diff --git a/source/DSCResources/DSC_CMGroupDiscovery/DSC_CMGroupDiscovery.psm1 b/source/DSCResources/DSC_CMGroupDiscovery/DSC_CMGroupDiscovery.psm1 index 911a60a..11ccb29 100644 --- a/source/DSCResources/DSC_CMGroupDiscovery/DSC_CMGroupDiscovery.psm1 +++ b/source/DSCResources/DSC_CMGroupDiscovery/DSC_CMGroupDiscovery.psm1 @@ -36,29 +36,12 @@ function Get-TargetResource Set-Location -Path "$($SiteCode):\" $groupDiscovery = Get-CMDiscoveryMethod -Name ActiveDirectoryGroupDiscovery -SiteCode $SiteCode - $status = ($groupDiscovery.Props | Where-Object -FilterScript {$_.PropertyName -eq 'Settings'}).Value1 - if ($status -eq 'Active') + if ($groupDiscovery) { - foreach ($prop in $groupDiscovery.Props) - { - switch ($prop.PropertyName) - { - 'Settings' { $enabledStatus = ($prop.Value1 -eq 'Active') } - 'Full Sync Schedule' { $groupSchedule = $prop.Value1 } - 'Enable Incremental Sync' { [boolean]$deltaEnabled = $prop.Value } - 'Startup Schedule' { $groupDelta = $prop.Value1 } - 'Enable Filtering Expired Logon' { [boolean]$lastLogonEnabled = $prop.Value } - 'Days Since Last Logon' { $lastLogon = $prop.Value } - 'Enable Filtering Expired Password' { [boolean]$lastPasswordEnabled = $prop.Value } - 'Days Since Last Password Set' { $lastPassword = $prop.Value } - 'Discover DG Membership' { [boolean]$dgMemberEnabled = $prop.Value } - } - } - $adContainers = ($groupDiscovery.Proplists | Where-Object -FilterScript {$_.PropertyListName -eq 'AD Containers'}).Values - $count = 0 + if ($adContainers) { $adGroups = @() @@ -88,31 +71,52 @@ function Get-TargetResource } } - if ($deltaEnabled -eq $false) - { - $groupSchedule = $groupDelta - $groupDelta = $null - } - - $schedule = Get-CMSchedule -ScheduleString $groupSchedule + $status = ($groupDiscovery.Props | Where-Object -FilterScript {$_.PropertyName -eq 'Settings'}).Value1 - if (-not [string]::IsNullOrEmpty($groupDelta)) + if ($status -eq 'Active') { - $sDelta = Convert-CMSchedule -ScheduleString $groupDelta + foreach ($prop in $groupDiscovery.Props) + { + switch ($prop.PropertyName) + { + 'Settings' { $enabledStatus = ($prop.Value1 -eq 'Active') } + 'Full Sync Schedule' { $groupSchedule = $prop.Value1 } + 'Enable Incremental Sync' { [boolean]$deltaEnabled = $prop.Value } + 'Startup Schedule' { $groupDelta = $prop.Value1 } + 'Enable Filtering Expired Logon' { [boolean]$lastLogonEnabled = $prop.Value } + 'Days Since Last Logon' { $lastLogon = $prop.Value } + 'Enable Filtering Expired Password' { [boolean]$lastPasswordEnabled = $prop.Value } + 'Days Since Last Password Set' { $lastPassword = $prop.Value } + 'Discover DG Membership' { [boolean]$dgMemberEnabled = $prop.Value } + } + } - if ($sDelta.HourSpan -eq 1) + if ($deltaEnabled -eq $false) { - $syncDelta = 60 + $groupSchedule = $groupDelta + $groupDelta = $null } - else + + $schedule = Get-CMSchedule -ScheduleString $groupSchedule + + if (-not [string]::IsNullOrEmpty($groupDelta)) { - $syncDelta = $sDelta.MinuteSpan + $sDelta = Convert-CMSchedule -ScheduleString $groupDelta + + if ($sDelta.HourSpan -eq 1) + { + $syncDelta = 60 + } + else + { + $syncDelta = $sDelta.MinuteSpan + } } } - } - else - { - $enabledStatus = $false + else + { + $enabledStatus = $false + } } return @{ @@ -294,9 +298,8 @@ function Set-TargetResource if ($Enabled -eq $true) { - if (($PSBoundParameters.DeltaDiscoveryMins) -and ($PSBoundParameters.EnableDeltaDiscovery -eq $false -or - ($state.EnableDeltaDiscovery -eq $false -and - [string]::IsNullOrEmpty($PSBoundParameters.EnableDeltaDiscovery)))) + if (($PSBoundParameters.ContainsKey('DeltaDiscoveryMins')) -and ($EnableDeltaDiscovery -eq $false -or + $state.EnableDeltaDiscovery -eq $false)) { throw $script:localizedData.MissingDeltaDiscovery } @@ -326,6 +329,23 @@ function Set-TargetResource } } + if ((-not $PSBoundParameters.ContainsKey('ScheduleType')) -and ($PSBoundParameters.ContainsKey('Start') -or + $PSBoundParameters.ContainsKey('RecurInterval') -or $PSBoundParameters.ContainsKey('MonthlyWeekOrder') -or + $PSBoundParameters.ContainsKey('DayOfWeek') -or $PSBoundParameters.ContainsKey('DayOfMonth'))) + { + throw $script:localizedData.MissingScheduleType + } + + if ($PSBoundParameters.ContainsKey('TimeSinceLastLogonDays') -and $EnableFilteringExpiredLogon -ne $true) + { + throw $script:localizedData.TimeSinceLastLogon + } + + if ($PSBoundParameters.ContainsKey('TimeSinceLastPasswordUpdateDays') -and $EnableFilteringExpiredPassword -ne $true) + { + throw $script:localizedData.PasswordExpiredFilter + } + $paramsToCheck = @('Enabled','EnableDeltaDiscovery','DeltaDiscoveryMins','EnableFilteringExpiredLogon', 'TimeSinceLastLogonDays','EnableFilteringExpiredPassword','TimeSinceLastPasswordUpdateDays', 'DiscoverDistributionGroupMembership') @@ -632,6 +652,33 @@ function Test-TargetResource if ($Enabled -eq $true) { + if ((-not $PSBoundParameters.ContainsKey('ScheduleType')) -and ($PSBoundParameters.ContainsKey('Start') -or + $PSBoundParameters.ContainsKey('RecurInterval') -or $PSBoundParameters.ContainsKey('MonthlyWeekOrder') -or + $PSBoundParameters.ContainsKey('DayOfWeek') -or $PSBoundParameters.ContainsKey('DayOfMonth'))) + { + Write-Warning -Message $script:localizedData.MissingScheduleType + $badInput = $true + } + + if (($PSBoundParameters.ContainsKey('DeltaDiscoveryMins')) -and ($EnableDeltaDiscovery -eq $false -or + $state.EnableDeltaDiscovery -eq $false)) + { + Write-Warning -Message $script:localizedData.MissingDeltaDiscovery + $badInput = $true + } + + if ($PSBoundParameters.ContainsKey('TimeSinceLastLogonDays') -and $EnableFilteringExpiredLogon -ne $true) + { + Write-Warning -Message $script:localizedData.TimeSinceLastLogon + $badInput = $true + } + + if ($PSBoundParameters.ContainsKey('TimeSinceLastPasswordUpdateDays') -and $EnableFilteringExpiredPassword -ne $true) + { + Write-Warning -Message $script:localizedData.PasswordExpiredFilter + $badInput = $true + } + $testParams = @{ CurrentValues = $state DesiredValues = $PSBoundParameters @@ -746,10 +793,14 @@ function Test-TargetResource } } - if ($result -eq $false -or $testResult -eq $false -or $schedResult -eq $false) + if ($result -eq $false -or $testResult -eq $false -or $schedResult -eq $false -or $badInput -eq $true) { $result = $false } + else + { + $result = $true + } } elseif ($state.Enabled -eq $true) { diff --git a/source/DSCResources/DSC_CMGroupDiscovery/en-US/DSC_CMGroupDiscovery.strings.psd1 b/source/DSCResources/DSC_CMGroupDiscovery/en-US/DSC_CMGroupDiscovery.strings.psd1 index ea3e8f2..8712931 100644 --- a/source/DSCResources/DSC_CMGroupDiscovery/en-US/DSC_CMGroupDiscovery.strings.psd1 +++ b/source/DSCResources/DSC_CMGroupDiscovery/en-US/DSC_CMGroupDiscovery.strings.psd1 @@ -12,4 +12,7 @@ ConvertFrom-StringData @' GdsExtra = Group