStringWithPlainText", "")] + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [String] + $IsSingleInstance, + + [Parameter()] + [ValidateSet("Reduced","PartlyReduced","Maximum")] + [System.String] + $PerformanceLevel, + + [Parameter()] + [System.String] + $ContactEmail, + + [Parameter()] + [System.Management.Automation.PSCredential] + $WindowsServiceAccount, + + [Parameter()] + [System.Management.Automation.PSCredential] + $InstallAccount + ) + + Write-Verbose -Message "Getting Search service settings" + + if ($PSBoundParameters.ContainsKey("PerformanceLevel") -eq $false -and + $PSBoundParameters.ContainsKey("ContactEmail") -eq $false -and ` + $PSBoundParameters.ContainsKey("WindowsServiceAccount") -eq $false) + { + Write-Verbose -Message ("You have to specify at least one of the following parameters: " + ` + "PerformanceLevel, ContactEmail or WindowsServiceAccount") + return @{ + IsSingleInstance = "Yes" + PerformanceLevel = $null + ContactEmail = $null + WindowsServiceAccount = $null + InstallAccount = $InstallAccount + } + } + + $result = Invoke-SPDSCCommand -Credential $InstallAccount ` + -Arguments $PSBoundParameters ` + -ScriptBlock { + $params = $args[0] + + try + { + $spFarm = Get-SPFarm + } + catch + { + Write-Verbose -Message ("No local SharePoint farm was detected. Search service " + ` + "settings will not be applied") + return @{ + IsSingleInstance = "Yes" + PerformanceLevel = $null + ContactEmail = $null + WindowsServiceAccount = $null + InstallAccount = $params.InstallAccount + } + } + + $searchService = Get-SPEnterpriseSearchService + + $dummyPassword = ConvertTo-SecureString -String "-" -AsPlainText -Force + $windowsAccount = New-Object -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @($searchService.ProcessIdentity, $dummyPassword) + + $returnVal = @{ + IsSingleInstance = "Yes" + PerformanceLevel = $searchService.PerformanceLevel + ContactEmail = $searchService.ContactEmail + WindowsServiceAccount = $windowsAccount + InstallAccount = $params.InstallAccount + } + return $returnVal + } + return $result +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [String] + $IsSingleInstance, + + [Parameter()] + [ValidateSet("Reduced","PartlyReduced","Maximum")] + [System.String] + $PerformanceLevel, + + [Parameter()] + [System.String] + $ContactEmail, + + [Parameter()] + [System.Management.Automation.PSCredential] + $WindowsServiceAccount, + + [Parameter()] + [System.Management.Automation.PSCredential] + $InstallAccount + ) + + Write-Verbose -Message "Setting Search service settings" + + if ($PSBoundParameters.ContainsKey("PerformanceLevel") -eq $false -and + $PSBoundParameters.ContainsKey("ContactEmail") -eq $false -and ` + $PSBoundParameters.ContainsKey("WindowsServiceAccount") -eq $false) + { + throw ("You have to specify at least one of the following parameters: " + ` + "PerformanceLevel, ContactEmail or WindowsServiceAccount") + } + + $result = Get-TargetResource @PSBoundParameters + + # Update the service app that already exists + Invoke-SPDSCCommand -Credential $InstallAccount ` + -Arguments @($PSBoundParameters, $result) ` + -ScriptBlock { + $params = $args[0] + $result = $args[1] + + try + { + $spFarm = Get-SPFarm + } + catch + { + throw ("No local SharePoint farm was detected. Search service " + ` + "settings will not be applied") + } + + $setParams = @{} + + if ($params.ContainsKey("PerformanceLevel") -eq $true -and ` + $result.PerformanceLevel -ne $params.PerformanceLevel) + { + Write-Verbose -Message "Updating PerformanceLevel to $($params.PerformanceLevel)" + $setParams.Add("PerformanceLevel", $params.PerformanceLevel) + } + + if ($params.ContainsKey("ContactEmail") -eq $true -and ` + $result.ContactEmail -ne $params.ContactEmail) + { + Write-Verbose -Message "Updating ContactEmail to $($params.ContactEmail)" + $setParams.Add("ContactEmail", $params.ContactEmail) + } + + if ($params.ContainsKey("WindowsServiceAccount") -eq $true -and ` + $result.WindowsServiceAccount.UserName -ne $params.WindowsServiceAccount.UserName) + { + Write-Verbose -Message ("Updating WindowsServiceAccount to " + ` + $params.WindowsServiceAccount.UserName) + $setParams.Add("ServiceAccount", $params.WindowsServiceAccount.UserName) + $setParams.Add("ServicePassword", $params.WindowsServiceAccount.Password) + } + + if ($setParams.Count -gt 0) + { + Set-SPEnterpriseSearchService @setParams + } + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [String] + $IsSingleInstance, + + [Parameter()] + [ValidateSet("Reduced","PartlyReduced","Maximum")] + [System.String] + $PerformanceLevel, + + [Parameter()] + [System.String] + $ContactEmail, + + [Parameter()] + [System.Management.Automation.PSCredential] + $WindowsServiceAccount, + + [Parameter()] + [System.Management.Automation.PSCredential] + $InstallAccount + ) + + Write-Verbose -Message "Testing Search service settings" + + if ($PSBoundParameters.ContainsKey("PerformanceLevel") -eq $false -and + $PSBoundParameters.ContainsKey("ContactEmail") -eq $false -and ` + $PSBoundParameters.ContainsKey("WindowsServiceAccount") -eq $false) + { + Write-Verbose -Message ("You have to specify at least one of the following parameters: " + ` + "PerformanceLevel, ContactEmail or WindowsServiceAccount") + return $false + } + + $CurrentValues = Get-TargetResource @PSBoundParameters + + if ($PSBoundParameters.ContainsKey("WindowsServiceAccount")) + { + $desired = $WindowsServiceAccount.UserName + $current = $CurrentValues.WindowsServiceAccount.UserName + + if ($desired -ne $current) + { + Write-Verbose -Message "Windows service account is different, returning false" + Write-Verbose -Message "Desired: $desired. Current: $current." + return $false + } + } + + return Test-SPDscParameterState -CurrentValues $CurrentValues ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck @("PerformanceLevel", + "ContactEmail") +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceSettings/MSFT_SPSearchServiceSettings.schema.mof b/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceSettings/MSFT_SPSearchServiceSettings.schema.mof new file mode 100644 index 000000000..bdc3b0060 --- /dev/null +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceSettings/MSFT_SPSearchServiceSettings.schema.mof @@ -0,0 +1,9 @@ +[ClassVersion("1.0.0.0"), FriendlyName("SPSearchServiceSettings")] +class MSFT_SPSearchServiceSettings : OMI_BaseResource +{ + [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; + [Write, Description("Specifies the performance level of the crawler"), ValueMap{"Reduced","PartlyReduced","Maximum"}, Values{"Reduced","PartlyReduced","Maximum"}] string PerformanceLevel; + [Write, Description("Specifies the contact email used by the crawler")] string ContactEmail; + [Write, Description("Sets the windows services for search to run as this account"), EmbeddedInstance("MSFT_Credential")] string WindowsServiceAccount; + [Write, Description("POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5"), EmbeddedInstance("MSFT_Credential")] String InstallAccount; +}; diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceSettings/readme.md b/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceSettings/readme.md new file mode 100644 index 000000000..df280b9fb --- /dev/null +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPSearchServiceSettings/readme.md @@ -0,0 +1,9 @@ +# Description + +**Type:** Distributed +**Requires CredSSP:** No + +This resource is responsible for configuring settings for the search +service, like the crawler performance level. All settings are farm +wide settings, which is why this resource should only be used once +in each configuration. diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPServiceAppSecurity/MSFT_SPServiceAppSecurity.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPServiceAppSecurity/MSFT_SPServiceAppSecurity.psm1 index 937555184..8839061a1 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPServiceAppSecurity/MSFT_SPServiceAppSecurity.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPServiceAppSecurity/MSFT_SPServiceAppSecurity.psm1 @@ -76,7 +76,7 @@ function Get-TargetResource $user = $securityEntry.Name if ($user -like "i:*|*" -or $user -like "c:*|*") { - if($user.Chars(3) -eq "%" -and $user -ilike "*$((Get-SPFarm).Id.ToString())") + if ($user.Chars(3) -eq "%" -and $user -ilike "*$((Get-SPFarm).Id.ToString())") { $user = "{LocalFarm}" } @@ -94,7 +94,7 @@ function Get-TargetResource foreach ($namedAccessRight in $security.NamedAccessRights) { - if($namedAccessRight.Rights.IsSubsetOf($securityEntry.AllowedObjectRights)) + if ($namedAccessRight.Rights.IsSubsetOf($securityEntry.AllowedObjectRights)) { $accessLevels += $namedAccessRight.Name } @@ -193,7 +193,7 @@ function Set-TargetResource { foreach($desiredMember in $params.Members) { - if($desiredMember.Username -eq "{LocalFarm}") + if ($desiredMember.Username -eq "{LocalFarm}") { $claim = New-SPClaimsPrincipal -Identity $localFarmEncodedClaim ` -IdentityType EncodedClaim @@ -235,7 +235,7 @@ function Set-TargetResource { if ($params.Members.Username -notcontains $currentMember.Username) { - if($currentMember.UserName -eq "{LocalFarm}") + if ($currentMember.UserName -eq "{LocalFarm}") { $claim = New-SPClaimsPrincipal -Identity $localFarmEncodedClaim ` -IdentityType EncodedClaim @@ -261,9 +261,9 @@ function Set-TargetResource if ($params.ContainsKey("MembersToInclude") -eq $true) { - foreach($desiredMember in $params.MembersToInclude) + foreach ($desiredMember in $params.MembersToInclude) { - if($desiredMember.Username -eq "{LocalFarm}") + if ($desiredMember.Username -eq "{LocalFarm}") { $claim = New-SPClaimsPrincipal -Identity $localFarmEncodedClaim ` -IdentityType EncodedClaim @@ -306,11 +306,11 @@ function Set-TargetResource if ($params.ContainsKey("MembersToExclude") -eq $true) { - foreach($excludeMember in $params.MembersToExclude) + foreach ($excludeMember in $params.MembersToExclude) { if ($CurrentValues.Members.Username -contains $excludeMember) { - if($excludeMember -eq "{LocalFarm}") + if ($excludeMember -eq "{LocalFarm}") { $claim = New-SPClaimsPrincipal -Identity $localFarmEncodedClaim ` -IdentityType EncodedClaim @@ -389,10 +389,14 @@ function Test-TargetResource } $result = Invoke-SPDSCCommand -Credential $InstallAccount ` - -Arguments @($PSBoundParameters, $CurrentValues) ` + -Arguments @($PSBoundParameters, $CurrentValues, $PSScriptRoot) ` -ScriptBlock { $params = $args[0] $CurrentValues = $args[1] + $ScriptRoot = $args[2] + + $relPath = "..\..\Modules\SharePointDsc.ServiceAppSecurity\SPServiceAppSecurity.psm1" + Import-Module (Join-Path -Path $ScriptRoot -ChildPath $relPath -Resolve) $serviceApp = Get-SPServiceApplication -Name $params.ServiceAppName switch ($params.SecurityType) @@ -422,7 +426,7 @@ function Test-TargetResource return $true } } - elseif($params.Members.Count -eq 0) + elseif ($params.Members.Count -eq 0) { Write-Verbose -Message "Security list does not match" return $false @@ -436,7 +440,7 @@ function Test-TargetResource Write-Verbose -Message "Security list matches - checking that permissions match on each object" foreach($currentMember in $CurrentValues.Members) { - $expandedAccessLevels = ExpandAccessLevel -Security $security -AccessLevels ($params.Members | Where-Object -FilterScript { + $expandedAccessLevels = Expand-AccessLevel -Security $security -AccessLevels ($params.Members | Where-Object -FilterScript { $_.Username -eq $currentMember.Username } | Select-Object -First 1).AccessLevels if ($null -ne (Compare-Object -DifferenceObject $currentMember.AccessLevels -ReferenceObject $expandedAccessLevels)) @@ -468,7 +472,7 @@ function Test-TargetResource else { Write-Verbose -Message "$($member.Username) already has access. Checking permission..." - $expandedAccessLevels = ExpandAccessLevel -Security $security -AccessLevels $member.AccessLevels + $expandedAccessLevels = Expand-AccessLevel -Security $security -AccessLevels $member.AccessLevels if ($null -ne (Compare-Object -DifferenceObject $expandedAccessLevels -ReferenceObject ($CurrentValues.Members | Where-Object -FilterScript { $_.Username -eq $member.Username @@ -504,34 +508,4 @@ function Test-TargetResource return $result } -function ExpandAccessLevel -{ - [OutputType([System.String[]])] - param( - [Parameter()] - $Security, - - [Parameter()] - [System.String[]] - $AccessLevels -) - $expandedAccessLevels = $AccessLevels - - foreach ($namedAccessRight in $Security.NamedAccessRights) - { - if($AccessLevels -contains $namedAccessRight.Name) - { - foreach ($namedAccessRight2 in $Security.NamedAccessRights) - { - if($expandedAccessLevels -notcontains $namedAccessRight2.Name -and - $namedAccessRight2.Rights.IsSubsetOf($namedAccessRight.Rights)) - { - $expandedAccessLevels += $namedAccessRight2.Name - } - } - } - } - return $expandedAccessLevels -} - Export-ModuleMember -Function *-TargetResource diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPServiceAppSecurity/MSFT_SPServiceAppSecurity.schema.mof b/Modules/SharePointDsc/DSCResources/MSFT_SPServiceAppSecurity/MSFT_SPServiceAppSecurity.schema.mof index ec9beb3bc..5b60fe5f2 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPServiceAppSecurity/MSFT_SPServiceAppSecurity.schema.mof +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPServiceAppSecurity/MSFT_SPServiceAppSecurity.schema.mof @@ -1,7 +1,7 @@ [ClassVersion("1.0.0.0")] class MSFT_SPServiceAppSecurityEntry { - [Key, Description("The username for the entry")] String Username; + [Required, Description("The username for the entry")] String Username; [Required, Description("The access levels for the entry"), ValueMap{"Create Target Application", "Delete Target Application", "Manage Target Application", "All Target Applications", "Manage Profiles", "Manage Audiences", "Manage Permissions", "Retrieve People Data for Search Crawlers", "Manage Social Data", "Full Control", "Read (Diagnostics Pages Only)", "Read Access to Term Store", "Read and Restricted Write Access to Term Store","Full Access to Term Store"}, Values{"Create Target Application", "Delete Target Application", "Manage Target Application", "All Target Applications", "Manage Profiles", "Manage Audiences", "Manage Permissions", "Retrieve People Data for Search Crawlers", "Manage Social Data", "Full Control", "Read (Diagnostics Pages Only)", "Read Access to Term Store", "Read and Restricted Write Access to Term Store","Full Access to Term Store"}] String AccessLevels[]; }; [ClassVersion("1.0.0.0"), FriendlyName("SPServiceAppSecurity")] diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 index 8da5152ee..6bb3d745a 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 @@ -419,9 +419,10 @@ function Set-TargetResource -IdentityType WindowsSamAccountName $serviceAppSecurity = Get-SPServiceApplicationSecurity $app + $acl = [Microsoft.SharePoint.Administration.AccessControl.SPNamedIisWebServiceApplicationRights]::FullControl.Name Grant-SPObjectSecurity -Identity $serviceAppSecurity ` -Principal $claimsPrincipal ` - -Rights "Full Control" + -Rights $acl Set-SPServiceApplicationSecurity -Identity $app ` -ObjectSecurity $serviceAppSecurity diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncConnection/MSFT_SPUserProfileSyncConnection.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncConnection/MSFT_SPUserProfileSyncConnection.psm1 index a6b2d7c01..900cf84c5 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncConnection/MSFT_SPUserProfileSyncConnection.