Discovery Scope Name {0} is expected to be absent. DeltaNoInterval = DeltaDiscoveryMins is not specified, specify DeltaDiscoveryMins when enabling Delta Discovery. NewSchedule = Modifying group discovery schedule. + MissingScheduleType = In order to create a schedule you must specify ScheduleType. + TimeSinceLastLogon = When setting TimeSinceLastLogonDays, EnableFilteringExpiredLogon must be set to true. + PasswordExpiredFilter = When setting TimeSinceLastPasswordUpdateDays, EnableFilteringExpiredPassword must be set to true. '@ diff --git a/source/Modules/ConfigMgrCBDsc.ReverseDsc/ConfigMgrCBDsc.ReverseDsc.psm1 b/source/Modules/ConfigMgrCBDsc.ReverseDsc/ConfigMgrCBDsc.ReverseDsc.psm1 index 7cb6936..3a45955 100644 --- a/source/Modules/ConfigMgrCBDsc.ReverseDsc/ConfigMgrCBDsc.ReverseDsc.psm1 +++ b/source/Modules/ConfigMgrCBDsc.ReverseDsc/ConfigMgrCBDsc.ReverseDsc.psm1 @@ -4889,6 +4889,9 @@ function Set-ConfigMgrCBDscReverse $params = @{ ResourceName = $resourceName SiteCode = $SiteCode + ExcludeList = @('SiteCode','EnableDeltaDiscovery','DeltaDiscoveryMins','EnableFilteringExpiredLogon', + 'TimeSinceLastLogonDays','EnableFilteringExpiredPassword','TimeSinceLastPasswordUpdateDays','DiscoverDistributionGroupMembership', + 'GroupDiscoveryScope','Start','ScheduleType','RecurInterval','MonthlyWeekOrder','DayOfWeek','DayOfMonth') Indent = 1 Count = 7 Resources = $resources diff --git a/tests/Unit/CMGroupDiscovery.tests.ps1 b/tests/Unit/CMGroupDiscovery.tests.ps1 index 6169e38..7eb2327 100644 --- a/tests/Unit/CMGroupDiscovery.tests.ps1 +++ b/tests/Unit/CMGroupDiscovery.tests.ps1 @@ -613,6 +613,31 @@ try $deltaMinutesMsg = 'When changing delta schedule, delta schedule must be enabled.' + $missingScheduleType = @{ + SiteCode = 'Lab' + Enabled = $true + Start = '2/1/1970 00:00' + DayOfWeek = 'Friday' + MonthlyWeekOrder = 'first' + } + + $missingScheduleTypeMsg = 'In order to create a schedule you must specify ScheduleType.' + + $timeSinceLastLogon = @{ + SiteCode = 'Lab' + Enabled = $true + TimeSinceLastLogonDays = 15 + } + + $timeSinceLastLogonMsg = 'When setting TimeSinceLastLogonDays, EnableFilteringExpiredLogon must be set to true.' + + $timePasswordUpdate = @{ + SiteCode = 'Lab' + Enabled = $true + TimeSinceLastPasswordUpdateDays = 49 + } + + $passwordExpiredFilterMsg = 'When setting TimeSinceLastPasswordUpdateDays, EnableFilteringExpiredPassword must be set to true.' } It 'Should call expected commands when include and exclude contain the same entry' { @@ -650,6 +675,42 @@ try Assert-MockCalled New-CMADGroupDiscoveryScope -Exactly -Times 0 -Scope It Assert-MockCalled Set-CMDiscoveryMethod -Exactly -Times 0 -Scope It } + + It 'Should call expected commands when specifying schedule and not specifying ScheduleType' { + Mock -CommandName Get-TargetResource -MockWith { $getTargetResourceStandardReturn } + + { Set-TargetResource @missingScheduleType } | Should -Throw -ExpectedMessage $missingScheduleTypeMsg + Assert-MockCalled Import-ConfigMgrPowerShellModule -Exactly -Times 1 -Scope It + Assert-MockCalled Set-Location -Exactly -Times 2 -Scope It + Assert-MockCalled Get-TargetResource -Exactly -Times 1 -Scope It + Assert-MockCalled New-CMSchedule -Exactly -Times 0 -Scope It + Assert-MockCalled New-CMADGroupDiscoveryScope -Exactly -Times 0 -Scope It + Assert-MockCalled Set-CMDiscoveryMethod -Exactly -Times 0 -Scope