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncConnection/MSFT_SPUserProfileSyncConnection.psm1 @@ -53,6 +53,11 @@ function Get-TargetResource [System.String] $ConnectionType, + [Parameter()] + [ValidateSet("Present","Absent")] + [System.String] + $Ensure = "Present", + [Parameter()] [System.Management.Automation.PSCredential] $InstallAccount @@ -265,6 +270,11 @@ function Set-TargetResource [System.String] $ConnectionType, + [Parameter()] + [ValidateSet("Present","Absent")] + [System.String] + $Ensure = "Present", + [Parameter()] [System.Management.Automation.PSCredential] $InstallAccount @@ -272,6 +282,8 @@ function Set-TargetResource Write-Verbose -Message "Setting user profile service sync connection $Name" + $PSBoundParameters.Ensure = $Ensure + if ($PSBoundParameters.ContainsKey("UseSSL") -eq $false) { Write-Verbose -Message "UseSSL is not specified. Assuming that SSL is not required." @@ -347,7 +359,7 @@ function Set-TargetResource $installedVersion = Get-SPDSCInstalledProductVersion if ($installedVersion.FileMajorPart -eq 16) { - $Name = $Forest -replace "\.", "-" + $Name = $params.Forest -replace "\.", "-" } else { @@ -358,139 +370,155 @@ function Set-TargetResource $_.DisplayName -eq $Name } | Select-Object -first 1 - if ($null -ne $connection -and $params.Forest -ieq $connection.Server) + if ($params.Ensure -eq "Present") { - $domain = $params.ConnectionCredentials.UserName.Split("\")[0] - $userName= $params.ConnectionCredentials.UserName.Split("\")[1] - $connection.SetCredentials($domain, $userName, $params.ConnectionCredentials.Password) + if ($null -ne $connection -and $params.Forest -ieq $connection.Server) + { + $domain = $params.ConnectionCredentials.UserName.Split("\")[0] + $userName= $params.ConnectionCredentials.UserName.Split("\")[1] + $connection.SetCredentials($domain, $userName, $params.ConnectionCredentials.Password) - $connection.NamingContexts | ForEach-Object -Process { - $namingContext = $_ - if ($params.ContainsKey("IncludedOUs")) - { - $namingContext.ContainersIncluded.Clear() - $params.IncludedOUs| ForEach-Object -Process { - $namingContext.ContainersIncluded.Add($_) + $connection.NamingContexts | ForEach-Object -Process { + $namingContext = $_ + if ($params.ContainsKey("IncludedOUs")) + { + $namingContext.ContainersIncluded.Clear() + $params.IncludedOUs| ForEach-Object -Process { + $namingContext.ContainersIncluded.Add($_) + } } - } - $namingContext.ContainersExcluded.Clear() - if ($params.ContainsKey("ExcludedOUs")) - { - $params.IncludedOUs| ForEach-Object -Process { - $namingContext.ContainersExcluded.Add($_) + $namingContext.ContainersExcluded.Clear() + if ($params.ContainsKey("ExcludedOUs")) + { + $params.IncludedOUs| ForEach-Object -Process { + $namingContext.ContainersExcluded.Add($_) + } } } - } - $connection.Update() - $connection.RefreshSchema($params.ConnectionCredentials.Password) + $connection.Update() + $connection.RefreshSchema($params.ConnectionCredentials.Password) - return - } - else - { - Write-Verbose -Message "Creating a new connection " - if ($null -ne $connection -and $params.Forest -ine $connection.Server) + return + } + else { - if ($params.ContainsKey("Force") -and $params.Force -eq $true) + Write-Verbose -Message "Creating a new connection " + if ($null -ne $connection -and $params.Forest -ine $connection.Server) { - $connection.Delete() + if ($params.ContainsKey("Force") -and $params.Force -eq $true) + { + Write-Verbose -Message "Force specified, deleting already existing connection" + $connection.Delete() + } + else + { + throw "connection exists and forest is different. use force" + } + } - else + + $servers = New-Object -TypeName "System.Collections.Generic.List[[System.String]]" + if ($params.ContainsKey("Server")) { - throw "connection exists and forest is different. use force" + $servers.add($params.Server) } - - } - - $servers = New-Object -TypeName "System.Collections.Generic.List[[System.String]]" - if ($params.ContainsKey("Server")) - { - $servers.add($params.Server) - } - $listIncludedOUs = New-Object -TypeName "System.Collections.Generic.List[[System.String]]" - $params.IncludedOUs | ForEach-Object -Process { - $listIncludedOUs.Add($_) - } - - $listExcludedOUs = New-Object -TypeName "System.Collections.Generic.List[[System.String]]" - if ($params.ContainsKey("ExcludedOus")) - { - $params.ExcludedOus | ForEach-Object -Process { - $listExcludedOUs.Add($_) + $listIncludedOUs = New-Object -TypeName "System.Collections.Generic.List[[System.String]]" + $params.IncludedOUs | ForEach-Object -Process { + $listIncludedOUs.Add($_) } - } - $list = New-Object -TypeName System.Collections.Generic.List[[Microsoft.Office.Server.UserProfiles.DirectoryServiceNamingContext]] - - $partition = Get-SPDSCADSIObject -LdapPath ("LDAP://" +("DC=" + $params.Forest.Replace(".", ",DC="))) - $list.Add((New-Object -TypeName "Microsoft.Office.Server.UserProfiles.DirectoryServiceNamingContext" ` - -ArgumentList @( - $partition.distinguishedName, - $params.Forest, - $false, - (New-Object -TypeName "System.Guid" ` - -ArgumentList $partition.objectGUID), - $listIncludedOUs, - $listExcludedOUs, - $null , - $false))) - $partition = Get-SPDSCADSIObject -LdapPath ("LDAP://CN=Configuration," + ("DC=" + $params.Forest.Replace(".", ",DC="))) - $list.Add((New-Object -TypeName "Microsoft.Office.Server.UserProfiles.DirectoryServiceNamingContext" ` - -ArgumentList @( - $partition.distinguishedName, - $params.Forest, - $true, - (New-Object -TypeName "System.Guid" ` - -ArgumentList $partition.objectGUID), - $listIncludedOUs , - $listExcludedOUs , - $null , - $false))) - - $userDomain = $params.ConnectionCredentials.UserName.Split("\")[0] - $userName= $params.ConnectionCredentials.UserName.Split("\")[1] - - $installedVersion = Get-SPDSCInstalledProductVersion - switch($installedVersion.FileMajorPart) - { - 15 + $listExcludedOUs = New-Object -TypeName "System.Collections.Generic.List[[System.String]]" + if ($params.ContainsKey("ExcludedOus")) + { + $params.ExcludedOus | ForEach-Object -Process { + $listExcludedOUs.Add($_) + } + } + $list = New-Object -TypeName System.Collections.Generic.List[[Microsoft.Office.Server.UserProfiles.DirectoryServiceNamingContext]] + + $partition = Get-SPDSCADSIObject -LdapPath ("LDAP://" +("DC=" + $params.Forest.Replace(".", ",DC="))) + $list.Add((New-Object -TypeName "Microsoft.Office.Server.UserProfiles.DirectoryServiceNamingContext" ` + -ArgumentList @( + $partition.distinguishedName, + $params.Forest, + $false, + (New-Object -TypeName "System.Guid" ` + -ArgumentList $partition.objectGUID), + $listIncludedOUs, + $listExcludedOUs, + $null , + $false))) + $partition = Get-SPDSCADSIObject -LdapPath ("LDAP://CN=Configuration," + ("DC=" + $params.Forest.Replace(".", ",DC="))) + $list.Add((New-Object -TypeName "Microsoft.Office.Server.UserProfiles.DirectoryServiceNamingContext" ` + -ArgumentList @( + $partition.distinguishedName, + $params.Forest, + $true, + (New-Object -TypeName "System.Guid" ` + -ArgumentList $partition.objectGUID), + $listIncludedOUs , + $listExcludedOUs , + $null , + $false))) + + $userDomain = $params.ConnectionCredentials.UserName.Split("\")[0] + $userName= $params.ConnectionCredentials.UserName.Split("\")[1] + + $installedVersion = Get-SPDSCInstalledProductVersion + + switch($installedVersion.FileMajorPart) { - $upcm.ConnectionManager.AddActiveDirectoryConnection( [Microsoft.Office.Server.UserProfiles.ConnectionType]::ActiveDirectory, ` - $params.Name, ` - $params.Forest, ` - $params.UseSSL, ` - $userDomain, ` - $userName, ` - $params.ConnectionCredentials.Password, ` - $list, ` - $null,` - $null) | Out-Null - } - 16 - { - foreach($ou in $params.IncludedOUs) + 15 { - Add-SPProfileSyncConnection -ProfileServiceApplication $ups ` - -ConnectionForestName $params.Forest ` - -ConnectionDomain $userDomain ` - -ConnectionUserName $userName ` - -ConnectionPassword $params.ConnectionCredentials.Password ` - -ConnectionUseSSL $params.UseSSL ` - -ConnectionSynchronizationOU $ou ` - -ConnectionPort $params.Port ` - -ConnectionUseDisabledFilter $params.UseDisabledFilter + Write-Verbose -Message "Creating the new connection via object model (SP2013)" + $upcm.ConnectionManager.AddActiveDirectoryConnection( [Microsoft.Office.Server.UserProfiles.ConnectionType]::ActiveDirectory, ` + $params.Name, ` + $params.Forest, ` + $params.UseSSL, ` + $userDomain, ` + $userName, ` + $params.ConnectionCredentials.Password, ` + $list, ` + $null,` + $null) | Out-Null } - - foreach($ou in $params.ExcludedOUs) + 16 { - Remove-SPProfilesyncConnection -ProfileServiceApplication $ups ` - -ConnectionForestName $params.Forest ` - -ConnectionDomain $userDomain ` - -ConnectionUserName $userName ` - -ConnectionPassword $params.ConnectionCredentials.Password ` - -ConnectionSynchronizationOU $ou + Write-Verbose -Message "Creating the new connection via cmdlet (SP2016)" + Write-Verbose -Message "Adding IncludedOUs to the connection" + foreach($ou in $params.IncludedOUs) + { + Add-SPProfileSyncConnection -ProfileServiceApplication $ups ` + -ConnectionForestName $params.Forest ` + -ConnectionDomain $userDomain ` + -ConnectionUserName $userName ` + -ConnectionPassword $params.ConnectionCredentials.Password ` + -ConnectionUseSSL $params.UseSSL ` + -ConnectionSynchronizationOU $ou ` + -ConnectionPort $params.Port ` + -ConnectionUseDisabledFilter $params.UseDisabledFilter + } + + Write-Verbose -Message "Removing ExcludedOUs from the connection" + foreach($ou in $params.ExcludedOUs) + { + Remove-SPProfilesyncConnection -ProfileServiceApplication $ups ` + -ConnectionForestName $params.Forest ` + -ConnectionDomain $userDomain ` + -ConnectionUserName $userName ` + -ConnectionPassword $params.ConnectionCredentials.Password ` + -ConnectionSynchronizationOU $ou + } } - } + } + } + } + else + { + Write-Verbose -Message "Removing the new connection " + if ($null -ne $connection -and $params.Forest -ine $connection.Server) + { + $connection.Delete() } } } @@ -551,6 +579,11 @@ function Test-TargetResource [System.String] $ConnectionType, + [Parameter()] + [ValidateSet("Present","Absent")] + [System.String] + $Ensure = "Present", + [Parameter()] [System.Management.Automation.PSCredential] $InstallAccount @@ -558,6 +591,8 @@ function Test-TargetResource Write-Verbose -Message "Testing for user profile service sync connection $Name" + $PSBoundParameters.Ensure = $Ensure + $CurrentValues = Get-TargetResource @PSBoundParameters if ($null -eq $CurrentValues.UserProfileService) @@ -577,7 +612,8 @@ function Test-TargetResource "Server", "UseSSL", "IncludedOUs", - "ExcludedOUs") + "ExcludedOUs", + "Ensure") } <# diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncConnection/MSFT_SPUserProfileSyncConnection.schema.mof b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncConnection/MSFT_SPUserProfileSyncConnection.schema.mof index 944a1356c..70616765b 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncConnection/MSFT_SPUserProfileSyncConnection.schema.mof +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncConnection/MSFT_SPUserProfileSyncConnection.schema.mof @@ -13,5 +13,6 @@ class MSFT_SPUserProfileSyncConnection : OMI_BaseResource [Write, Description("Should disabled accounts be filtered")] boolean UseDisabledFilter; [Write, Description("Set to true to run the set method on every call to this resource")] boolean Force; [Write, Description("The type of the connection - currently only Active Directory is supported"), ValueMap{"ActiveDirectory","BusinessDataCatalog"}, Values{"ActiveDirectory","BusinessDataCatalog"}] string ConnectionType; + [Write, Description("Present if the connection should exist, absent if it should not"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5"), EmbeddedInstance("MSFT_Credential")] string InstallAccount; }; diff --git a/Modules/SharePointDsc/Examples/Resources/SPSearchServiceSettings/1-ConfigureSettings.ps1 b/Modules/SharePointDsc/Examples/Resources/SPSearchServiceSettings/1-ConfigureSettings.ps1 new file mode 100644 index 000000000..c525efe2a --- /dev/null +++ b/Modules/SharePointDsc/Examples/Resources/SPSearchServiceSettings/1-ConfigureSettings.ps1 @@ -0,0 +1,29 @@ +<# +.EXAMPLE + This example creates a new search service app in the local farm +#> + + Configuration Example + { + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $SetupAccount, + + [Parameter(Mandatory = $true)] + [PSCredential] + $SearchAccount + ) + Import-DscResource -ModuleName SharePointDsc + + node localhost { + SPSearchServiceSettings SearchServiceSettings + { + IsSingleInstance = "Yes" + PerformanceLevel = "Maximum" + ContactEmail = "sharepoint@contoso.com" + WindowsServiceAccount = $SearchAccount + PsDscRunAsCredential = $SetupAccount + } + } + } diff --git a/Modules/SharePointDsc/Modules/SharePointDsc.ProjectServer/ProjectServerConnector.psm1 b/Modules/SharePointDsc/Modules/SharePointDsc.ProjectServer/ProjectServerConnector.psm1 index a4c8dbea2..26ab43d43 100644 --- a/Modules/SharePointDsc/Modules/SharePointDsc.ProjectServer/ProjectServerConnector.psm1 +++ b/Modules/SharePointDsc/Modules/SharePointDsc.ProjectServer/ProjectServerConnector.psm1 @@ -19,7 +19,7 @@ function Get-SPDscProjectServerGlobalPermissionId { $errorString = "" [Microsoft.Office.Project.Server.Library.PSSecurityGlobalPermission] ` - | Get-Member -Static -MemberType Property | ForEach-Object -Process { + | Get-Member -Static -MemberType Property | ForEach-Object -Process { if ($errorString -eq "") { $errorString += "$($_.Name)" @@ -31,7 +31,7 @@ function Get-SPDscProjectServerGlobalPermissionId } throw "Unable to find permission '$PermissionName' - acceptable values are: $errorString" } - + return $result } @@ -109,7 +109,7 @@ function Get-SPDscProjectServerResourceId $ResourceName ) $filter.Criteria = $nameFieldFilter - + $filterXml = $filter.GetXml() $resourceDs = $resourceService.ReadResources($filterXml, $false) @@ -123,7 +123,7 @@ function Get-SPDscProjectServerResourceId } if ($null -eq $script:SPDscReturnVal) { - throw "Resource '$ResourceName' not found" + throw "Resource '$ResourceName' not found" } } else @@ -170,10 +170,10 @@ function New-SPDscProjectServerWebService [Parameter(Mandatory = $true)] [System.String] - [ValidateSet("Admin", "Archive", "Calendar", "CubeAdmin", "CustomFields", - "Driver", "Events", "LookupTable", "Notifications", "ObjectLinkProvider", - "PortfolioAnalyses", "Project", "QueueSystem", "ResourcePlan", "Resource", - "Security", "Statusing", "TimeSheet", "Workflow", "WssInterop")] + [ValidateSet("Admin", "Archive", "Calendar", "CubeAdmin", "CustomFields", + "Driver", "Events", "LookupTable", "Notifications", "ObjectLinkProvider", + "PortfolioAnalyses", "Project", "QueueSystem", "ResourcePlan", "Resource", + "Security", "Statusing", "TimeSheet", "Workflow", "WssInterop")] $EndpointName, [Parameter()] @@ -183,19 +183,26 @@ function New-SPDscProjectServerWebService [System.Reflection.Assembly]::LoadWithPartialName("System.ServiceModel") | Out-Null $psDllPath = Join-Path -Path $PSScriptRoot -ChildPath "ProjectServerServices.dll" + + $filehash = "44CC60C2227011D08F36A7954C317195C0A44F3D52D51B0F54009AA03EF97E1B2F80A162D76F177E70D1756E42484DF367FACB25920C2C93FB8DFB8A8F5F08A5" + if ($filehash -ne (Get-FileHash -Path $psDllPath -Algorithm SHA512).Hash) + { + throw ("The hash for ProjectServerServices.dll isn't the expected value. Please make " + ` + "sure the correct file exists on the file system.") + } $bytes = [System.IO.File]::ReadAllBytes($psDllPath) [System.Reflection.Assembly]::Load($bytes) | Out-Null $maxSize = 500000000 $svcRouter = "_vti_bin/PSI/ProjectServer.svc" $pwaUri = New-Object -TypeName "System.Uri" -ArgumentList $pwaUrl - + if ($pwaUri.Scheme -eq [System.Uri]::UriSchemeHttps) { $binding = New-Object -TypeName "System.ServiceModel.BasicHttpBinding" ` -ArgumentList ([System.ServiceModel.BasicHttpSecurityMode]::Transport) } - else + else { $binding = New-Object -TypeName "System.ServiceModel.BasicHttpBinding" ` -ArgumentList ([System.ServiceModel.BasicHttpSecurityMode]::TransportCredentialOnly) @@ -206,22 +213,22 @@ function New-SPDscProjectServerWebService $binding.ReaderQuotas.MaxNameTableCharCount = $maxSize $binding.MessageEncoding = [System.ServiceModel.WSMessageEncoding]::Text - if ($UseKerberos.IsPresent -eq $false) - { - $binding.Security.Transport.ClientCredentialType = [System.ServiceModel.HttpClientCredentialType]::Ntlm - } - else - { + if ($UseKerberos.IsPresent -eq $false) + { + $binding.Security.Transport.ClientCredentialType = [System.ServiceModel.HttpClientCredentialType]::Ntlm + } + else + { $binding.Security.Transport.ClientCredentialType = [System.ServiceModel.HttpClientCredentialType]::Windows } - + if ($pwaUrl.EndsWith('/') -eq $false) { $pwaUrl = $pwaUrl + "/" } $address = New-Object -TypeName "System.ServiceModel.EndpointAddress" ` -ArgumentList ($pwaUrl + $svcRouter) - + $webService = New-Object -TypeName "Svc$($EndpointName).$($EndpointName)Client" ` -ArgumentList @($binding, $address) @@ -235,14 +242,14 @@ function Use-SPDscProjectServerWebService param ( [Parameter(Mandatory = $true)] - [System.IDisposable] + [System.IDisposable] $Service, - + [Parameter(Mandatory = $true)] - [ScriptBlock] + [ScriptBlock] $ScriptBlock ) - + try { Invoke-Command -ScriptBlock $ScriptBlock diff --git a/Modules/SharePointDsc/Modules/SharePointDsc.ServiceAppSecurity/SPServiceAppSecurity.psm1 b/Modules/SharePointDsc/Modules/SharePointDsc.ServiceAppSecurity/SPServiceAppSecurity.psm1 new file mode 100644 index 000000000..7ed3431c1 --- /dev/null +++ b/Modules/SharePointDsc/Modules/SharePointDsc.ServiceAppSecurity/SPServiceAppSecurity.psm1 @@ -0,0 +1,30 @@ +function Expand-AccessLevel +{ + [OutputType([System.String[]])] + param( + [Parameter()] + $Security, + + [Parameter()] + [System.String[]] + $AccessLevels + ) + + $expandedAccessLevels = $AccessLevels + + foreach ($namedAccessRight in $Security.NamedAccessRights) + { + if ($AccessLevels -contains $namedAccessRight.Name) + { + foreach ($namedAccessRight2 in $Security.NamedAccessRights) + { + if ($expandedAccessLevels -notcontains $namedAccessRight2.Name -and + $namedAccessRight2.Rights.IsSubsetOf($namedAccessRight.Rights)) + { + $expandedAccessLevels += $namedAccessRight2.Name + } + } + } + } + return $expandedAccessLevels +} diff --git a/Modules/SharePointDsc/SharePointDsc.psd1 b/Modules/SharePointDsc/SharePointDsc.psd1 index 180fe2d42..47bfb2614 100644 --- a/Modules/SharePointDsc/SharePointDsc.psd1 +++ b/Modules/SharePointDsc/SharePointDsc.psd1 @@ -12,7 +12,7 @@ # RootModule = '' # Version number of this module. -ModuleVersion = '3.0.0.0' +ModuleVersion = '3.1.0.0' # ID used to uniquely identify this module GUID = '6c1176a0-4fac-4134-8ca2-3fa8a21a7b90' @@ -129,78 +129,38 @@ PrivateData = @{ # ReleaseNotes of this module ReleaseNotes = " * Changes to SharePointDsc - * Added support for SharePoint 2019 - * Added CredSSP requirement to the Readme files - * Added VSCode Support for running SharePoint 2019 unit tests - * Removed the deprecated resources SPCreateFarm and SPJoinFarm (replaced - in v2.0 by SPFarm) - * SPBlobCacheSettings - * Updated the Service Instance retrieval to be language independent - * SPConfigWizard - * Fixed check for Ensure=Absent in the Set method + * Updated LICENSE file to match the Microsoft Open Source Team standard. + * ProjectServerConnector + * Added a file hash validation check to prevent the ability to load custom code + into the module. + * SPFarm + * Fixed localization issue where TypeName was in the local language. * SPInstallPrereqs - * Added support for detecting updated installation of Microsoft Visual C++ - 2015/2017 Redistributable (x64) for SharePoint 2016 and SharePoint 2019. + * Updated links in the Readme.md file to docs.microsoft.com. + * Fixed required prereqs for SharePoint 2019, added MSVCRT11. + * SPManagedMetadataServiceApp + * Fixed issue where Get-TargetResource method throws an error when the + service app proxy does not exist. * SPSearchContentSource - * Added support for Business Content Source Type - * SPSearchMetadataCategory - * New resource added + * Corrected issue where the New-SPEnterpriseSearchCrawlContentSource cmdlet + was called twice. * SPSearchServiceApp - * Updated resource to make sure the presence of the service app proxy is - checked and created if it does not exist - * SPSecurityTokenServiceConfig - * The resource only tested for the Ensure parameter. Added more parameters - * SPServiceAppSecurity - * Added support for specifying array of access levels. - * Changed implementation to use Grant-SPObjectSecurity with Replace switch - instead of using a combination of Revoke-SPObjectSecurity and - Grant-SPObjectSecurity - * Added all supported access levels as available values. - * Removed unknown access levels: Change Permissions, Write, and Read - * SPUserProfileProperty - * Removed obsolete parameters (MappingConnectionName, MappingPropertyName, - MappingDirection) and introduced new parameter PropertyMappings + * Fixed issue where Get-TargetResource method throws an error when the + service application pool does not exist. + * Implemented check to make sure cmdlets are only executed when it actually + has something to update. + * Deprecated WindowsServiceAccount parameter and moved functionality to + new resource (SPSearchServiceSettings). + * SPSearchServiceSettings + * Added new resource to configure search service settings. + * SPServiceAppSecurity + * Fixed unavailable utility method (ExpandAccessLevel). + * Updated the schema to no longer specify username as key for the sub class. * SPUserProfileServiceApp - * Updated the check for successful creation of the service app to throw an - error if this is not done correctly - - The following changes will break v2.x and earlier configurations that use these - resources: - - * Implemented IsSingleInstance parameter to force that the resource can only - be used once in a configuration for the following resources: - * SPAntivirusSettings - * SPConfigWizard - * SPDiagnosticLoggingSettings - * SPFarm - * SPFarmAdministrators - * SPInfoPathFormsServiceConfig - * SPInstall - * SPInstallPrereqs - * SPIrmSettings - * SPMinRoleCompliance - * SPPasswordChangeSettings - * SPProjectServerLicense - * SPSecurityTokenServiceConfig - * SPShellAdmin - * Standardized Url/WebApplication parameter to default WebAppUrl parameter - for the following resources: - * SPDesignerSettings - * SPFarmSolution - * SPSelfServiceSiteCreation - * SPWebAppBlockedFileTypes - * SPWebAppClientCallableSettings - * SPWebAppGeneralSettings - * SPWebApplication - * SPWebApplicationAppDomain - * SPWebAppSiteUseAndDeletion - * SPWebAppThrottlingSettings - * SPWebAppWorkflowSettings - * Introduced new mandatory parameters - * SPSearchResultSource: Added option to create Result Sources at different scopes. - * SPServiceAppSecurity: Changed parameter AccessLevel to AccessLevels in - MSFT_SPServiceAppSecurityEntry to support array of access levels. - * SPUserProfileProperty: New parameter PropertyMappings + * Fixed issue where localized versions of Windows and SharePoint would throw + an error. + * SPUserProfileSyncConnection + * Corrected implementation of Ensure parameter. " } # End of PSData hashtable diff --git a/Modules/SharePointDsc/en-US/about_SPInstallPrereqs.help.txt b/Modules/SharePointDsc/en-US/about_SPInstallPrereqs.help.txt index d05a000bc..8f8278fd9 100644 --- a/Modules/SharePointDsc/en-US/about_SPInstallPrereqs.help.txt +++ b/Modules/SharePointDsc/en-US/about_SPInstallPrereqs.help.txt @@ -45,12 +45,13 @@ The SharePoint prerequisites can be downloaded from the following locations: SharePoint 2013: - https://technet.microsoft.com/library/a88d3f72-7ac3-4f08-b302-c4ca0a796268%28v=office.16%29.aspx?