It + } + + It 'Should call expected commands when specifying TimeSinceLastLogonDays and not EnableFilteringExpiredLogon' { + Mock -CommandName Get-TargetResource -MockWith { $getTargetResourceStandardReturn } + + { Set-TargetResource @timeSinceLastLogon } | Should -Throw -ExpectedMessage $timeSinceLastLogonMsg + Assert-MockCalled Import-ConfigMgrPowerShellModule -Exactly -Times 1 -Scope It + Assert-MockCalled Set-Location -Exactly -Times 2 -Scope It + Assert-MockCalled Get-TargetResource -Exactly -Times 1 -Scope It + Assert-MockCalled New-CMSchedule -Exactly -Times 0 -Scope It + Assert-MockCalled New-CMADGroupDiscoveryScope -Exactly -Times 0 -Scope It + Assert-MockCalled Set-CMDiscoveryMethod -Exactly -Times 0 -Scope It + } + + It 'Should call expected commands when specifying TimeSinceLastPasswordUpdateDays and not EnableFilteringExpiredPassword' { + Mock -CommandName Get-TargetResource -MockWith { $getTargetResourceStandardReturn } + + { Set-TargetResource @timePasswordUpdate } | Should -Throw -ExpectedMessage $passwordExpiredFilterMsg + Assert-MockCalled Import-ConfigMgrPowerShellModule -Exactly -Times 1 -Scope It + Assert-MockCalled Set-Location -Exactly -Times 2 -Scope It + Assert-MockCalled Get-TargetResource -Exactly -Times 1 -Scope It + Assert-MockCalled New-CMSchedule -Exactly -Times 0 -Scope It + Assert-MockCalled New-CMADGroupDiscoveryScope -Exactly -Times 0 -Scope It + Assert-MockCalled Set-CMDiscoveryMethod -Exactly -Times 0 -Scope It + } } } @@ -882,6 +943,12 @@ try EnableDeltaDiscovery = $true } + $deltaSchedule = @{ + SiteCode = 'Lab' + Enabled = $true + DeltaDiscoveryMins = 5 + } + $allGroupDiscoveryOptions = @{ SiteCode = 'Lab' Enabled = $true @@ -889,6 +956,26 @@ try GroupDiscoveryScopeToInclude = $groupDiscoverySingleInstance GroupDiscoveryScopeToExclude = 'Test2' } + + $missingScheduleType = @{ + SiteCode = 'Lab' + Enabled = $true + Start = '2/1/1970 00:00' + DayOfWeek = 'Friday' + MonthlyWeekOrder = 'first' + } + + $timeSinceLastLogon = @{ + SiteCode = 'Lab' + Enabled = $true + TimeSinceLastLogonDays = 15 + } + + $timePasswordUpdate = @{ + SiteCode = 'Lab' + Enabled = $true + TimeSinceLastPasswordUpdateDays = 49 + } } It 'Should return desired result false when enabling delta discovery' { @@ -908,6 +995,30 @@ try Test-TargetResource @allGroupDiscoveryOptions | Should -Be $false } + + It 'Should return desired result false when specifying delta discovery and not enabling delta discovery' { + Mock -CommandName Get-TargetResource -MockWith { $getDeltaDisabled } + + Test-TargetResource @deltaSchedule | Should -Be $false + } + + It 'Should return desired result false when specifying schedule and not specifying ScheduleType' { + Mock -CommandName Get-TargetResource -MockWith { $getReturnEnabled } + + Test-TargetResource @missingScheduleType | Should -Be $false + } + + It 'Should return desired result false when specifying TimeSinceLastLogonDays and not EnableFilteringExpiredLogon' { + Mock -CommandName Get-TargetResource -MockWith { $getReturnEnabled } + + Test-TargetResource @timeSinceLastLogon | Should -Be $false + } + + It 'Should return desired result false when specifying TimeSinceLastPasswordUpdateDays and not EnableFilteringExpiredPassword' { + Mock -CommandName Get-TargetResource -MockWith { $getReturnEnabled } + + Test-TargetResource @timePasswordUpdate | Should -Be $false + } } } }