#section5 + https://docs.microsoft.com/en-us/SharePoint/install/hardware-and-software-requirements-0#section5 SharePoint 2016: - https://technet.microsoft.com/en-us/library/cc262485(v=office.16).aspx#section5 + https://docs.microsoft.com/en-us/SharePoint/install/hardware-and-software-requirements#section5 SharePoint 2019: + https://docs.microsoft.com/en-us/sharepoint/install/hardware-and-software-requirements-2019#links-to-applicable-software .PARAMETER IsSingleInstance Key - String diff --git a/Modules/SharePointDsc/en-US/about_SPSearchServiceApp.help.txt b/Modules/SharePointDsc/en-US/about_SPSearchServiceApp.help.txt index 5f0463e09..c18c047a2 100644 --- a/Modules/SharePointDsc/en-US/about_SPSearchServiceApp.help.txt +++ b/Modules/SharePointDsc/en-US/about_SPSearchServiceApp.help.txt @@ -17,6 +17,10 @@ The default value for the Ensure parameter is Present. When not specifying this parameter, the service application is provisioned. + NOTE: The WindowsServiceAccount parameter is deprecated and no longer does + anything. The functionality for changing this account has been moved to + SPSearchServiceSettings. + .PARAMETER Name Key - string The name of the search service application @@ -56,7 +60,7 @@ .PARAMETER WindowsServiceAccount Write - string - Sets the windows services for search to run as this account + This setting is moved to SPSearchServiceSettings and deprecated here. .PARAMETER InstallAccount Write - String diff --git a/Modules/SharePointDsc/en-US/about_SPSearchServiceSettings.help.txt b/Modules/SharePointDsc/en-US/about_SPSearchServiceSettings.help.txt new file mode 100644 index 000000000..1ae6932f5 --- /dev/null +++ b/Modules/SharePointDsc/en-US/about_SPSearchServiceSettings.help.txt @@ -0,0 +1,66 @@ +.NAME + SPSearchServiceSettings + +# Description + + **Type:** Distributed + **Requires CredSSP:** No + + This resource is responsible for configuring settings for the search + service, like the crawler performance level. All settings are farm + wide settings, which is why this resource should only be used once + in each configuration. + +.PARAMETER IsSingleInstance + Key - String + Allowed values: Yes + Specifies the resource is a single instance, the value must be 'Yes' + +.PARAMETER PerformanceLevel + Write - string + Allowed values: Reduced, PartlyReduced, Maximum + Specifies the performance level of the crawler + +.PARAMETER ContactEmail + Write - string + Specifies the contact email used by the crawler + +.PARAMETER WindowsServiceAccount + Write - string + Sets the windows services for search to run as this account + +.PARAMETER InstallAccount + Write - String + POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5 + + +.EXAMPLE + This example creates a new search service app in the local farm + + + Configuration Example + { + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $SetupAccount, + + [Parameter(Mandatory = $true)] + [PSCredential] + $SearchAccount + ) + Import-DscResource -ModuleName SharePointDsc + + node localhost { + SPSearchServiceSettings SearchServiceSettings + { + IsSingleInstance = "Yes" + PerformanceLevel = "Maximum" + ContactEmail = "sharepoint@contoso.com" + WindowsServiceAccount = $SearchAccount + PsDscRunAsCredential = $SetupAccount + } + } + } + + diff --git a/Modules/SharePointDsc/en-US/about_SPUserProfileSyncConnection.help.txt b/Modules/SharePointDsc/en-US/about_SPUserProfileSyncConnection.help.txt index 9303edc25..7504a3caf 100644 --- a/Modules/SharePointDsc/en-US/about_SPUserProfileSyncConnection.help.txt +++ b/Modules/SharePointDsc/en-US/about_SPUserProfileSyncConnection.help.txt @@ -60,6 +60,11 @@ Allowed values: ActiveDirectory, BusinessDataCatalog The type of the connection - currently only Active Directory is supported +.PARAMETER Ensure + Write - string + Allowed values: Present, Absent + Present if the connection should exist, absent if it should not + .PARAMETER InstallAccount Write - string POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5 diff --git a/Tests/Unit/SharePointDsc/SharePointDsc.SPFarm.Tests.ps1 b/Tests/Unit/SharePointDsc/SharePointDsc.SPFarm.Tests.ps1 index 6bb17f8c3..2e4d52615 100644 --- a/Tests/Unit/SharePointDsc/SharePointDsc.SPFarm.Tests.ps1 +++ b/Tests/Unit/SharePointDsc/SharePointDsc.SPFarm.Tests.ps1 @@ -213,9 +213,25 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Mock -CommandName "Get-SPServiceInstance" -MockWith { if ($global:SPDscCentralAdminCheckDone -eq $true) { - return @(@{ - TypeName = "Central Administration" - }) + return @( + $null | Add-Member -MemberType ScriptMethod ` + -Name GetType ` + -Value { + return @{ + Name = "SPWebServiceInstance" + } + } -PassThru -Force | Add-Member -Name Name ` + -MemberType ScriptProperty ` + -PassThru ` + { + # get + "" + }` + { + # set + param ( $arg ) + } + ) } else { @@ -294,9 +310,17 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Mock -CommandName "Get-SPServiceInstance" -MockWith { if ($global:SPDscCentralAdminCheckDone -eq $true) { - return @(@{ - TypeName = "Central Administration" - }) + return @( + @{ + Name = "WSS_Administration" + } | Add-Member -MemberType ScriptMethod ` + -Name GetType ` + -Value { + return @{ + Name = "SPWebServiceInstance" + } + } -PassThru -Force + ) } else { @@ -450,10 +474,18 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { { 2 -contains $_ } { $global:SPDscSIRunCount++ - return @(@{ - TypeName = "Central Administration" - Status = "Online" - }) + return @( + @{ + Name = "WSS_Administration" + Status = "Online" + } | Add-Member -MemberType ScriptMethod ` + -Name GetType ` + -Value { + return @{ + Name = "SPWebServiceInstance" + } + } -PassThru -Force + ) } { 0,1 -contains $_ } { @@ -539,10 +571,18 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { } Mock -CommandName Get-SPServiceInstance -MockWith { - return @(@{ - TypeName = "Central Administration" - Status = "Online" - }) + return @( + @{ + Name = "WSS_Administration" + Status = "Online" + } | Add-Member -MemberType ScriptMethod ` + -Name GetType ` + -Value { + return @{ + Name = "SPWebServiceInstance" + } + } -PassThru -Force + ) } Mock -CommandName Set-SPCentralAdministration -MockWith {} @@ -624,10 +664,18 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { { 0,2 -contains $_ } { $global:SPDscSIRunCount++ - return @(@{ - TypeName = "Central Administration" - Status = "Online" - }) + return @( + @{ + Name = "WSS_Administration" + Status = "Online" + } | Add-Member -MemberType ScriptMethod ` + -Name GetType ` + -Value { + return @{ + Name = "SPWebServiceInstance" + } + } -PassThru -Force + ) } { 1 -contains $_ } { @@ -640,17 +688,19 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { $global:SPDscSIRunCount = 0 It "Should return present from the get method" { - (Get-TargetResource @testParams).Ensure | Should Be "Present" + $result = Get-TargetResource @testParams + $result.Ensure | Should Be "Present" + $result.RunCentralAdmin | Should Be $true } $global:SPDscSIRunCount = 0 - It "Should return present from the get method" { + It "Should stop the CA instance in the set method" { Set-TargetResource @testParams Assert-MockCalled Stop-SPServiceInstance } $global:SPDscSIRunCount = 0 - It "Should return true from the test method" { + It "Should return false from the test method" { Test-TargetResource @testParams | Should be $false } } @@ -714,10 +764,18 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Mock -CommandName "Get-SPServiceInstance" -MockWith { if ($global:SPDscCentralAdminCheckDone -eq $true) { - return @(@{ - TypeName = "Central Administration" - Status = "Online" - }) + return @( + @{ + Name = "WSS_Administration" + Status = "Online" + } | Add-Member -MemberType ScriptMethod ` + -Name GetType ` + -Value { + return @{ + Name = "SPWebServiceInstance" + } + } -PassThru -Force + ) } else { @@ -1079,10 +1137,18 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Mock -CommandName "Get-SPServiceInstance" -MockWith { if ($global:SPDscCentralAdminCheckDone -eq $true) { - return @(@{ - TypeName = "Central Administration" - Status = "Online" - }) + return @( + @{ + Name = "WSS_Administration" + Status = "Online" + } | Add-Member -MemberType ScriptMethod ` + -Name GetType ` + -Value { + return @{ + Name = "SPWebServiceInstance" + } + } -PassThru -Force + ) } else { @@ -1172,10 +1238,18 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Mock -CommandName "Get-SPServiceInstance" -MockWith { if ($global:SPDscCentralAdminCheckDone -eq $true) { - return @(@{ - TypeName = "Central Administration" - Status = "Online" - }) + return @( + @{ + Name = "WSS_Administration" + Status = "Online" + } | Add-Member -MemberType ScriptMethod ` + -Name GetType ` + -Value { + return @{ + Name = "SPWebServiceInstance" + } + } -PassThru -Force + ) } else { diff --git a/Tests/Unit/SharePointDsc/SharePointDsc.SPInstallPrereqs.Tests.ps1 b/Tests/Unit/SharePointDsc/SharePointDsc.SPInstallPrereqs.Tests.ps1 index b7b55c2ac..17634da34 100644 --- a/Tests/Unit/SharePointDsc/SharePointDsc.SPInstallPrereqs.Tests.ps1 +++ b/Tests/Unit/SharePointDsc/SharePointDsc.SPInstallPrereqs.Tests.ps1 @@ -444,7 +444,7 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { else { # SharePoint 2019 - $requiredParams = @("SQLNCli","Sync","AppFabric","IDFX11","MSIPCClient","KB3092423","WCFDataServices56","DotNet472","MSVCRT141") + $requiredParams = @("SQLNCli","Sync","AppFabric","IDFX11","MSIPCClient","KB3092423","WCFDataServices56","DotNet472","MSVCRT11","MSVCRT141") } } Default { diff --git a/Tests/Unit/SharePointDsc/SharePointDsc.SPSearchServiceApp.Tests.ps1 b/Tests/Unit/SharePointDsc/SharePointDsc.SPSearchServiceApp.Tests.ps1 index 73d76b788..9e4362dc8 100644 --- a/Tests/Unit/SharePointDsc/SharePointDsc.SPSearchServiceApp.Tests.ps1 +++ b/Tests/Unit/SharePointDsc/SharePointDsc.SPSearchServiceApp.Tests.ps1 @@ -706,61 +706,6 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should Be $true } } - - Context "A service app exists that has an incorrect windows service account in use" -Fixture { - $testParams = @{ - Name = "Search Service Application" - ApplicationPool = "SharePoint Search Services" - Ensure = "Present" - WindowsServiceAccount = $mockCredential - } - - Mock -CommandName Get-SPServiceApplication -MockWith { - $spServiceApp = [PSCustomObject]@{ - TypeName = "Search Service Application" - DisplayName = $testParams.Name - ApplicationPool = @{ Name = $testParams.ApplicationPool } - Database = @{ - Name = $testParams.DatabaseName - NormalizedDataSource = $testParams.DatabaseServer - } - } - $spServiceApp = $spServiceApp | Add-Member -MemberType ScriptMethod -Name GetType -Value { - return @{ FullName = $getTypeFullName } - } -PassThru -Force - $spServiceApp = $spServiceApp | Add-Member -MemberType ScriptMethod -Name IsConnected -Value { - return $true - } -PassThru -Force - return $spServiceApp - } - - Mock -CommandName Get-SPEnterpriseSearchService -MockWith { - return @{ - ProcessIdentity = "WrongUserName" - } - } - - Mock -CommandName Get-SPServiceApplicationProxy -MockWith { - return @{ - Name = "$($testParams.Name) Proxy" - } - } - - It "Should return the current value in the get method" { - (Get-TargetResource @testParams).WindowsServiceAccount | Should Not BeNullOrEmpty - } - - It "Should return false in the test method" { - Test-TargetResource @testParams | Should Be $false - } - - It "Should update the account in the set method" { - Set-TargetResource @testParams - - Assert-MockCalled -CommandName "Set-SPEnterpriseSearchService" - } - } - } } diff --git a/Tests/Unit/SharePointDsc/SharePointDsc.SPSearchServiceSettings.Tests.ps1 b/Tests/Unit/SharePointDsc/SharePointDsc.SPSearchServiceSettings.Tests.ps1 new file mode 100644 index 000000000..98be4342b --- /dev/null +++ b/Tests/Unit/SharePointDsc/SharePointDsc.SPSearchServiceSettings.Tests.ps1 @@ -0,0 +1,208 @@ +[CmdletBinding()] +[Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingConvertToSecureStringWithPlainText", "")] +param( + [Parameter()] + [string] + $SharePointCmdletModule = (Join-Path -Path $PSScriptRoot ` + -ChildPath "..\Stubs\SharePoint\15.0.4805.1000\Microsoft.SharePoint.PowerShell.psm1" ` + -Resolve) +) + +Import-Module -Name (Join-Path -Path $PSScriptRoot ` + -ChildPath "..\UnitTestHelper.psm1" ` + -Resolve) + +$Global:SPDscHelper = New-SPDscUnitTestHelper -SharePointStubModule $SharePointCmdletModule ` + -DscResource "SPSearchServiceSettings" + +Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:SPDscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:SPDscHelper.InitializeScript -NoNewScope + + # Initialize tests + $mockPassword = ConvertTo-SecureString -String "password" -AsPlainText -Force + $mockCredential = New-Object -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @("DOMAIN\username", $mockPassword) + + # Mocks for all contexts + + # Test contexts + Context -Name "The server is not part of SharePoint farm" -Fixture { + $testParams = @{ + IsSingleInstance = "Yes" + PerformanceLevel = "Maximum" + ContactEmail = "sharepoint@contoso.com" + WindowsServiceAccount = $mockCredential + } + + Mock -CommandName Get-SPFarm -MockWith { + throw "Unable to detect local farm" + } + + It "Should return null from the get method" { + $result = Get-TargetResource @testParams + $result.PerformanceLevel | Should BeNullOrEmpty + $result.ContactEmail | Should BeNullOrEmpty + $result.WindowsServiceAccount | Should BeNullOrEmpty + } + + It "Should return false from the test method" { + Test-TargetResource @testParams | Should Be $false + } + + It "Should throw an exception in the set method to say there is no local farm" { + { Set-TargetResource @testParams } | Should throw "No local SharePoint farm was detected" + } + } + + Context -Name "No optional parameters are specified" -Fixture { + $testParams = @{ + IsSingleInstance = "Yes" + } + + It "Should return null from the get method" { + $result = Get-TargetResource @testParams + $result.PerformanceLevel | Should BeNullOrEmpty + $result.ContactEmail | Should BeNullOrEmpty + $result.WindowsServiceAccount | Should BeNullOrEmpty + } + + It "Should return false from the test method" { + Test-TargetResource @testParams | Should Be $false + } + + It "Should throw an exception in the set method to say parameters are required" { + { Set-TargetResource @testParams } | Should throw "You have to specify at least one of the following parameters:" + } + } + + Context -Name "When the configured settings are correct" -Fixture { + $testParams = @{ + IsSingleInstance = "Yes" + PerformanceLevel = "Maximum" + ContactEmail = "sharepoint@contoso.com" + WindowsServiceAccount = $mockCredential + } + + Mock -CommandName Get-SPEnterpriseSearchService -MockWith { + return @{ + ProcessIdentity = "DOMAIN\username" + ContactEmail = $testParams.ContactEmail + PerformanceLevel = $testParams.PerformanceLevel + } + } + + It "Should return the specified values in the get method" { + $result = Get-TargetResource @testParams + $result.PerformanceLevel | Should Be "Maximum" + $result.ContactEmail | Should Be "sharepoint@contoso.com" + $result.WindowsServiceAccount.UserName | Should Be "DOMAIN\username" + } + + It "Should return true when the Test method is called" { + Test-TargetResource @testParams | Should Be $true + } + } + + Context -Name "When the PerformanceLevel is incorrect" -Fixture { + $testParams = @{ + IsSingleInstance = "Yes" + PerformanceLevel = "Maximum" + ContactEmail = "sharepoint@contoso.com" + WindowsServiceAccount = $mockCredential + } + + Mock -CommandName Get-SPEnterpriseSearchService -MockWith { + return @{ + ProcessIdentity = "DOMAIN\username" + ContactEmail = "sharepoint@contoso.com" + PerformanceLevel = "Reduced" + } + } + + Mock -CommandName Set-SPEnterpriseSearchService -MockWith {} + + It "Should return the configured values from the Get method" { + $result = Get-TargetResource @testParams + $result.PerformanceLevel | Should Be "Reduced" + } + + It "Should return false when the Test method is called" { + Test-TargetResource @testParams | Should Be $false + } + + It "Should configure the desired values in the set method" { + Set-TargetResource @testParams + Assert-MockCalled Set-SPEnterpriseSearchService + } + } + + Context -Name "When the WindowsServiceAccount is incorrect" -Fixture { + $testParams = @{ + IsSingleInstance = "Yes" + PerformanceLevel = "Maximum" + ContactEmail = "sharepoint@contoso.com" + WindowsServiceAccount = $mockCredential + } + + Mock -CommandName Get-SPEnterpriseSearchService -MockWith { + return @{ + ProcessIdentity = "DOMAIN\wrongusername" + ContactEmail = "sharepoint@contoso.com" + PerformanceLevel = "Maximum" + } + } + + Mock -CommandName Set-SPEnterpriseSearchService -MockWith {} + + It "Should return the configured values from the Get method" { + $result = Get-TargetResource @testParams + $result.WindowsServiceAccount.UserName | Should Be "DOMAIN\wrongusername" + } + + It "Should return false when the Test method is called" { + Test-TargetResource @testParams | Should Be $false + } + + It "Should configure the desired values in the set method" { + Set-TargetResource @testParams + Assert-MockCalled Set-SPEnterpriseSearchService + } + } + + Context -Name "When the ContactEmail is incorrect" -Fixture { + $testParams = @{ + IsSingleInstance = "Yes" + PerformanceLevel = "Maximum" + ContactEmail = "sharepoint@contoso.com" + WindowsServiceAccount = $mockCredential + } + + Mock -CommandName Get-SPEnterpriseSearchService -MockWith { + return @{ + ProcessIdentity = "DOMAIN\username" + ContactEmail = "incorrect@contoso.com" + PerformanceLevel = "Maximum" + } + } + + Mock -CommandName Set-SPEnterpriseSearchService -MockWith {} + + It "Should return the configured values from the Get method" { + $result = Get-TargetResource @testParams + $result.ContactEmail | Should Be "incorrect@contoso.com" + } + + It "Should return false when the Test method is called" { + Test-TargetResource @testParams | Should Be $false + } + + It "Should configure the desired values in the set method" { + Set-TargetResource @testParams + Assert-MockCalled Set-SPEnterpriseSearchService + } + } + } +} + +Invoke-Command -ScriptBlock $Global:SPDscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileServiceApp.Tests.ps1 b/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileServiceApp.Tests.ps1 index d59f75e67..84a0985d5 100644 --- a/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileServiceApp.Tests.ps1 +++ b/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileServiceApp.Tests.ps1 @@ -27,9 +27,14 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { $mockFarmCredential = New-Object -TypeName System.Management.Automation.PSCredential ` -ArgumentList @("DOMAIN\sp_farm", $mockPassword) - try { [Microsoft.Office.Server.UserProfiles.UserProfileManager] } - catch { - try { + try + { + [Microsoft.Office.Server.UserProfiles.UserProfileManager] + } + catch + { + try + { Add-Type -TypeDefinition @" namespace Microsoft.Office.Server.UserProfiles { public class UserProfileManager { @@ -51,10 +56,31 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { } "@ -ErrorAction SilentlyContinue } - catch { + catch + { Write-Verbose -Message "The Type Microsoft.Office.Server.UserProfiles.DirectoryServiceNamingContext was already added." } } + + Add-Type -TypeDefinition @" +using System.Collections; + +namespace Microsoft.SharePoint.Administration.AccessControl { + public class SPNamedIisWebServiceApplicationRights + { + public static Hashtable FullControl + { + get + { + Hashtable returnval = new Hashtable(); + returnval.Add("Name","Full Control"); + return returnval; + } + } + } +} +"@ + # Mocks for all contexts Mock -CommandName Get-SPDSCFarmAccount -MockWith { return $mockFarmCredential diff --git a/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileSyncConnection.Tests.ps1 b/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileSyncConnection.Tests.ps1 index 388cf585e..8c12ddfdc 100644 --- a/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileSyncConnection.Tests.ps1 +++ b/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileSyncConnection.Tests.ps1 @@ -650,6 +650,111 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { } } + Context -Name "Connection exists, but shouldn't" -Fixture { + $testParams = @{ + UserProfileService = "User Profile Service Application" + Ensure = "Absent" + Forest = "contoso.com" + Name = "contoso.com" + ConnectionCredentials = $mockCredential + Server = "server.contoso.com" + IncludedOUs = @("OU=SharePoint Users,DC=Contoso,DC=com") + ConnectionType = "ActiveDirectory" + } + + if ($Global:SPDscHelper.CurrentStubBuildNumber.Major -eq 15) + { + $litWareconnection = @{ + DisplayName = "contoso.com" + Server = "litware.net" + NamingContexts= New-Object -TypeName System.Collections.ArrayList + AccountDomain = "Contoso" + AccountUsername = "TestAccount" + UseDisabledFilter = $false + Type= "ActiveDirectory" + } + } + else + { + $litWareconnection = @{ + DisplayName = "contoso-com" + Server = "litware.net" + NamingContexts= New-Object -TypeName System.Collections.ArrayList + AccountDomain = "Contoso" + AccountUsername = "TestAccount" + UseDisabledFilter = $false + Type= "ActiveDirectory" + } + } + + $litWareconnection = $litWareconnection | Add-Member -MemberType ScriptMethod ` + -Name Delete ` + -Value { + $Global:SPDscUPSSyncConnectionDeleteCalled = $true + } -PassThru + $userProfileServiceValidConnection = @{ + Name = "User Profile Service Application" + TypeName = "User Profile Service Application" + ApplicationPool = "SharePoint Service Applications" + FarmAccount = $mockCredential + ServiceApplicationProxyGroup = "Proxy Group" + ConnectionManager= New-Object -TypeName System.Collections.ArrayList + } | Add-Member -MemberType ScriptMethod -Name GetMethod -Value { + return (@{ + FullName = $getTypeFullName + }) | Add-Member -MemberType ScriptMethod -Name GetMethods -Value { + return (@{ + Name = "get_NamingContexts" + }) | Add-Member -MemberType ScriptMethod -Name Invoke -Value { + return @{ + AbsoluteUri = "http://contoso.sharepoint.com/sites/ct" + } + } -PassThru -Force + } -PassThru -Force + } -PassThru -Force + $userProfileServiceValidConnection.ConnectionManager.Add($connection) + + Mock -CommandName Get-SPServiceApplication -MockWith { + return $userProfileServiceValidConnection + } + + $litwareConnnectionManager = New-Object -TypeName System.Collections.ArrayList | Add-Member -MemberType ScriptMethod AddActiveDirectoryConnection{ ` + param([Microsoft.Office.Server.UserProfiles.ConnectionType] $connectionType, ` + $name, ` + $forest, ` + $useSSL, ` + $userName, ` + $securePassword, ` + $namingContext, ` + $p1, $p2 ` + ) + + $Global:SPDscUPSAddActiveDirectoryConnectionCalled =$true + } -PassThru + $litwareConnnectionManager.Add($litWareconnection) + + Mock -CommandName New-Object -MockWith { + return (@{} | Add-Member -MemberType ScriptMethod IsSynchronizationRunning { + $Global:SPDscUpsSyncIsSynchronizationRunning=$true; + return $false; + } -PassThru | Add-Member ConnectionManager $litwareConnnectionManager -PassThru ) + } -ParameterFilter { $TypeName -eq "Microsoft.Office.Server.UserProfiles.UserProfileConfigManager" } + + It "Should return Ensure Present from the get method" { + (Get-TargetResource @testParams).Ensure | Should Be "Present" + } + + It "Should return false when the Test method is called" { + Test-TargetResource @testParams | Should Be $false + } + + It "Should remove the existing connection in the set method" { + $Global:SPDscUPSSyncConnectionDeleteCalled=$false + Set-TargetResource @testParams + $Global:SPDscUPSSyncConnectionDeleteCalled | Should be $true + } + } + if ($Global:SPDscHelper.CurrentStubBuildNumber.Major -eq 16) { Context -Name "When naming context is null (ADImport for SP2016)" -Fixture { diff --git a/appveyor.yml b/appveyor.yml index a589d3624..ade4050ab 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -1,4 +1,4 @@ -version: 3.0.0.{build} +version: 3.1.0.{build} install: