From ebb4faa9734639f1dccfbfb729d1ca76e3549367 Mon Sep 17 00:00:00 2001 From: Rob Christie Date: Tue, 30 Jan 2018 16:03:26 -0500 Subject: [PATCH 01/39] Add Central Admin support to SPAlternateUrl --- .../MSFT_SPAlternateUrl.psm1 | 39 +++++++++++++++---- 1 file changed, 31 insertions(+), 8 deletions(-) diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/MSFT_SPAlternateUrl.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/MSFT_SPAlternateUrl.psm1 index 9318a3ab0..650e71ee2 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/MSFT_SPAlternateUrl.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/MSFT_SPAlternateUrl.psm1 @@ -164,17 +164,40 @@ function Set-TargetResource # URL not configured on WebApp if ($null -eq $urlAam) { - # urlAAM not found, so it is safe to create AAM on specified zone - $cmdParams = @{ - WebApplication = $webapp - Url = $params.Url - Zone = $params.Zone + # urlAAM not found, so it is safe to create AAM on specified zone (or modify existing if CA) + # If this is Central Admin, we want to update the existing Default AAM instead of adding a new one + if ($webapp.IsAdministrationWebApplication -and $params.Zone -eq "Default" -and !$webAppAams.GetType().IsArray) + { + # web app is Central Administration + # assumptions we have to make to proceed without introducing breaking changes: + # 1. CA only has 1 AAM (done in if condition above) + + + # sanity checks before updating AAM: + # 1. We are editing the Default Zone AAM (done in if condition above) + # 2. Internal URL == Public URL (does this matter? we could still set both to the new URL) + if ($webAppAams.IncomingUrl -eq $webAppAams.PublicUrl) + { + Set-SPAlternateURL -Identity $webAppAams.IncomingUrl -Url $params.Url | Out-Null + } + else + { + throw("Central Administration's existing AAM has different values for Internal and Public URL's") + } } - if (($params.ContainsKey("Internal") -eq $true)) + else { - $cmdParams.Add("Internal", $params.Internal) + $cmdParams = @{ + WebApplication = $webapp + Url = $params.Url + Zone = $params.Zone + } + if (($params.ContainsKey("Internal") -eq $true)) + { + $cmdParams.Add("Internal", $params.Internal) + } + New-SPAlternateURL @cmdParams | Out-Null } - New-SPAlternateURL @cmdParams | Out-Null } else { From a845c7b059c802fb0a1274ecf8818657fbcb9c5d Mon Sep 17 00:00:00 2001 From: Rob Christie Date: Wed, 31 Jan 2018 11:34:45 -0500 Subject: [PATCH 02/39] Another fix to support CA --- .../DSCResources/MSFT_SPAlternateUrl/MSFT_SPAlternateUrl.psm1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/MSFT_SPAlternateUrl.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/MSFT_SPAlternateUrl.psm1 index 650e71ee2..5e315bb91 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/MSFT_SPAlternateUrl.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/MSFT_SPAlternateUrl.psm1 @@ -171,8 +171,7 @@ function Set-TargetResource # web app is Central Administration # assumptions we have to make to proceed without introducing breaking changes: # 1. CA only has 1 AAM (done in if condition above) - - + # # sanity checks before updating AAM: # 1. We are editing the Default Zone AAM (done in if condition above) # 2. Internal URL == Public URL (does this matter? we could still set both to the new URL) From e99755c14e4db02cfbe71f737375baf40090efdc Mon Sep 17 00:00:00 2001 From: Rob Christie Date: Thu, 8 Feb 2018 12:24:49 -0500 Subject: [PATCH 03/39] Updating logic for setting CA default zone URL --- .../MSFT_SPAlternateUrl.psm1 | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/MSFT_SPAlternateUrl.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/MSFT_SPAlternateUrl.psm1 index 5e315bb91..11978afb0 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/MSFT_SPAlternateUrl.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/MSFT_SPAlternateUrl.psm1 @@ -166,23 +166,20 @@ function Set-TargetResource { # urlAAM not found, so it is safe to create AAM on specified zone (or modify existing if CA) # If this is Central Admin, we want to update the existing Default AAM instead of adding a new one - if ($webapp.IsAdministrationWebApplication -and $params.Zone -eq "Default" -and !$webAppAams.GetType().IsArray) + if ($webapp.IsAdministrationWebApplication -and $params.Zone -eq "Default") { # web app is Central Administration # assumptions we have to make to proceed without introducing breaking changes: - # 1. CA only has 1 AAM (done in if condition above) + # 1. CA only has 1 AAM + # update: this shouldn't matter -- if CA has more than 1 AAM in Default zone, Set-SPAlternateUrl should consolidate into 1 + # For additional CA servers, use other zones instead of Default # # sanity checks before updating AAM: # 1. We are editing the Default Zone AAM (done in if condition above) # 2. Internal URL == Public URL (does this matter? we could still set both to the new URL) - if ($webAppAams.IncomingUrl -eq $webAppAams.PublicUrl) - { - Set-SPAlternateURL -Identity $webAppAams.IncomingUrl -Url $params.Url | Out-Null - } - else - { - throw("Central Administration's existing AAM has different values for Internal and Public URL's") - } + # update: if $webAppAams is an array (more than 1 AAM in Default zone), maybe this is the best way to find the primary AAM to use + # OR, maybe the best way is to ask CA for its URL (RECOMMENDED) + Set-SPAlternateURL -Identity $webApp.Url -Url $params.Url -Zone $params.Zone | Out-Null } else { From f232f7caf19c8b0d6e013e32b980b6fcbd1287f3 Mon Sep 17 00:00:00 2001 From: Rob Christie Date: Mon, 12 Feb 2018 10:36:39 -0500 Subject: [PATCH 04/39] Clean up comments prior to PR, update changelog --- CHANGELOG.md | 1 + .../MSFT_SPAlternateUrl.psm1 | 18 ++++++------------ 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f4009ace5..6cb34bb5b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ * Updated the SqlServer configuration to use SqlServerDsc version 10.0.0.0. * SPAlternateURL * Added the ability to manage the Central Administration AAMs + * If resource specifies Central Admin webapp and Default Zone, the existing AAM will be updated instead of adding a new one * SPDiagnosticsProvider * Added the resource * SPFarm diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/MSFT_SPAlternateUrl.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/MSFT_SPAlternateUrl.psm1 index 11978afb0..ecfa3a2ef 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/MSFT_SPAlternateUrl.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/MSFT_SPAlternateUrl.psm1 @@ -165,20 +165,14 @@ function Set-TargetResource if ($null -eq $urlAam) { # urlAAM not found, so it is safe to create AAM on specified zone (or modify existing if CA) - # If this is Central Admin, we want to update the existing Default AAM instead of adding a new one + # If this is Central Admin and Default zone, we want to update the existing AAM instead of adding a new one if ($webapp.IsAdministrationWebApplication -and $params.Zone -eq "Default") { - # web app is Central Administration - # assumptions we have to make to proceed without introducing breaking changes: - # 1. CA only has 1 AAM - # update: this shouldn't matter -- if CA has more than 1 AAM in Default zone, Set-SPAlternateUrl should consolidate into 1 - # For additional CA servers, use other zones instead of Default - # - # sanity checks before updating AAM: - # 1. We are editing the Default Zone AAM (done in if condition above) - # 2. Internal URL == Public URL (does this matter? we could still set both to the new URL) - # update: if $webAppAams is an array (more than 1 AAM in Default zone), maybe this is the best way to find the primary AAM to use - # OR, maybe the best way is to ask CA for its URL (RECOMMENDED) + # web app is Central Administration and Default zone + + # If CA has more than 1 AAM in Default zone, Set-SPAlternateUrl should consolidate into 1 + # For additional CA servers, use other zones instead of Default + Set-SPAlternateURL -Identity $webApp.Url -Url $params.Url -Zone $params.Zone | Out-Null } else From ca0804309331ba830bd968758143591a403e867a Mon Sep 17 00:00:00 2001 From: Rob Christie Date: Mon, 12 Feb 2018 10:51:09 -0500 Subject: [PATCH 05/39] Update SPAlternateUrl readme with notes on configuring CA --- .../DSCResources/MSFT_SPAlternateUrl/readme.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/readme.md b/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/readme.md index 3eed3e88b..4884bf021 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/readme.md +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/readme.md @@ -5,11 +5,25 @@ web application. These can be assigned to specific zones for each web application. Alternatively a URL can be removed from a zone to ensure that it will remain empty and have no alternate URL. +The default value for the Ensure parameter is Present. When not specifying this +parameter, the setting is configured. + +# Central Administration + To select the Central Administration site, use the following command to retrieve the correct web application name: (Get-SPWebApplication -IncludeCentralAdministration | Where-Object { $_.IsAdministrationWebApplication }).DisplayName -The default value for the Ensure parameter is Present. When not specifying this -parameter, the setting is configured. + To update the existing Default Zone AAM for Central Administration (e.g. to + implement HTTPS), use the above command to retrieve the web application name + (by default, it will be "SharePoint Central Administration v4") and specify + "Default" as the Zone. If you wish to add AAM's instead, you may use the other + zones to do so. + +Using SPAlternateUrl to update the Default Zone AAM for Central Administration +will update the AAM in SharePoint as well as the CentralAdministrationUrl value +in the registry. It will not, however, update bindings in IIS. It is recommended +to use the xWebsite resource from the xWebAdministration module to configure the +appropriate bindings in IIS. From d955cda5e23af800e8f8d7831f46c02e436baa23 Mon Sep 17 00:00:00 2001 From: Rob Christie Date: Mon, 12 Feb 2018 10:54:18 -0500 Subject: [PATCH 06/39] Moved SPAlternateUrl changelog notes to unreleased section --- CHANGELOG.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6cb34bb5b..7e855b40e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Change log for SharePointDsc +## Unreleased + +* SPAlternateURL + * If resource specifies Central Admin webapp and Default Zone, the existing AAM will be updated instead of adding a new one + ## 2.1 * General @@ -8,7 +13,6 @@ * Updated the SqlServer configuration to use SqlServerDsc version 10.0.0.0. * SPAlternateURL * Added the ability to manage the Central Administration AAMs - * If resource specifies Central Admin webapp and Default Zone, the existing AAM will be updated instead of adding a new one * SPDiagnosticsProvider * Added the resource * SPFarm From 4873735f2d241204dc155dc72abd1a86724b8a4b Mon Sep 17 00:00:00 2001 From: Rob Christie Date: Tue, 13 Feb 2018 10:02:23 -0500 Subject: [PATCH 07/39] Fix for multiple top level headers in readme.md --- .../SharePointDsc/DSCResources/MSFT_SPAlternateUrl/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/readme.md b/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/readme.md index 4884bf021..651918e6d 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/readme.md +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/readme.md @@ -8,7 +8,7 @@ will remain empty and have no alternate URL. The default value for the Ensure parameter is Present. When not specifying this parameter, the setting is configured. -# Central Administration +## Central Administration To select the Central Administration site, use the following command to retrieve the correct web application name: From 5b7dc342c79f7c8560014a65e47eb702d6766d4e Mon Sep 17 00:00:00 2001 From: Rob Christie Date: Tue, 13 Feb 2018 10:57:22 -0500 Subject: [PATCH 08/39] Fix MD013 line length in changelog --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7e855b40e..93d55e733 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,8 @@ ## Unreleased * SPAlternateURL - * If resource specifies Central Admin webapp and Default Zone, the existing AAM will be updated instead of adding a new one + * If resource specifies Central Admin webapp and Default Zone, the existing + AAM will be updated instead of adding a new one ## 2.1 From e13e56f087cdcd40950ec5ae1c0dcc64801b08af Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 14 Feb 2018 15:03:32 +0100 Subject: [PATCH 09/39] Updates ready for testing --- CHANGELOG.md | 6 ++ .../MSFT_SPManagedMetaDataServiceApp.psm1 | 4 + .../MSFT_SPUserProfileServiceApp.psm1 | 90 +++++++++++++------ .../MSFT_SPUserProfileServiceApp.schema.mof | 1 + .../MSFT_SPUserProfileServiceApp/readme.md | 17 +++- .../MSFT_SPUserProfileSyncService.psm1 | 52 +++++++---- .../MSFT_SPUserProfileSyncService/readme.md | 18 +++- appveyor.yml | 2 +- 8 files changed, 138 insertions(+), 52 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f4009ace5..9d6895a65 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for SharePointDsc +## Unreleased + +* SPManagedMetadataServiceApp + * Fixed issue with creating the Content Type Hub on an existing MMS + service app without Content Type Hub. + ## 2.1 * General diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPManagedMetadataServiceApp/MSFT_SPManagedMetaDataServiceApp.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPManagedMetadataServiceApp/MSFT_SPManagedMetaDataServiceApp.psm1 index 81c21c1f1..b27a7f92e 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPManagedMetadataServiceApp/MSFT_SPManagedMetaDataServiceApp.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPManagedMetadataServiceApp/MSFT_SPManagedMetaDataServiceApp.psm1 @@ -140,6 +140,10 @@ function Get-TargetResource { $hubUrl = $hubUrl.TrimEnd('/') } + else + { + $hubUrl = "" + } } catch [System.Exception] { diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 index aa6bfb873..8ac153838 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 @@ -16,6 +16,10 @@ function Get-TargetResource [System.String] $ApplicationPool, + [parameter(Mandatory = $true)] + [System.Management.Automation.PSCredential] + $FarmAccount, + [Parameter()] [System.String] $MySiteHostLocation, @@ -64,38 +68,46 @@ function Get-TargetResource Write-Verbose -Message "Getting user profile service application $Name" - $farmAccount = Invoke-SPDSCCommand -Credential $InstallAccount ` + $farmAccountName = Invoke-SPDSCCommand -Credential $InstallAccount ` -Arguments $PSBoundParameters ` -ScriptBlock { return Get-SPDSCFarmAccountName } - if ($null -ne $farmAccount) + if ($null -ne $farmAccountName) { if ($PSBoundParameters.ContainsKey("InstallAccount") -eq $true) { # InstallAccount used - if ($InstallAccount.UserName -ne $farmAccount) + if ($InstallAccount.UserName -eq $farmAccountName) { - throw ("Specified InstallAccount ($($InstallAccount.UserName)) isn't the Farm " + ` - "Account. Make sure the specified InstallAccount is the Farm Account " + ` + throw ("Specified InstallAccount ($($InstallAccount.UserName)) is the Farm " + ` + "Account. Make sure the specified InstallAccount isn't the Farm Account " + ` "and try again") } } - else { + else + { # PSDSCRunAsCredential or System if (-not $Env:USERNAME.Contains("$")) { # PSDSCRunAsCredential used $localaccount = "$($Env:USERDOMAIN)\$($Env:USERNAME)" - if ($localaccount -ne $farmAccount) + if ($localaccount -eq $farmAccountName) { - throw ("Specified PSDSCRunAsCredential ($localaccount) isn't the Farm " + ` - "Account. Make sure the specified PSDSCRunAsCredential is the Farm " + ` - "Account and try again") + throw ("Specified PSDSCRunAsCredential ($localaccount) is the Farm " + ` + "Account. Make sure the specified PSDSCRunAsCredential isn't the " + ` + "Farm Account and try again") } } } + + if ($FarmAccount.UserName -ne $farmAccountName) + { + throw ("Specified FarmAccount ($($FarmAccount.UserName)) isn't the Farm " + ` + "Account. Make sure the specified FarmAccount is the actual Farm " + ` + "Account and try again") + } } else { @@ -111,6 +123,7 @@ function Get-TargetResource $nullReturn = @{ Name = $params.Name Ensure = "Absent" + ApplicationPool = $params.ApplicationPool } if ($null -eq $serviceApps) { @@ -162,6 +175,7 @@ function Get-TargetResource Name = $serviceApp.DisplayName ProxyName = $proxyName ApplicationPool = $serviceApp.ApplicationPool.Name + FarmAccount = $farmAccountName MySiteHostLocation = $params.MySiteHostLocation ProfileDBName = $databases.ProfileDatabase.Name ProfileDBServer = $databases.ProfileDatabase.NormalizedDataSource @@ -196,6 +210,10 @@ function Set-TargetResource [System.String] $ApplicationPool, + [parameter(Mandatory = $true)] + [System.Management.Automation.PSCredential] + $FarmAccount, + [Parameter()] [System.String] $MySiteHostLocation, @@ -246,36 +264,47 @@ function Set-TargetResource if ($Ensure -eq "Present") { - $farmAccount = Invoke-SPDSCCommand -Credential $InstallAccount ` - -Arguments $PSBoundParameters ` - -ScriptBlock { + $farmAccountName = Invoke-SPDSCCommand -Credential $InstallAccount ` + -Arguments $PSBoundParameters ` + -ScriptBlock { return Get-SPDSCFarmAccountName } - if ($null -ne $farmAccount) + if ($null -ne $farmAccountName) { if ($PSBoundParameters.ContainsKey("InstallAccount") -eq $true) { # InstallAccount used - if ($InstallAccount.UserName -ne $farmAccount) + if ($InstallAccount.UserName -eq $farmAccountName) { - throw ("Specified InstallAccount ($($InstallAccount.UserName)) isn't the Farm Account. Make sure " + ` - "the specified InstallAccount is the Farm Account and try again") + throw ("Specified InstallAccount ($($InstallAccount.UserName)) is the Farm " + ` + "Account. Make sure the specified InstallAccount isn't the Farm Account " + ` + "and try again") } } - else { + else + { # PSDSCRunAsCredential or System if (-not $Env:USERNAME.Contains("$")) { # PSDSCRunAsCredential used $localaccount = "$($Env:USERDOMAIN)\$($Env:USERNAME)" - if ($localaccount -ne $farmAccount) + if ($localaccount -eq $farmAccountName) { - throw ("Specified PSDSCRunAsCredential ($localaccount) isn't the Farm Account. Make sure " + ` - "the specified PSDSCRunAsCredential is the Farm Account and try again") + throw ("Specified PSDSCRunAsCredential ($localaccount) is the Farm " + ` + "Account. Make sure the specified PSDSCRunAsCredential isn't the " + ` + "Farm Account and try again") } } } + + # InstallAccount used + if ($FarmAccount.UserName -ne $farmAccountName) + { + throw ("Specified FarmAccount ($($FarmAccount.UserName)) isn't the Farm " + ` + "Account. Make sure the specified FarmAccount is the actual Farm " + ` + "Account and try again") + } } else { @@ -284,20 +313,20 @@ function Set-TargetResource Write-Verbose -Message "Creating user profile service application $Name" - # Add the InstallAccount to the local Administrators group, if it's not already there - $isLocalAdmin = Test-SPDSCUserIsLocalAdmin -UserName $farmAccount + # Add the FarmAccount to the local Administrators group, if it's not already there + $isLocalAdmin = Test-SPDSCUserIsLocalAdmin -UserName $farmAccount.UserName if (!$isLocalAdmin) { - Add-SPDSCUserToLocalAdmin -UserName $farmAccount + Add-SPDSCUserToLocalAdmin -UserName $farmAccount.UserName # Cycle the Timer Service so that it picks up the local Admin token Restart-Service -Name "SPTimerV4" } - $result = Invoke-SPDSCCommand -Credential $InstallAccount ` - -Arguments $PSBoundParameters ` - -ScriptBlock { + $null = Invoke-SPDSCCommand -Credential $FarmAccount ` + -Arguments $PSBoundParameters ` + -ScriptBlock { $params = $args[0] $updateEnableNetBIOS = $false @@ -324,6 +353,7 @@ function Set-TargetResource { $params.Remove("Ensure") | Out-Null } + $params.Remove("FarmAccount") | Out-Null $params = Rename-SPDSCParamValue -params $params ` -oldName "SyncDBName" ` @@ -377,7 +407,7 @@ function Set-TargetResource # Remove the InstallAccount from the local Administrators group, if it was added above if (!$isLocalAdmin) { - Remove-SPDSCUserToLocalAdmin -UserName $farmAccount + Remove-SPDSCUserToLocalAdmin -UserName $farmAccount.UserName } } @@ -427,6 +457,10 @@ function Test-TargetResource [System.String] $ApplicationPool, + [parameter(Mandatory = $true)] + [System.Management.Automation.PSCredential] + $FarmAccount, + [Parameter()] [System.String] $MySiteHostLocation, diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.schema.mof b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.schema.mof index 78c3c099d..8ebad771d 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.schema.mof +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.schema.mof @@ -4,6 +4,7 @@ class MSFT_SPUserProfileServiceApp : OMI_BaseResource [Key, Description("The name of the user profile service")] string Name; [Write, Description("The proxy name, if not specified will be /Name of service app/ Proxy")] string ProxyName; [Required, Description("The name of the application pool to run the service app in")] string ApplicationPool; + [Required, Description("The farm account, which is needed to provision the service app"), EmbeddedInstance("MSFT_Credential")] String FarmAccount; [Write, Description("The URL of the my site host collection")] string MySiteHostLocation; [Write, Description("The name of the profile database")] string ProfileDBName; [Write, Description("The name of the server to host the profile database")] string ProfileDBServer; diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/readme.md b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/readme.md index 12e93f996..de4e13453 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/readme.md +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/readme.md @@ -4,9 +4,20 @@ This resource will provision an instance of the user profile service to the farm. It creates the required databases using the parameters that are passed in to it (although these are only used during the initial provisioning). -The specified InstallAccount or PSDSCRunAsCredential has to be the Farm Account. -This is done to ensure that the databases are created with the correct schema -owners and allow the user profile sync service to operate correctly. +The specified InstallAccount or PSDSCRunAsCredential shouldn't be the Farm Account. +The resource will throw an error when it is. However, the FarmAccount parameter +should be the Farm Account. The resource will throw an error if it is not. This is +done to ensure that the databases are created with the correct schema owners and +allow the user profile sync service to operate correctly. The Farm Account is +temporarily granted local Administrator permissions. The default value for the Ensure parameter is Present. When not specifying this parameter, the service application is provisioned. + +NOTE: +Due to the fact that SharePoint requires certain User Profile components to be +provisioned as the Farm account, do this resource and SPUserProfileSyncService +require the Farm account to be specified in the FarmAccount parameter. +This does however mean that CredSSP is required, which has some security +implications. More information about these risks can be found at: +http://www.powershellmagazine.com/2014/03/06/accidental-sabotage-beware-of-credssp/ diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.psm1 index 110f6d86d..535eaf633 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.psm1 @@ -44,10 +44,11 @@ function Get-TargetResource if ($PSBoundParameters.ContainsKey("InstallAccount") -eq $true) { # InstallAccount used - if ($InstallAccount.UserName -ne $farmAccountName) + if ($InstallAccount.UserName -eq $farmAccountName) { - throw ("Specified InstallAccount isn't the Farm Account. Make sure " + ` - "the specified InstallAccount is the Farm Account and try again") + throw ("Specified InstallAccount ($($InstallAccount.UserName)) is the Farm " + ` + "Account. Make sure the specified InstallAccount isn't the Farm Account " + ` + "and try again") } } else { @@ -56,13 +57,21 @@ function Get-TargetResource { # PSDSCRunAsCredential used $localaccount = "$($Env:USERDOMAIN)\$($Env:USERNAME)" - if ($localaccount -ne $farmAccountName) + if ($localaccount -eq $farmAccountName) { - throw ("Specified PSDSCRunAsCredential isn't the Farm Account. Make sure " + ` - "the specified Install Account is the Farm Account and try again") + throw ("Specified PSDSCRunAsCredential ($localaccount) is the Farm " + ` + "Account. Make sure the specified PSDSCRunAsCredential isn't the " + ` + "Farm Account and try again") } } } + + if ($FarmAccount.UserName -ne $farmAccountName) + { + throw ("Specified FarmAccount ($($FarmAccount.UserName)) isn't the Farm " + ` + "Account. Make sure the specified FarmAccount is the actual Farm " + ` + "Account and try again") + } } else { @@ -175,8 +184,8 @@ function Set-TargetResource } $farmAccountName = Invoke-SPDSCCommand -Credential $InstallAccount ` - -Arguments $PSBoundParameters ` - -ScriptBlock { + -Arguments $PSBoundParameters ` + -ScriptBlock { return Get-SPDSCFarmAccountName } @@ -185,10 +194,11 @@ function Set-TargetResource if ($PSBoundParameters.ContainsKey("InstallAccount") -eq $true) { # InstallAccount used - if ($InstallAccount.UserName -ne $farmAccountName) + if ($InstallAccount.UserName -eq $farmAccountName) { - throw ("Specified InstallAccount isn't the Farm Account. Make sure " + ` - "the specified InstallAccount is the Farm Account and try again") + throw ("Specified InstallAccount ($($InstallAccount.UserName)) is the Farm " + ` + "Account. Make sure the specified InstallAccount isn't the Farm Account " + ` + "and try again") } } else { @@ -197,13 +207,21 @@ function Set-TargetResource { # PSDSCRunAsCredential used $localaccount = "$($Env:USERDOMAIN)\$($Env:USERNAME)" - if ($localaccount -ne $farmAccountName) + if ($localaccount -eq $farmAccountName) { - throw ("Specified PSDSCRunAsCredential isn't the Farm Account. Make sure " + ` - "the specified Install Account is the Farm Account and try again") + throw ("Specified PSDSCRunAsCredential ($localaccount) is the Farm " + ` + "Account. Make sure the specified PSDSCRunAsCredential isn't the " + ` + "Farm Account and try again") } } } + + if ($FarmAccount.UserName -ne $farmAccountName) + { + throw ("Specified FarmAccount ($($FarmAccount.UserName)) isn't the Farm " + ` + "Account. Make sure the specified FarmAccount is the actual Farm " + ` + "Account and try again") + } } else { @@ -242,14 +260,16 @@ function Set-TargetResource $isInDesiredState = $false try { - Invoke-SPDSCCommand -Credential $InstallAccount -Arguments ($PSBoundParameters,$farmAccountName) -ScriptBlock { + Invoke-SPDSCCommand -Credential $FarmAccount ` + -Arguments ($PSBoundParameters,$farmAccountName) ` + -ScriptBlock { $params = $args[0] $farmAccountName = $args[1] $currentServer = $env:COMPUTERNAME $services = Get-SPServiceInstance -Server $currentServer ` - -ErrorAction SilentlyContinue + -ErrorAction SilentlyContinue $syncService = $services | Where-Object -FilterScript { $_.GetType().Name -eq "ProfileSynchronizationServiceInstance" } diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/readme.md b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/readme.md index dad43beb9..298fb90d7 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/readme.md +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/readme.md @@ -4,11 +4,13 @@ This resource is responsible for ensuring that the user profile sync service has been provisioned (Ensure = "Present") or is not running (Ensure = "Absent") on the current server. -This resource requires that the FarmAccount is specified as the InstallAccount -or PsDscRunAsCredential parameter. It will throw an exception if this is not -the case. +The specified InstallAccount or PSDSCRunAsCredential shouldn't be the Farm Account. +The resource will throw an error when it is. However, the FarmAccount parameter +should be the Farm Account. The resource will throw an error if it is not. This is +done to ensure that the databases are created with the correct schema owners and +allow the user profile sync service to operate correctly. -To allow successful provisioning the farm account must be in the local +To allow successful provisioning, the farm account must be in the local administrators group, however it is not best practice to leave this account in the Administrators group. Therefore this resource will add the FarmAccount credential to the local administrators group at the beginning of the set method @@ -16,3 +18,11 @@ and remove it again later on. The default value for the Ensure parameter is Present. When not specifying this parameter, the user profile sync service is provisioned. + +NOTE: +Due to the fact that SharePoint requires certain User Profile components to be +provisioned as the Farm account, do this resource and SPUserProfileSyncService +require the Farm account to be specified in the FarmAccount parameter. +This does however mean that CredSSP is required, which has some security +implications. More information about these risks can be found at: +http://www.powershellmagazine.com/2014/03/06/accidental-sabotage-beware-of-credssp/ diff --git a/appveyor.yml b/appveyor.yml index 5a37fd3b4..49d59a557 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -1,4 +1,4 @@ -version: 2.1.0.{build} +version: 2.2.0.{build} image: WMF 5 install: From 6cb0a119e2c057e66466d7b403372d36e87e632f Mon Sep 17 00:00:00 2001 From: Rob Christie Date: Wed, 14 Feb 2018 09:17:17 -0500 Subject: [PATCH 10/39] Fix markup quirk --- .../DSCResources/MSFT_SPAlternateUrl/readme.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/readme.md b/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/readme.md index 651918e6d..8cf6c182a 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/readme.md +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPAlternateUrl/readme.md @@ -16,11 +16,11 @@ the correct web application name: $_.IsAdministrationWebApplication }).DisplayName - To update the existing Default Zone AAM for Central Administration (e.g. to - implement HTTPS), use the above command to retrieve the web application name - (by default, it will be "SharePoint Central Administration v4") and specify - "Default" as the Zone. If you wish to add AAM's instead, you may use the other - zones to do so. +To update the existing Default Zone AAM for Central Administration (e.g. to +implement HTTPS), use the above command to retrieve the web application name +(by default, it will be "SharePoint Central Administration v4") and specify +"Default" as the Zone. If you wish to add AAM's instead, you may use the other +zones to do so. Using SPAlternateUrl to update the Default Zone AAM for Central Administration will update the AAM in SharePoint as well as the CentralAdministrationUrl value From 20479c107323d047672f0a0c97aa0b2c217ba825 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 16 Feb 2018 09:03:57 -0500 Subject: [PATCH 11/39] Added new SPDistributedCacheClientSettings Resource --- .../MSFT_SPDistributedCacheClientSettings.mof | 36 ++ ...MSFT_SPDistributedCacheClientSettings.psm1 | 605 ++++++++++++++++++ .../Readme.md | 9 + ...SPDistributedCacheClientSettings.Tests.ps1 | 65 ++ 4 files changed, 715 insertions(+) create mode 100644 Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.mof create mode 100644 Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 create mode 100644 Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/Readme.md create mode 100644 Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.mof b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.mof new file mode 100644 index 000000000..14435bf6a --- /dev/null +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.mof @@ -0,0 +1,36 @@ +[ClassVersion("1.0.0.0"), FriendlyName("SPDistributedCacheClientSettings")] +class MSFT_SPDistributedCacheClientSettings : OMI_BaseResource +{ + [Key, Description("Present to initiate the configuration of the settings. Absent is not supported"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; + [Write, Description("Maximum number of connections to the Distributed Logon Token Cache")] UInt32 DLTCMaxConnectionsToServer; + [Write, Description("Request timeout for the Distributed Logon Token Cache")] DLTCRequestTimeout; + [Write, Description("Channel timeout for the Distributed Logon Token Cache")] DLTCChannelOpenTimeOut; + [Write, Description("Maximum number of connections to the Distributed View State Cache")] UInt32 DVSCMaxConnectionsToServer; + [Write, Description("Request timeout for the Distributed View State Cache")] UInt32 DVSCRequestTimeout; + [Write, Description("Channel timeout for the Distributed View State Cache")] UInt32 DVSCChannelOpenTimeOut; + [Write, Description("Maximum number of connections to the Distributed Access Cache")] UInt32 DACMaxConnectionsToServer; + [Write, Description("Request timeout for the Distributed Access Cache")] UInt32 DACRequestTimeout; + [Write, Description("Channel timeout for the Distributed Access Cache")] UInt32 DACChannelOpenTimeOut; + [Write, Description("Maximum number of connections to the Distributed Activity Feed Cache")] UInt32 DAFMaxConnectionsToServer; + [Write, Description("Request timeout for the Distributed Activity Feed Cache")] UInt32 DAFRequestTimeout; + [Write, Description("Channel timeout for the Distributed Activity Feed Cache")] UInt32 DAFChannelOpenTimeOut; + [Write, Description("Maximum number of connections to the Distributed Activity Feed LMT Cache")] UInt32 DAFCMaxConnectionsToServer; + [Write, Description("Request timeout for the Distributed Activity Feed LMT Cache")] UInt32 DAFCRequestTimeout; + [Write, Description("Channel timeout for the Distributed Activity Feed LMT Cache")] UInt32 DAFCChannelOpenTimeOut; + [Write, Description("Maximum number of connections to the Distributed Bouncer Cache")] UInt32 DBCMaxConnectionsToServer; + [Write, Description("Request timeout for the Distributed Bouncer Cache")] UInt32 DBCRequestTimeout; + [Write, Description("Channel timeout for the Distributed Bouncer Cache")] UInt32 DBCChannelOpenTimeOut; + [Write, Description("Maximum number of connections to the Distributed Default Cache")] UInt32 DDCMaxConnectionsToServer; + [Write, Description("Request timeout for the Distributed Default Cache")] UInt32 DDCRequestTimeout; + [Write, Description("Channel timeout for the Distributed Default Cache")] UInt32 DDCChannelOpenTimeOut; + [Write, Description("Maximum number of connections to the Distributed Search Cache")] UInt32 DSCMaxConnectionsToServer; + [Write, Description("Request timeout for the Distributed Search Cache")] UInt32 DSCRequestTimeout; + [Write, Description("Channel timeout for the Distributed Search Cache")] UInt32 DSCChannelOpenTimeOut; + [Write, Description("Maximum number of connections to the Distributed Security Trimming Cache")] UInt32 DTCMaxConnectionsToServer; + [Write, Description("Request timeout for the Distributed Security Trimming Cache")] UInt32 DTCRequestTimeout; + [Write, Description("Channel timeout for the Distributed Security Trimming Cache")] UInt32 DTCChannelOpenTimeOut; + [Write, Description("Maximum number of connections to the Distributed Server to Application Server Cache")] UInt32 DSTACMaxConnectionsToServer; + [Write, Description("Request timeout for the Distributed Server to Application Server Cache")] UInt32 DSTACRequestTimeout; + [Write, Description("Channel timeout for the Distributed Server to Application Server Cache")] UInt32 DSTACChannelOpenTimeOut; + [Write, Description("POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5"), EmbeddedInstance("MSFT_Credential")] String InstallAccount; +}; diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 new file mode 100644 index 000000000..d588e36d2 --- /dev/null +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 @@ -0,0 +1,605 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet("Present","Absent")] + [System.String] + $Ensure, + + [Parameter()] + [System.UInt32] + $DLTCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DLTCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DLTCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DVSCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DVSCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DVSCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DACMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DACRequestTimeout, + + [Parameter()] + [System.UInt32] + $DACChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DAFMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DAFRequestTimeout, + + [Parameter()] + [System.UInt32] + $DAFChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DAFCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DAFCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DAFCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DBCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DBCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DBCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DDCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DDCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DDCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DSCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DSCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DSCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DTCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DTCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DTCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DSTACMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DSTACRequestTimeout, + + [Parameter()] + [System.UInt32] + $DSTACChannelOpenTimeOut, + + [Parameter()] + [System.Management.Automation.PSCredential] + $InstallAccount + ) + + Write-Verbose -Message "Getting the Distributed Cache Client Settings" + + $result = Invoke-SPDSCCommand -Credential $InstallAccount ` + -Arguments $PSBoundParameters ` + -ScriptBlock { + $params = $args[0] + + $nullReturnValue = @{ + Ensure = "Absent" + DLTCMaxConnectionsToServer = $null + DLTCRequestTimeout = $null + DLTCChannelOpenTimeOut = $null + DVSCMaxConnectionsToServer = $null + DVSCRequestTimeout = $null + DVSCChannelOpenTimeOut = $null + DACMaxConnectionsToServer = $null + DACRequestTimeout = $null + DACChannelOpenTimeOut = $null + DAFMaxConnectionsToServer = $null + DAFRequestTimeout = $null + DAFChannelOpenTimeOut = $null + DAFCMaxConnectionsToServer = $null + DAFCRequestTimeout = $null + DAFCChannelOpenTimeOut = $null + DBCMaxConnectionsToServer = $null + DBCRequestTimeout = $null + DBCChannelOpenTimeOut = $null + DDCMaxConnectionsToServer = $null + DDCRequestTimeout = $null + DDCChannelOpenTimeOut = $null + DSCMaxConnectionsToServer = $null + DSCRequestTimeout = $null + DSCChannelOpenTimeOut = $null + DTCMaxConnectionsToServer = $null + DTCRequestTimeout = $null + DTCChannelOpenTimeOut = $null + DSTACMaxConnectionsToServer = $null + DSTACRequestTimeout = $null + DSTACChannelOpenTimeOut = $null + InstallAccount = $params.InstallAccount + } + + try + { + $DLTC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedLogonTokenCache" + $DVSC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedViewStateCache" + $DAC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedAccessCache" + $DAF = Get-SPDistributedCacheClientSetting -ContainerType "DistributedActivityFeedCache" + $DAFC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedActivityFeedLMTCache" + $DBC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedBouncerCache" + $DDC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedDefaultCache" + $DSC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedSearchCache" + $DTC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedSecurityTrimmingCache" + $DSTAC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedServerToAppServerAccessTokenCache" + + $returnValue = @{ + Ensure = "Present" + DLTCMaxConnectionsToServer = $DLTC.MaxConnectionsToServer + DLTCRequestTimeout = $DLTC.RequestTimeout + DLTCChannelOpenTimeOut = $DLTC.ChannelOpenTimeOut + DVSCMaxConnectionsToServer = $DVSC.MaxConnectionsToServer + DVSCRequestTimeout = $DVSC.RequestTimeout + DVSCChannelOpenTimeOut = $DVSC.ChannelOpenTimeOut + DACMaxConnectionsToServer = $DAC.MaxConnectionsToServer + DACRequestTimeout = $DAC.RequestTimeout + DACChannelOpenTimeOut = $DAC.ChannelOpenTimeOut + DAFMaxConnectionsToServer = $DAF.MaxConnectionsToServer + DAFRequestTimeout = $DAF.RequestTimeout + DAFChannelOpenTimeOut = $DAF.ChannelOpenTimeOut + DAFCMaxConnectionsToServer = $DAFC.MaxConnectionsToServer + DAFCRequestTimeout = $DAFC.RequestTimeout + DAFCChannelOpenTimeOut = $DAFC.ChannelOpenTimeOut + DBCMaxConnectionsToServer = $DBC.MaxConnectionsToServer + DBCRequestTimeout = $DBC.RequestTimeout + DBCChannelOpenTimeOut = $DBC.ChannelOpenTimeOut + DDCMaxConnectionsToServer = $DDC.MaxConnectionsToServer + DDCRequestTimeout = $DDC.RequestTimeout + DDCChannelOpenTimeOut = $DDC.ChannelOpenTimeOut + DSCMaxConnectionsToServer = $DSC.MaxConnectionsToServer + DSCRequestTimeout = $DSC.RequestTimeout + DSCChannelOpenTimeOut = $DSC.ChannelOpenTimeOut + DTCMaxConnectionsToServer = $DTC.MaxConnectionsToServer + DTCRequestTimeout = $DTC.RequestTimeout + DTCChannelOpenTimeOut = $DTC.ChannelOpenTimeOut + DSTACMaxConnectionsToServer = $DSTAC.MaxConnectionsToServer + DSTACRequestTimeout = $DSTAC.RequestTimeout + DSTACChannelOpenTimeOut = $DSTAC.ChannelOpenTimeOut + InstallAccount = $params.InstallAccount + } + return $returnValue + } + catch + { + return $nullReturnValue + } + } + return $result +} + + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet("Present","Absent")] + [System.String] + $Ensure, + + [Parameter()] + [System.UInt32] + $DLTCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DLTCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DLTCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DVSCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DVSCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DVSCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DACMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DACRequestTimeout, + + [Parameter()] + [System.UInt32] + $DACChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DAFMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DAFRequestTimeout, + + [Parameter()] + [System.UInt32] + $DAFChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DAFCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DAFCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DAFCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DBCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DBCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DBCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DDCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DDCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DDCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DSCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DSCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DSCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DTCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DTCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DTCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DSTACMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DSTACRequestTimeout, + + [Parameter()] + [System.UInt32] + $DSTACChannelOpenTimeOut, + + [Parameter()] + [System.Management.Automation.PSCredential] + $InstallAccount + ) + + Write-Verbose -Message "Setting the Distributed Cache Client Settings" + + if ($Ensure -eq "Present") + { + Invoke-SPDSCCommand -Credential $InstallAccount ` + -Arguments $PSBoundParameters ` + -ScriptBlock { + $params = $args[0] + + #DistributedLogonTokenCache + $DLTC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedLogonTokenCache" + $DLTC.MaxConnectionsToServer = $params.DLTCMaxConnectionsToServer + $DLTC.RequestTimeout = $params.DLTCRequestTimeout + $DLTC.ChannelOpenTimeOut = $params.DLTCChannelOpenTimeOut + Set-SPDistributedCacheClientSetting -ContainerType "DistributedLogonTokenCache" $DLTC + + #DistributedViewStateCache + $DVSC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedViewStateCache" + $DVSC.MaxConnectionsToServer = $params.DVSCMaxConnectionsToServer + $DVSC.RequestTimeout = $params.DVSCRequestTimeout + $DVSC.ChannelOpenTimeOut = $params.DVSCChannelOpenTimeOut + Set-SPDistributedCacheClientSetting -ContainerType "DistributedViewStateCache" $DVSC + + #DistributedAccessCache + $DAC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedAccessCache" + $DAC.MaxConnectionsToServer = $params.DACMaxConnectionsToServer + $DAC.RequestTimeout = $params.DACRequestTimeout + $DAC.ChannelOpenTimeOut = $params.DACChannelOpenTimeOut + Set-SPDistributedCacheClientSetting -ContainerType "DistributedAccessCache" $DAC + + #DistributedActivityFeedCache + $DAF = Get-SPDistributedCacheClientSetting -ContainerType "DistributedActivityFeedCache" + $DAF.MaxConnectionsToServer = $params.DAFMaxConnectionsToServer + $DAF.RequestTimeout = $params.DAFRequestTimeout + $DAF.ChannelOpenTimeOut = $params.DAFChannelOpenTimeOut + Set-SPDistributedCacheClientSetting -ContainerType "DistributedActivityFeedCache" $DAF + + #DistributedActivityFeedLMTCache + $DAFC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedActivityFeedLMTCache" + $DAFC.MaxConnectionsToServer = $params.DAFCMaxConnectionsToServer + $DAFC.RequestTimeout = $params.DAFCRequestTimeout + $DAFC.ChannelOpenTimeOut = $params.DAFCChannelOpenTimeOut + Set-SPDistributedCacheClientSetting -ContainerType "DistributedActivityFeedLMTCache" $DAFC + + #DistributedBouncerCache + $DBC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedBouncerCache" + $DBC.MaxConnectionsToServer = $params.DBCMaxConnectionsToServer + $DBC.RequestTimeout = $params.DBCRequestTimeout + $DBC.ChannelOpenTimeOut = $params.DBCChannelOpenTimeOut + Set-SPDistributedCacheClientSetting -ContainerType "DistributedBouncerCache" $DBC + + #DistributedDefaultCache + $DDC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedDefaultCache" + $DDC.MaxConnectionsToServer = $params.DDCMaxConnectionsToServer + $DDC.RequestTimeout = $params.DDCRequestTimeout + $DDC.ChannelOpenTimeOut = $params.DDCChannelOpenTimeOut + Set-SPDistributedCacheClientSetting -ContainerType "DistributedDefaultCache" $DDC + + #DistributedSearchCache + $DSC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedSearchCache" + $DSC.MaxConnectionsToServer = $params.DSCMaxConnectionsToServer + $DSC.RequestTimeout = $params.DSCRequestTimeout + $DSC.ChannelOpenTimeOut = $params.DSCChannelOpenTimeOut + Set-SPDistributedCacheClientSetting -ContainerType "DistributedSearchCache" $DSC + + #DistributedSecurityTrimmingCache + $DTC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedSecurityTrimmingCache" + $DTC.MaxConnectionsToServer = $params.DTCMaxConnectionsToServer + $DTC.RequestTimeout = $params.DTCRequestTimeout + $DTC.ChannelOpenTimeOut = $params.DTCChannelOpenTimeOut + Set-SPDistributedCacheClientSetting -ContainerType "DistributedSecurityTrimmingCache" $DTC + + #DistributedServerToAppServerAccessTokenCache + $DSTAC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedServerToAppServerAccessTokenCache" + $DSTAC.MaxConnectionsToServer = $params.DSTACMaxConnectionsToServer + $DSTAC.RequestTimeout = $params.DSTACRequestTimeout + $DSTAC.ChannelOpenTimeOut = $params.DSTACChannelOpenTimeOut + Set-SPDistributedCacheClientSetting -ContainerType "DistributedServerToAppServerAccessTokenCache" $DSTAC + } + } + else + { + throw "The SPDistributedCacheClientSettings resource only supports Ensure='Present'." + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet("Present","Absent")] + [System.String] + $Ensure, + + [Parameter()] + [System.UInt32] + $DLTCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DLTCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DLTCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DVSCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DVSCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DVSCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DACMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DACRequestTimeout, + + [Parameter()] + [System.UInt32] + $DACChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DAFMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DAFRequestTimeout, + + [Parameter()] + [System.UInt32] + $DAFChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DAFCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DAFCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DAFCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DBCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DBCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DBCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DDCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DDCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DDCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DSCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DSCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DSCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DTCMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DTCRequestTimeout, + + [Parameter()] + [System.UInt32] + $DTCChannelOpenTimeOut, + + [Parameter()] + [System.UInt32] + $DSTACMaxConnectionsToServer, + + [Parameter()] + [System.UInt32] + $DSTACRequestTimeout, + + [Parameter()] + [System.UInt32] + $DSTACChannelOpenTimeOut, + + [Parameter()] + [System.Management.Automation.PSCredential] + $InstallAccount + ) + + Write-Verbose -Message "Testing the Distributed Cache Client Settings" + + $PSBoundParameters.Ensure = $Ensure + + $CurrentValues = Get-TargetResource @PSBoundParameters + + return Test-SPDscParameterState -CurrentValues $CurrentValues ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck @("Ensure") +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/Readme.md b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/Readme.md new file mode 100644 index 000000000..b74dc6aa3 --- /dev/null +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/Readme.md @@ -0,0 +1,9 @@ +# Description + +This resource is responsible for configuring the distributed cache client +settings. It only accepts Ensure='Present' as a key. The resource can +configure the following cache components: DistributedLogonTokenCache, +DistributedViewStateCache, DistributedAccessCache, +DistributedActivityFeedCache, DistributedActivityFeedLMTCache, +DistributedBouncerCache, DistributedDefaultCache, DistributedSearchCache, +DistributedSecurityTrimmingCache, and DistributedServerToAppServerAccessTokenCache. diff --git a/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 b/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 new file mode 100644 index 000000000..4ee77317c --- /dev/null +++ b/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 @@ -0,0 +1,65 @@ +[CmdletBinding()] +param( + [Parameter()] + [string] + $SharePointCmdletModule = (Join-Path -Path $PSScriptRoot ` + -ChildPath "..\Stubs\SharePoint\15.0.4805.1000\Microsoft.SharePoint.PowerShell.psm1" ` + -Resolve) +) + +Import-Module -Name (Join-Path -Path $PSScriptRoot ` + -ChildPath "..\UnitTestHelper.psm1" ` + -Resolve) + +$Global:SPDscHelper = New-SPDscUnitTestHelper -SharePointStubModule $SharePointCmdletModule ` + -DscResource "SPDistributedCacheClientSettings" ` + -IncludeDistributedCacheStubs + +Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:SPDscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:SPDscHelper.InitializeScript -NoNewScope + + # Mocks for all contexts + + Mock -CommandName Set-SPDistributedCacheClientSetting{} + Mock -CommandName Get-SPDistributedCacheClientSetting -MockWith { + return @{ + MaxConnectionsToServer = 3 + RequestTimeout = 1000 + ChannelOpenTimeOut = 1000 + } } + + # Test contexts + Context -Name "Ensure is set to Absent" -Fixture { + $testParams = @{ + Ensure = "Absent" + } + + It "Should throw an error complaining that Ensure can't be Absent" { + { Set-TargetResource @testParams } | Should Throw "The SPDistributedCacheClientSettings resource only supports Ensure='Present'." + } + } + + Context -Name "Some Distributed Cache Client Settings are Properly Configured" -Fixture { + $testParams = @{ + Ensure = "Present" + DTCChannelOpenTimeOut = 1500 + DSCMaxConnectionsToServer = 5 + } + + It "Should return Ensure equals Present" { + (Get-TargetResource @testParams).Ensure | Should Be "Present" + } + + It "Should properly set the settings" { + Set-TargetResource @testParams + } + + It "Should successfully test the resource" { + (Test-TargetResource @testParams) | Should Be $true + } + } + } +} + +Invoke-Command -ScriptBlock $Global:SPDscHelper.CleanupScript -NoNewScope From c9758ac24c364dcc50e790f0cc98685f58dd51f1 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 16 Feb 2018 09:09:46 -0500 Subject: [PATCH 12/39] Examples and ChangeLog --- CHANGELOG.md | 2 + .../1-ConfigureClientSettings.ps1 | 52 +++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 Modules/SharePointDsc/Examples/Resources/SPDistributedCacheClientSettings/1-ConfigureClientSettings.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index f53540762..242c391b8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,8 @@ # Change log for SharePointDsc ## Unreleased +* SPDistributedCacheClientSettings + * Added the new resource * General * Updated the integration tests for building the Azure environment diff --git a/Modules/SharePointDsc/Examples/Resources/SPDistributedCacheClientSettings/1-ConfigureClientSettings.ps1 b/Modules/SharePointDsc/Examples/Resources/SPDistributedCacheClientSettings/1-ConfigureClientSettings.ps1 new file mode 100644 index 000000000..87b1725f1 --- /dev/null +++ b/Modules/SharePointDsc/Examples/Resources/SPDistributedCacheClientSettings/1-ConfigureClientSettings.ps1 @@ -0,0 +1,52 @@ +<# +.EXAMPLE + This example configures the distributed cache client settings. +#> + + Configuration Example + { + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $SetupAccount + ) + Import-DscResource -ModuleName SharePointDsc + + node localhost { + SPDistributedCacheClientsettings Settings + { + Ensure = "Present" + DLTCMaxConnectionsToServer = 3 + DLTCRequestTimeout = 1000 + DLTCChannelOpenTimeOut = 1000 + DVSCMaxConnectionsToServer = 3 + DVSCRequestTimeout = 1000 + DVSCChannelOpenTimeOut = 1000 + DACMaxConnectionsToServer = 3 + DACRequestTimeout = 1000 + DACChannelOpenTimeOut = 1000 + DAFMaxConnectionsToServer = 3 + DAFRequestTimeout = 1000 + DAFChannelOpenTimeOut = 1000 + DAFCMaxConnectionsToServer = 3 + DAFCRequestTimeout = 1000 + DAFCChannelOpenTimeOut = 1000 + DBCMaxConnectionsToServer = 3 + DBCRequestTimeout = 1000 + DBCChannelOpenTimeOut = 1000 + DDCMaxConnectionsToServer = 3 + DDCRequestTimeout = 1000 + DDCChannelOpenTimeOut = 1000 + DSCMaxConnectionsToServer = 3 + DSCRequestTimeout = 1000 + DSCChannelOpenTimeOut = 1000 + DTCMaxConnectionsToServer = 3 + DTCRequestTimeout = 1000 + DTCChannelOpenTimeOut = 1000 + DSTACMaxConnectionsToServer = 3 + DSTACRequestTimeout = 1000 + DSTACChannelOpenTimeOut = 1000 + InstallAccount = $SetupAccount + } + } + } From ec2a7496b57661367ad0148aa716011a9958d819 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 16 Feb 2018 10:25:00 -0500 Subject: [PATCH 13/39] Fixes --- ...f => MSFT_SPDistributedCacheClientSettings.schema.mof} | 0 .../1-ConfigureClientSettings.ps1 | 8 ++++---- 2 files changed, 4 insertions(+), 4 deletions(-) rename Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/{MSFT_SPDistributedCacheClientSettings.mof => MSFT_SPDistributedCacheClientSettings.schema.mof} (100%) diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.mof b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.schema.mof similarity index 100% rename from Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.mof rename to Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.schema.mof diff --git a/Modules/SharePointDsc/Examples/Resources/SPDistributedCacheClientSettings/1-ConfigureClientSettings.ps1 b/Modules/SharePointDsc/Examples/Resources/SPDistributedCacheClientSettings/1-ConfigureClientSettings.ps1 index 87b1725f1..c5f8b9158 100644 --- a/Modules/SharePointDsc/Examples/Resources/SPDistributedCacheClientSettings/1-ConfigureClientSettings.ps1 +++ b/Modules/SharePointDsc/Examples/Resources/SPDistributedCacheClientSettings/1-ConfigureClientSettings.ps1 @@ -3,7 +3,7 @@ This example configures the distributed cache client settings. #> - Configuration Example + Configuration Example { param( [Parameter(Mandatory = $true)] @@ -13,10 +13,10 @@ Import-DscResource -ModuleName SharePointDsc node localhost { - SPDistributedCacheClientsettings Settings + SPDistributedCacheClientSettings Settings { - Ensure = "Present" - DLTCMaxConnectionsToServer = 3 + Ensure = "Present" + DLTCMaxConnectionsToServer = 3 DLTCRequestTimeout = 1000 DLTCChannelOpenTimeOut = 1000 DVSCMaxConnectionsToServer = 3 From b09d37b3e9b09789b158f495b5ff16a57bc76b01 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 16 Feb 2018 12:45:56 -0500 Subject: [PATCH 14/39] Added checks for null values --- ...MSFT_SPDistributedCacheClientSettings.psm1 | 151 ++++++++++++++---- ...PDistributedCacheClientSettings.schema.mof | 4 +- appveyor.yml | 2 +- 3 files changed, 124 insertions(+), 33 deletions(-) diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 index d588e36d2..72a325e3a 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 @@ -380,72 +380,163 @@ function Set-TargetResource #DistributedLogonTokenCache $DLTC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedLogonTokenCache" - $DLTC.MaxConnectionsToServer = $params.DLTCMaxConnectionsToServer - $DLTC.RequestTimeout = $params.DLTCRequestTimeout - $DLTC.ChannelOpenTimeOut = $params.DLTCChannelOpenTimeOut + + if($params.DLTCMaxConnectionsToServer) + { + $DLTC.MaxConnectionsToServer = $params.DLTCMaxConnectionsToServer + } + if($params.DLTCRequestTimeout) + { + $DLTC.RequestTimeout = $params.DLTCRequestTimeout + } + if($params.DLTCChannelOpenTimeOut) + { + $DLTC.ChannelOpenTimeOut = $params.DLTCChannelOpenTimeOut + } Set-SPDistributedCacheClientSetting -ContainerType "DistributedLogonTokenCache" $DLTC #DistributedViewStateCache $DVSC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedViewStateCache" - $DVSC.MaxConnectionsToServer = $params.DVSCMaxConnectionsToServer - $DVSC.RequestTimeout = $params.DVSCRequestTimeout - $DVSC.ChannelOpenTimeOut = $params.DVSCChannelOpenTimeOut + if($params.DVSCMaxConnectionsToServer) + { + $DVSC.MaxConnectionsToServer = $params.DVSCMaxConnectionsToServer + } + if($params.DVSCRequestTimeout) + { + $DVSC.RequestTimeout = $params.DVSCRequestTimeout + } + if($params.DVSCChannelOpenTimeOut) + { + $DVSC.ChannelOpenTimeOut = $params.DVSCChannelOpenTimeOut + } Set-SPDistributedCacheClientSetting -ContainerType "DistributedViewStateCache" $DVSC #DistributedAccessCache $DAC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedAccessCache" - $DAC.MaxConnectionsToServer = $params.DACMaxConnectionsToServer - $DAC.RequestTimeout = $params.DACRequestTimeout - $DAC.ChannelOpenTimeOut = $params.DACChannelOpenTimeOut + if($params.DACMaxConnectionsToServer) + { + $DAC.MaxConnectionsToServer = $params.DACMaxConnectionsToServer + } + if($params.DACRequestTimeout) + { + $DAC.RequestTimeout = $params.DACRequestTimeout + } + if($params.DACChannelOpenTimeOut) + { + $DAC.ChannelOpenTimeOut = $params.DACChannelOpenTimeOut + } Set-SPDistributedCacheClientSetting -ContainerType "DistributedAccessCache" $DAC #DistributedActivityFeedCache $DAF = Get-SPDistributedCacheClientSetting -ContainerType "DistributedActivityFeedCache" - $DAF.MaxConnectionsToServer = $params.DAFMaxConnectionsToServer - $DAF.RequestTimeout = $params.DAFRequestTimeout - $DAF.ChannelOpenTimeOut = $params.DAFChannelOpenTimeOut + if($params.DAFMaxConnectionsToServer) + { + $DAF.MaxConnectionsToServer = $params.DAFMaxConnectionsToServer + } + if($params.DAFRequestTimeout) + { + $DAF.RequestTimeout = $params.DAFRequestTimeout + } + if($params.DAFChannelOpenTimeOut) + { + $DAF.ChannelOpenTimeOut = $params.DAFChannelOpenTimeOut + } Set-SPDistributedCacheClientSetting -ContainerType "DistributedActivityFeedCache" $DAF #DistributedActivityFeedLMTCache $DAFC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedActivityFeedLMTCache" - $DAFC.MaxConnectionsToServer = $params.DAFCMaxConnectionsToServer - $DAFC.RequestTimeout = $params.DAFCRequestTimeout - $DAFC.ChannelOpenTimeOut = $params.DAFCChannelOpenTimeOut + if($params.DAFCMaxConnectionsToServer) + { + $DAFC.MaxConnectionsToServer = $params.DAFCMaxConnectionsToServer + } + if($params.DAFCRequestTimeout) + { + $DAFC.RequestTimeout = $params.DAFCRequestTimeout + } + if($params.DAFCChannelOpenTimeOut) + { + $DAFC.ChannelOpenTimeOut = $params.DAFCChannelOpenTimeOut + } Set-SPDistributedCacheClientSetting -ContainerType "DistributedActivityFeedLMTCache" $DAFC #DistributedBouncerCache $DBC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedBouncerCache" - $DBC.MaxConnectionsToServer = $params.DBCMaxConnectionsToServer - $DBC.RequestTimeout = $params.DBCRequestTimeout - $DBC.ChannelOpenTimeOut = $params.DBCChannelOpenTimeOut + if($params.DBCMaxConnectionsToServer) + { + $DBC.MaxConnectionsToServer = $params.DBCMaxConnectionsToServer + } + if($params.DBCRequestTimeout) + { + $DBC.RequestTimeout = $params.DBCRequestTimeout + } + if($params.DBCChannelOpenTimeOut) + { + $DBC.ChannelOpenTimeOut = $params.DBCChannelOpenTimeOut + } Set-SPDistributedCacheClientSetting -ContainerType "DistributedBouncerCache" $DBC #DistributedDefaultCache $DDC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedDefaultCache" - $DDC.MaxConnectionsToServer = $params.DDCMaxConnectionsToServer - $DDC.RequestTimeout = $params.DDCRequestTimeout - $DDC.ChannelOpenTimeOut = $params.DDCChannelOpenTimeOut + if($params.DDCMaxConnectionsToServer) + { + $DDC.MaxConnectionsToServer = $params.DDCMaxConnectionsToServer + } + if($params.DDCRequestTimeout) + { + $DDC.RequestTimeout = $params.DDCRequestTimeout + } + if($params.DDCChannelOpenTimeOut) + { + $DDC.ChannelOpenTimeOut = $params.DDCChannelOpenTimeOut + } Set-SPDistributedCacheClientSetting -ContainerType "DistributedDefaultCache" $DDC #DistributedSearchCache $DSC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedSearchCache" - $DSC.MaxConnectionsToServer = $params.DSCMaxConnectionsToServer - $DSC.RequestTimeout = $params.DSCRequestTimeout - $DSC.ChannelOpenTimeOut = $params.DSCChannelOpenTimeOut + if($params.DSCMaxConnectionsToServer) + { + $DSC.MaxConnectionsToServer = $params.DSCMaxConnectionsToServer + } + if($params.DSCRequestTimeout) + { + $DSC.RequestTimeout = $params.DSCRequestTimeout + } + if($params.DSCChannelOpenTimeOut) + { + $DSC.ChannelOpenTimeOut = $params.DSCChannelOpenTimeOut + } Set-SPDistributedCacheClientSetting -ContainerType "DistributedSearchCache" $DSC #DistributedSecurityTrimmingCache $DTC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedSecurityTrimmingCache" - $DTC.MaxConnectionsToServer = $params.DTCMaxConnectionsToServer - $DTC.RequestTimeout = $params.DTCRequestTimeout - $DTC.ChannelOpenTimeOut = $params.DTCChannelOpenTimeOut + if($params.DTCMaxConnectionsToServer) + { + $DTC.MaxConnectionsToServer = $params.DTCMaxConnectionsToServer + } + if($params.DTCRequestTimeout) + { + $DTC.RequestTimeout = $params.DTCRequestTimeout + } + if($params.DTCChannelOpenTimeOut) + { + $DTC.ChannelOpenTimeOut = $params.DTCChannelOpenTimeOut + } Set-SPDistributedCacheClientSetting -ContainerType "DistributedSecurityTrimmingCache" $DTC #DistributedServerToAppServerAccessTokenCache $DSTAC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedServerToAppServerAccessTokenCache" - $DSTAC.MaxConnectionsToServer = $params.DSTACMaxConnectionsToServer - $DSTAC.RequestTimeout = $params.DSTACRequestTimeout - $DSTAC.ChannelOpenTimeOut = $params.DSTACChannelOpenTimeOut + if($params.DSTACMaxConnectionsToServer) + { + $DSTAC.MaxConnectionsToServer = $params.DSTACMaxConnectionsToServer + } + if($params.DSTACRequestTimeout) + { + $DSTAC.RequestTimeout = $params.DSTACRequestTimeout + } + if($params.DSTACChannelOpenTimeOut) + { + $DSTAC.ChannelOpenTimeOut = $params.DSTACChannelOpenTimeOut + } Set-SPDistributedCacheClientSetting -ContainerType "DistributedServerToAppServerAccessTokenCache" $DSTAC } } diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.schema.mof b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.schema.mof index 14435bf6a..8950b9f0e 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.schema.mof +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.schema.mof @@ -3,8 +3,8 @@ class MSFT_SPDistributedCacheClientSettings : OMI_BaseResource { [Key, Description("Present to initiate the configuration of the settings. Absent is not supported"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Maximum number of connections to the Distributed Logon Token Cache")] UInt32 DLTCMaxConnectionsToServer; - [Write, Description("Request timeout for the Distributed Logon Token Cache")] DLTCRequestTimeout; - [Write, Description("Channel timeout for the Distributed Logon Token Cache")] DLTCChannelOpenTimeOut; + [Write, Description("Request timeout for the Distributed Logon Token Cache")] UInt32 DLTCRequestTimeout; + [Write, Description("Channel timeout for the Distributed Logon Token Cache")] UInt32 DLTCChannelOpenTimeOut; [Write, Description("Maximum number of connections to the Distributed View State Cache")] UInt32 DVSCMaxConnectionsToServer; [Write, Description("Request timeout for the Distributed View State Cache")] UInt32 DVSCRequestTimeout; [Write, Description("Channel timeout for the Distributed View State Cache")] UInt32 DVSCChannelOpenTimeOut; diff --git a/appveyor.yml b/appveyor.yml index 5a37fd3b4..49d59a557 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -1,4 +1,4 @@ -version: 2.1.0.{build} +version: 2.2.0.{build} image: WMF 5 install: From a9781c1ec3b412a0a567d2d810954cb5b84c8e25 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 16 Feb 2018 14:36:16 -0500 Subject: [PATCH 15/39] Blank line surrounding lists in changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 242c391b8..e0f545fa4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ # Change log for SharePointDsc ## Unreleased + * SPDistributedCacheClientSettings * Added the new resource From 8b0cda8d31e4ebe2b81b222459d51d3a811608e0 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 16 Feb 2018 14:42:13 -0500 Subject: [PATCH 16/39] Updated tests for additional code coverage --- ...SPDistributedCacheClientSettings.Tests.ps1 | 30 ++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 b/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 index 4ee77317c..1e56e5a2d 100644 --- a/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 +++ b/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 @@ -43,8 +43,36 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Context -Name "Some Distributed Cache Client Settings are Properly Configured" -Fixture { $testParams = @{ Ensure = "Present" - DTCChannelOpenTimeOut = 1500 + DLTCMaxConnectionsToServer = 5 + DLTCRequestTimeout = 1000 + DLTCChannelOpenTimeOut = 1000 + DVSCMaxConnectionsToServer = 3 + DVSCRequestTimeout = 1000 + DVSCChannelOpenTimeOut = 1000 + DACMaxConnectionsToServer = 3 + DACRequestTimeout = 1000 + DACChannelOpenTimeOut = 1000 + DAFMaxConnectionsToServer = 3 + DAFRequestTimeout = 1000 + DAFChannelOpenTimeOut = 1000 + DAFCMaxConnectionsToServer = 3 + DAFCRequestTimeout = 1000 + DAFCChannelOpenTimeOut = 1000 + DBCMaxConnectionsToServer = 3 + DBCRequestTimeout = 1000 + DBCChannelOpenTimeOut = 1000 + DDCMaxConnectionsToServer = 3 + DDCRequestTimeout = 1000 + DDCChannelOpenTimeOut = 1000 DSCMaxConnectionsToServer = 5 + DSCRequestTimeout = 1000 + DSCChannelOpenTimeOut = 1000 + DTCMaxConnectionsToServer = 3 + DTCRequestTimeout = 1000 + DTCChannelOpenTimeOut = 1500 + DSTACMaxConnectionsToServer = 3 + DSTACRequestTimeout = 1000 + DSTACChannelOpenTimeOut = 1000 } It "Should return Ensure equals Present" { From 78648c1e2e1c172befaf58b987edb03d18dbe729 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 23 Feb 2018 15:11:53 -0500 Subject: [PATCH 17/39] Fixes Visio SA issue --- CHANGELOG.md | 16 ++++++++++++---- .../MSFT_SPVisioServiceApp.psm1 | 2 +- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f53540762..512abbd65 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,16 @@ ## Unreleased +* SPDistributedCacheClientSettings + * Added the new resource +* SPAlternateURL + * If resource specifies Central Admin webapp and Default Zone, the existing + AAM will be updated instead of adding a new one +* SPVisioServiceApp + * Fixed issue where proxy is not properly getting created + +## 2.1 + * General * Updated the integration tests for building the Azure environment * Works in any Azure environment. @@ -31,15 +41,13 @@ * Fixed issue with correctly retrieving the process identity for the Search instance * Added support for LocalSystem, LocalService and NetworkService -* SPUserProfileSyncConnection - * Fixed issues with the User Profile Sync connection for SharePoint - 2016 * SPUserProfileProperty * Fixed issues with the User Profile properties for 2016 * SPUserProfileServiceAppPermissions * Removed the mandatory requirement from secondary parameters * SPUserProfileSyncConnection - * Fixed issues with the User Profile Sync connection for 2016 + * Fixed issues with the User Profile Sync connection for SharePoint + 2016 * SPUserProfileSyncService * Added returning the FarmAccount to the Get method * SPWebAppAuthentication diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPVisioServiceApp/MSFT_SPVisioServiceApp.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPVisioServiceApp/MSFT_SPVisioServiceApp.psm1 index 8e96a2ea2..17b264293 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPVisioServiceApp/MSFT_SPVisioServiceApp.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPVisioServiceApp/MSFT_SPVisioServiceApp.psm1 @@ -133,7 +133,7 @@ function Set-TargetResource if ($null -ne $visioApp) { New-SPVisioServiceApplicationProxy -Name $pName ` - -ServiceApplication $visioApp | Out-Null + -ServiceApplication $visioApp.Name | Out-Null } } } From d8be0a5fb812852096e54e9236877b4a57d9350a Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Tue, 27 Feb 2018 17:15:48 +0100 Subject: [PATCH 18/39] Updated UPS and some other bugfixes --- CHANGELOG.md | 18 ++ .../MSFT_SPContentDatabase.psm1 | 63 +++--- .../MSFT_SPFarmAdministrators.psm1 | 184 +++++++++--------- .../MSFT_SPUserProfileServiceApp.psm1 | 88 +++++---- .../MSFT_SPUserProfileServiceApp.schema.mof | 1 - .../MSFT_SPUserProfileSyncService.psm1 | 89 +++++---- .../MSFT_SPUserProfileSyncService.schema.mof | 2 +- .../MSFT_SPUserProfileSyncService/readme.md | 2 +- .../SharePointDsc.Util.psm1 | 24 ++- 9 files changed, 267 insertions(+), 204 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9d6895a65..e97fe3064 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,9 +2,27 @@ ## Unreleased +* SPContentDatabase + * Fixed issue where mounting a content database which had to be upgraded + resulted in a reboot. +* SPFarmAdministrators + * Fixed issue where member comparisons was case sensitive. This had + to be case insensitive. * SPManagedMetadataServiceApp * Fixed issue with creating the Content Type Hub on an existing MMS service app without Content Type Hub. +* SPUserProfileServiceApp + * Fixed issue introduced in v2.0, where the Farm Account had to have + local Administrator permissions for the resource to function properly. + * Updated resource to retrieve the Farm account from the Managed Accounts + instead of requiring it as a parameter +* SPUserProfileSyncService + * Fixed issue introduced in v2.0, where the Farm Account had to have + local Administrator permissions for the resource to function properly. + * Updated resource to retrieve the Farm account from the Managed Accounts + instead of requiring it as a parameter. + * The FarmAccount parameter is depricated and no longer required. Will be + removed in v3.0. ## 2.1 diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPContentDatabase/MSFT_SPContentDatabase.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPContentDatabase/MSFT_SPContentDatabase.psm1 index 29b4e8a3d..f51170b01 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPContentDatabase/MSFT_SPContentDatabase.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPContentDatabase/MSFT_SPContentDatabase.psm1 @@ -7,32 +7,32 @@ function Get-TargetResource [Parameter(Mandatory = $true)] [System.String] $Name, - + [Parameter()] [System.String] $DatabaseServer, - + [Parameter(Mandatory = $true)] [System.String] $WebAppUrl, - + [Parameter()] [System.Boolean] $Enabled, - + [Parameter()] [System.UInt16] $WarningSiteCount, - + [Parameter()] [System.UInt16] $MaximumSiteCount, - + [Parameter()] [ValidateSet("Present","Absent")] [System.String] $Ensure = "Present", - + [Parameter()] [System.Management.Automation.PSCredential] $InstallAccount @@ -44,7 +44,7 @@ function Get-TargetResource -Arguments $PSBoundParameters ` -ScriptBlock { $params = $args[0] - + $cdb = Get-SPDatabase | Where-Object -FilterScript { $_.GetType().FullName -eq "Microsoft.SharePoint.Administration.SPContentDatabase" -and ` $_.Name -eq $params.Name @@ -102,32 +102,32 @@ function Set-TargetResource [Parameter(Mandatory = $true)] [System.String] $Name, - + [Parameter()] [System.String] $DatabaseServer, - + [Parameter(Mandatory = $true)] [System.String] $WebAppUrl, - + [Parameter()] [System.Boolean] $Enabled, - + [Parameter()] [System.UInt16] $WarningSiteCount, - + [Parameter()] [System.UInt16] $MaximumSiteCount, - + [Parameter()] [ValidateSet("Present","Absent")] [System.String] $Ensure = "Present", - + [Parameter()] [System.Management.Automation.PSCredential] $InstallAccount @@ -184,7 +184,7 @@ function Set-TargetResource { $newParams.$($param.Key) = $param.Value } - + if ($param.Key -eq "MaximumSiteCount") { $newParams.MaxSiteCount = $param.Value @@ -215,7 +215,7 @@ function Set-TargetResource { $cdbenabled = $false } - + if ($params.Enabled -ne $cdbenabled) { switch ($params.Enabled) @@ -241,7 +241,7 @@ function Set-TargetResource { $cdbenabled = $false } - + if ($params.ContainsKey("Enabled") -and $params.Enabled -ne $cdbenabled) { switch ($params.Enabled) @@ -256,13 +256,13 @@ function Set-TargetResource } } } - + # Check and change site count settings if ($null -ne $params.WarningSiteCount -and $params.WarningSiteCount -ne $cdb.WarningSiteCount) { $cdb.WarningSiteCount = $params.WarningSiteCount } - + if ($params.MaximumSiteCount -and $params.MaximumSiteCount -ne $cdb.MaximumSiteCount) { $cdb.MaximumSiteCount = $params.MaximumSiteCount @@ -280,12 +280,12 @@ function Set-TargetResource { $newParams.$($param.Key) = $param.Value } - + if ($param.Key -eq "MaximumSiteCount") { $newParams.MaxSiteCount = $param.Value } - + if ($param.Key -eq "WebAppUrl") { $newParams.WebApplication = $param.Value @@ -311,8 +311,9 @@ function Set-TargetResource { $cdbenabled = $false } - - if ($params.Enabled -ne $cdbenabled) + + if ($params.ContainsKey("Enabled") -eq $true -and ` + $params.Enabled -ne $cdbenabled) { switch ($params.Enabled) { @@ -350,32 +351,32 @@ function Test-TargetResource [Parameter(Mandatory = $true)] [System.String] $Name, - + [Parameter()] [System.String] $DatabaseServer, - + [Parameter(Mandatory = $true)] [System.String] $WebAppUrl, - + [Parameter()] [System.Boolean] $Enabled, - + [Parameter()] [System.UInt16] $WarningSiteCount, - + [Parameter()] [System.UInt16] $MaximumSiteCount, - + [Parameter()] [ValidateSet("Present","Absent")] [System.String] $Ensure = "Present", - + [Parameter()] [System.Management.Automation.PSCredential] $InstallAccount diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPFarmAdministrators/MSFT_SPFarmAdministrators.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPFarmAdministrators/MSFT_SPFarmAdministrators.psm1 index 0dfa103e0..bb0a22201 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPFarmAdministrators/MSFT_SPFarmAdministrators.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPFarmAdministrators/MSFT_SPFarmAdministrators.psm1 @@ -4,36 +4,36 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter(Mandatory = $true)] - [System.String] + [Parameter(Mandatory = $true)] + [System.String] $Name, - [Parameter()] - [System.String[]] + [Parameter()] + [System.String[]] $Members, - [Parameter()] - [System.String[]] + [Parameter()] + [System.String[]] $MembersToInclude, - [Parameter()] - [System.String[]] + [Parameter()] + [System.String[]] $MembersToExclude, - [Parameter()] - [System.Management.Automation.PSCredential] + [Parameter()] + [System.Management.Automation.PSCredential] $InstallAccount ) Write-Verbose -Message "Getting Farm Administrators configuration" - if ($Members -and (($MembersToInclude) -or ($MembersToExclude))) + if ($Members -and (($MembersToInclude) -or ($MembersToExclude))) { throw ("Cannot use the Members parameter together with the " + ` "MembersToInclude or MembersToExclude parameters") } - if (!$Members -and !$MembersToInclude -and !$MembersToExclude) + if (!$Members -and !$MembersToInclude -and !$MembersToExclude) { throw ("At least one of the following parameters must be specified: " + ` "Members, MembersToInclude, MembersToExclude") @@ -46,10 +46,10 @@ function Get-TargetResource $webApps = Get-SPwebapplication -IncludeCentralAdministration $caWebapp = $webApps | Where-Object -FilterScript { - $_.IsAdministrationWebApplication + $_.IsAdministrationWebApplication } - - if ($null -eq $caWebapp) + + if ($null -eq $caWebapp) { Write-Verbose "Unable to locate central administration website" return $null @@ -74,36 +74,36 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter(Mandatory = $true)] - [System.String] + [Parameter(Mandatory = $true)] + [System.String] $Name, - [Parameter()] - [System.String[]] + [Parameter()] + [System.String[]] $Members, - [Parameter()] - [System.String[]] + [Parameter()] + [System.String[]] $MembersToInclude, - [Parameter()] - [System.String[]] + [Parameter()] + [System.String[]] $MembersToExclude, - [Parameter()] - [System.Management.Automation.PSCredential] + [Parameter()] + [System.Management.Automation.PSCredential] $InstallAccount ) Write-Verbose -Message "Setting Farm Administrators configuration" - - if ($Members -and (($MembersToInclude) -or ($MembersToExclude))) + + if ($Members -and (($MembersToInclude) -or ($MembersToExclude))) { throw ("Cannot use the Members parameter together with the " + ` "MembersToInclude or MembersToExclude parameters") } - if (!$Members -and !$MembersToInclude -and !$MembersToExclude) + if (!$Members -and !$MembersToInclude -and !$MembersToExclude) { throw ("At least one of the following parameters must be specified: " + ` "Members, MembersToInclude, MembersToExclude") @@ -117,7 +117,7 @@ function Set-TargetResource $changeUsers = @{} $runChange = $false - + if ($Members) { Write-Verbose "Processing Members parameter" @@ -125,25 +125,25 @@ function Set-TargetResource $differences = Compare-Object -ReferenceObject $CurrentValues.Members ` -DifferenceObject $Members - if ($null -eq $differences) + if ($null -eq $differences) { Write-Verbose "Farm Administrators group matches. No further processing required" - } - else + } + else { Write-Verbose "Farm Administrators group does not match. Perform corrective action" $addUsers = @() $removeUsers = @() - foreach ($difference in $differences) + foreach ($difference in $differences) { - if ($difference.SideIndicator -eq "=>") + if ($difference.SideIndicator -eq "=>") { # Add account $user = $difference.InputObject Write-Verbose "Add $user to Add list" $addUsers += $user - } - elseif ($difference.SideIndicator -eq "<=") + } + elseif ($difference.SideIndicator -eq "<=") { # Remove account $user = $difference.InputObject @@ -152,14 +152,14 @@ function Set-TargetResource } } - if($addUsers.count -gt 0) + if($addUsers.count -gt 0) { Write-Verbose "Adding $($addUsers.Count) users to the Farm Administrators group" $changeUsers.Add = $addUsers $runChange = $true } - if($removeUsers.count -gt 0) + if($removeUsers.count -gt 0) { Write-Verbose "Removing $($removeUsers.Count) users from the Farm Administrators group" $changeUsers.Remove = $removeUsers @@ -168,25 +168,25 @@ function Set-TargetResource } } - if ($MembersToInclude) + if ($MembersToInclude) { Write-Verbose "Processing MembersToInclude parameter" - + $addUsers = @() - foreach ($member in $MembersToInclude) + foreach ($member in $MembersToInclude) { - if (-not($CurrentValues.Members.Contains($member))) + if (-not($CurrentValues.Members -contains $member)) { Write-Verbose "$member is not a Farm Administrator. Add user to Add list" $addUsers += $member - } - else + } + else { Write-Verbose "$member is already a Farm Administrator. Skipping" } } - if($addUsers.count -gt 0) + if($addUsers.count -gt 0) { Write-Verbose "Adding $($addUsers.Count) users to the Farm Administrators group" $changeUsers.Add = $addUsers @@ -194,25 +194,25 @@ function Set-TargetResource } } - if ($MembersToExclude) + if ($MembersToExclude) { Write-Verbose "Processing MembersToExclude parameter" - + $removeUsers = @() - foreach ($member in $MembersToExclude) + foreach ($member in $MembersToExclude) { - if ($CurrentValues.Members.Contains($member)) + if ($CurrentValues.Members -contains $member) { Write-Verbose "$member is a Farm Administrator. Add user to Remove list" $removeUsers += $member - } - else + } + else { Write-Verbose "$member is not a Farm Administrator. Skipping" } } - if($removeUsers.count -gt 0) + if($removeUsers.count -gt 0) { Write-Verbose "Removing $($removeUsers.Count) users from the Farm Administrators group" $changeUsers.Remove = $removeUsers @@ -220,7 +220,7 @@ function Set-TargetResource } } - if ($runChange) + if ($runChange) { Write-Verbose "Apply changes" Merge-SPDscFarmAdminList $changeUsers @@ -234,36 +234,36 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter(Mandatory = $true)] - [System.String] + [Parameter(Mandatory = $true)] + [System.String] $Name, - [Parameter()] - [System.String[]] + [Parameter()] + [System.String[]] $Members, - [Parameter()] - [System.String[]] + [Parameter()] + [System.String[]] $MembersToInclude, - [Parameter()] - [System.String[]] + [Parameter()] + [System.String[]] $MembersToExclude, - [Parameter()] - [System.Management.Automation.PSCredential] + [Parameter()] + [System.Management.Automation.PSCredential] $InstallAccount ) Write-Verbose -Message "Testing Farm Administrators configuration" - - if ($Members -and (($MembersToInclude) -or ($MembersToExclude))) + + if ($Members -and (($MembersToInclude) -or ($MembersToExclude))) { throw ("Cannot use the Members parameter together with the " + ` "MembersToInclude or MembersToExclude parameters") } - if (!$Members -and !$MembersToInclude -and !$MembersToExclude) + if (!$Members -and !$MembersToInclude -and !$MembersToExclude) { throw ("At least one of the following parameters must be specified: " + ` "Members, MembersToInclude, MembersToExclude") @@ -271,23 +271,23 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters - if ($null -eq $CurrentValues) + if ($null -eq $CurrentValues) { - return $false + return $false } - - if ($Members) + + if ($Members) { Write-Verbose "Processing Members parameter" $differences = Compare-Object -ReferenceObject $CurrentValues.Members ` -DifferenceObject $Members - if ($null -eq $differences) + if ($null -eq $differences) { Write-Verbose "Farm Administrators group matches" return $true - } - else + } + else { Write-Verbose "Farm Administrators group does not match" return $false @@ -295,34 +295,34 @@ function Test-TargetResource } $result = $true - if ($MembersToInclude) + if ($MembersToInclude) { Write-Verbose "Processing MembersToInclude parameter" - foreach ($member in $MembersToInclude) + foreach ($member in $MembersToInclude) { - if (-not($CurrentValues.Members -contains $member)) + if (-not($CurrentValues.Members -contains $member)) { Write-Verbose "$member is not a Farm Administrator. Set result to false" $result = $false - } - else + } + else { Write-Verbose "$member is already a Farm Administrator. Skipping" } } } - if ($MembersToExclude) + if ($MembersToExclude) { Write-Verbose "Processing MembersToExclude parameter" - foreach ($member in $MembersToExclude) + foreach ($member in $MembersToExclude) { - if ($CurrentValues.Members -contains $member) + if ($CurrentValues.Members -contains $member) { Write-Verbose "$member is a Farm Administrator. Set result to false" $result = $false - } - else + } + else { Write-Verbose "$member is not a Farm Administrator. Skipping" } @@ -332,11 +332,11 @@ function Test-TargetResource return $result } -function Merge-SPDscFarmAdminList +function Merge-SPDscFarmAdminList { param ( - [Parameter()] - [Hashtable] + [Parameter()] + [Hashtable] $changeUsers ) @@ -345,7 +345,7 @@ function Merge-SPDscFarmAdminList $webApps = Get-SPwebapplication -IncludeCentralAdministration $caWebapp = $webApps | Where-Object -FilterScript { - $_.IsAdministrationWebApplication + $_.IsAdministrationWebApplication } if ($null -eq $caWebapp) { @@ -354,17 +354,17 @@ function Merge-SPDscFarmAdminList $caWeb = Get-SPweb($caWebapp.Url) $farmAdminGroup = $caWeb.AssociatedOwnerGroup - if ($changeUsers.ContainsKey("Add")) + if ($changeUsers.ContainsKey("Add")) { - foreach ($loginName in $changeUsers.Add) + foreach ($loginName in $changeUsers.Add) { $caWeb.SiteGroups.GetByName($farmAdminGroup).AddUser($loginName,"","","") } } - - if ($changeUsers.ContainsKey("Remove")) + + if ($changeUsers.ContainsKey("Remove")) { - foreach ($loginName in $changeUsers.Remove) + foreach ($loginName in $changeUsers.Remove) { $removeUser = get-spuser $loginName -web $caWebapp.Url $caWeb.SiteGroups.GetByName($farmAdminGroup).RemoveUser($removeUser) diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 index 8ac153838..e46f57f3d 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 @@ -16,10 +16,6 @@ function Get-TargetResource [System.String] $ApplicationPool, - [parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $FarmAccount, - [Parameter()] [System.String] $MySiteHostLocation, @@ -68,18 +64,18 @@ function Get-TargetResource Write-Verbose -Message "Getting user profile service application $Name" - $farmAccountName = Invoke-SPDSCCommand -Credential $InstallAccount ` + $farmAccount = Invoke-SPDSCCommand -Credential $InstallAccount ` -Arguments $PSBoundParameters ` -ScriptBlock { - return Get-SPDSCFarmAccountName + return Get-SPDscFarmAccount } - if ($null -ne $farmAccountName) + if ($null -ne $farmAccount) { if ($PSBoundParameters.ContainsKey("InstallAccount") -eq $true) { # InstallAccount used - if ($InstallAccount.UserName -eq $farmAccountName) + if ($InstallAccount.UserName -eq $farmAccount.UserName) { throw ("Specified InstallAccount ($($InstallAccount.UserName)) is the Farm " + ` "Account. Make sure the specified InstallAccount isn't the Farm Account " + ` @@ -93,7 +89,7 @@ function Get-TargetResource { # PSDSCRunAsCredential used $localaccount = "$($Env:USERDOMAIN)\$($Env:USERNAME)" - if ($localaccount -eq $farmAccountName) + if ($localaccount -eq $farmAccount.UserName) { throw ("Specified PSDSCRunAsCredential ($localaccount) is the Farm " + ` "Account. Make sure the specified PSDSCRunAsCredential isn't the " + ` @@ -101,13 +97,6 @@ function Get-TargetResource } } } - - if ($FarmAccount.UserName -ne $farmAccountName) - { - throw ("Specified FarmAccount ($($FarmAccount.UserName)) isn't the Farm " + ` - "Account. Make sure the specified FarmAccount is the actual Farm " + ` - "Account and try again") - } } else { @@ -140,8 +129,8 @@ function Get-TargetResource else { $databases = @{} - $propertyFlags = [System.Reflection.BindingFlags]::Instance ` - -bor [System.Reflection.BindingFlags]::NonPublic + $propertyFlags = [System.Reflection.BindingFlags]::Instance -bor ` + [System.Reflection.BindingFlags]::NonPublic $propData = $serviceApp.GetType().GetProperties($propertyFlags) @@ -175,7 +164,6 @@ function Get-TargetResource Name = $serviceApp.DisplayName ProxyName = $proxyName ApplicationPool = $serviceApp.ApplicationPool.Name - FarmAccount = $farmAccountName MySiteHostLocation = $params.MySiteHostLocation ProfileDBName = $databases.ProfileDatabase.Name ProfileDBServer = $databases.ProfileDatabase.NormalizedDataSource @@ -210,10 +198,6 @@ function Set-TargetResource [System.String] $ApplicationPool, - [parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $FarmAccount, - [Parameter()] [System.String] $MySiteHostLocation, @@ -264,18 +248,18 @@ function Set-TargetResource if ($Ensure -eq "Present") { - $farmAccountName = Invoke-SPDSCCommand -Credential $InstallAccount ` + $farmAccount = Invoke-SPDSCCommand -Credential $InstallAccount ` -Arguments $PSBoundParameters ` -ScriptBlock { - return Get-SPDSCFarmAccountName + return Get-SPDscFarmAccount } - if ($null -ne $farmAccountName) + if ($null -ne $farmAccount) { if ($PSBoundParameters.ContainsKey("InstallAccount") -eq $true) { # InstallAccount used - if ($InstallAccount.UserName -eq $farmAccountName) + if ($InstallAccount.UserName -eq $farmAccount.UserName) { throw ("Specified InstallAccount ($($InstallAccount.UserName)) is the Farm " + ` "Account. Make sure the specified InstallAccount isn't the Farm Account " + ` @@ -289,7 +273,7 @@ function Set-TargetResource { # PSDSCRunAsCredential used $localaccount = "$($Env:USERDOMAIN)\$($Env:USERNAME)" - if ($localaccount -eq $farmAccountName) + if ($localaccount -eq $farmAccount.UserName) { throw ("Specified PSDSCRunAsCredential ($localaccount) is the Farm " + ` "Account. Make sure the specified PSDSCRunAsCredential isn't the " + ` @@ -297,14 +281,6 @@ function Set-TargetResource } } } - - # InstallAccount used - if ($FarmAccount.UserName -ne $farmAccountName) - { - throw ("Specified FarmAccount ($($FarmAccount.UserName)) isn't the Farm " + ` - "Account. Make sure the specified FarmAccount is the actual Farm " + ` - "Account and try again") - } } else { @@ -318,10 +294,25 @@ function Set-TargetResource if (!$isLocalAdmin) { + Write-Verbose -Message "Adding farm account to Local Administrators group" Add-SPDSCUserToLocalAdmin -UserName $farmAccount.UserName - # Cycle the Timer Service so that it picks up the local Admin token + # Cycle the Timer Service and flush Kerberos tickets + # so that it picks up the local Admin token Restart-Service -Name "SPTimerV4" + + $sessions = klist sessions + foreach ($session in $sessions) + { + if ($session.Contains($farmAccount.UserName)) + { + Write-Verbose -Message "Purging Kerberos ticket for $LogonId" + $LogonId = $session.split(' ')[3] + $LogonId = $LogonId.Replace('0:','') + klist -li $LogonId purge | Out-Null + } + + } } $null = Invoke-SPDSCCommand -Credential $FarmAccount ` @@ -353,7 +344,6 @@ function Set-TargetResource { $params.Remove("Ensure") | Out-Null } - $params.Remove("FarmAccount") | Out-Null $params = Rename-SPDSCParamValue -params $params ` -oldName "SyncDBName" ` @@ -407,7 +397,25 @@ function Set-TargetResource # Remove the InstallAccount from the local Administrators group, if it was added above if (!$isLocalAdmin) { + Write-Verbose -Message "Removing farm account from Local Administrators group" Remove-SPDSCUserToLocalAdmin -UserName $farmAccount.UserName + + # Cycle the Timer Service and flush Kerberos tickets + # so that it picks up the local Admin token + Restart-Service -Name "SPTimerV4" + + $sessions = klist sessions + foreach ($session in $sessions) + { + if ($session.Contains($farmAccount.UserName)) + { + Write-Verbose -Message "Purging Kerberos ticket for $LogonId" + $LogonId = $session.split(' ')[3] + $LogonId = $LogonId.Replace('0:','') + klist -li $LogonId purge | Out-Null + } + + } } } @@ -457,10 +465,6 @@ function Test-TargetResource [System.String] $ApplicationPool, - [parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $FarmAccount, - [Parameter()] [System.String] $MySiteHostLocation, diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.schema.mof b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.schema.mof index 8ebad771d..78c3c099d 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.schema.mof +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.schema.mof @@ -4,7 +4,6 @@ class MSFT_SPUserProfileServiceApp : OMI_BaseResource [Key, Description("The name of the user profile service")] string Name; [Write, Description("The proxy name, if not specified will be /Name of service app/ Proxy")] string ProxyName; [Required, Description("The name of the application pool to run the service app in")] string ApplicationPool; - [Required, Description("The farm account, which is needed to provision the service app"), EmbeddedInstance("MSFT_Credential")] String FarmAccount; [Write, Description("The URL of the my site host collection")] string MySiteHostLocation; [Write, Description("The name of the profile database")] string ProfileDBName; [Write, Description("The name of the server to host the profile database")] string ProfileDBServer; diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.psm1 index 535eaf633..86ee94215 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.psm1 @@ -12,7 +12,7 @@ function Get-TargetResource [ValidateSet("Present","Absent")] [System.String] $Ensure = "Present", - [Parameter(Mandatory = $true)] + [Parameter()] [System.Management.Automation.PSCredential] $FarmAccount, @@ -33,18 +33,18 @@ function Get-TargetResource "service via DSC, as 2016 does not use the FIM based sync service.") } - $farmAccountName = Invoke-SPDSCCommand -Credential $InstallAccount ` + $farmAccount = Invoke-SPDSCCommand -Credential $InstallAccount ` -Arguments $PSBoundParameters ` -ScriptBlock { - return Get-SPDSCFarmAccountName + return Get-SPDscFarmAccount } - if ($null -ne $farmAccountName) + if ($null -ne $farmAccount) { if ($PSBoundParameters.ContainsKey("InstallAccount") -eq $true) { # InstallAccount used - if ($InstallAccount.UserName -eq $farmAccountName) + if ($InstallAccount.UserName -eq $farmAccount.UserName) { throw ("Specified InstallAccount ($($InstallAccount.UserName)) is the Farm " + ` "Account. Make sure the specified InstallAccount isn't the Farm Account " + ` @@ -57,7 +57,7 @@ function Get-TargetResource { # PSDSCRunAsCredential used $localaccount = "$($Env:USERDOMAIN)\$($Env:USERNAME)" - if ($localaccount -eq $farmAccountName) + if ($localaccount -eq $farmAccount.UserName) { throw ("Specified PSDSCRunAsCredential ($localaccount) is the Farm " + ` "Account. Make sure the specified PSDSCRunAsCredential isn't the " + ` @@ -65,13 +65,6 @@ function Get-TargetResource } } } - - if ($FarmAccount.UserName -ne $farmAccountName) - { - throw ("Specified FarmAccount ($($FarmAccount.UserName)) isn't the Farm " + ` - "Account. Make sure the specified FarmAccount is the actual Farm " + ` - "Account and try again") - } } else { @@ -160,7 +153,7 @@ function Set-TargetResource [ValidateSet("Present","Absent")] [System.String] $Ensure = "Present", - [Parameter(Mandatory = $true)] + [Parameter()] [System.Management.Automation.PSCredential] $FarmAccount, @@ -183,18 +176,18 @@ function Set-TargetResource "service via DSC, as 2016 does not use the FIM based sync service.") } - $farmAccountName = Invoke-SPDSCCommand -Credential $InstallAccount ` + $farmAccount = Invoke-SPDSCCommand -Credential $InstallAccount ` -Arguments $PSBoundParameters ` -ScriptBlock { - return Get-SPDSCFarmAccountName + return Get-SPDscFarmAccount } - if ($null -ne $farmAccountName) + if ($null -ne $farmAccount) { if ($PSBoundParameters.ContainsKey("InstallAccount") -eq $true) { # InstallAccount used - if ($InstallAccount.UserName -eq $farmAccountName) + if ($InstallAccount.UserName -eq $farmAccount.UserName) { throw ("Specified InstallAccount ($($InstallAccount.UserName)) is the Farm " + ` "Account. Make sure the specified InstallAccount isn't the Farm Account " + ` @@ -207,7 +200,7 @@ function Set-TargetResource { # PSDSCRunAsCredential used $localaccount = "$($Env:USERDOMAIN)\$($Env:USERNAME)" - if ($localaccount -eq $farmAccountName) + if ($localaccount -eq $farmAccount.UserName) { throw ("Specified PSDSCRunAsCredential ($localaccount) is the Farm " + ` "Account. Make sure the specified PSDSCRunAsCredential isn't the " + ` @@ -215,13 +208,6 @@ function Set-TargetResource } } } - - if ($FarmAccount.UserName -ne $farmAccountName) - { - throw ("Specified FarmAccount ($($FarmAccount.UserName)) isn't the Farm " + ` - "Account. Make sure the specified FarmAccount is the actual Farm " + ` - "Account and try again") - } } else { @@ -247,24 +233,39 @@ function Set-TargetResource } # Add the Farm Account to the local Admins group, if it's not already there - $isLocalAdmin = Test-SPDSCUserIsLocalAdmin -UserName $farmAccountName + $isLocalAdmin = Test-SPDSCUserIsLocalAdmin -UserName $farmAccount.UserName if (!$isLocalAdmin) { - Add-SPDSCUserToLocalAdmin -UserName $farmAccountName + Write-Verbose -Message "Adding farm account to Local Administrators group" + Add-SPDSCUserToLocalAdmin -UserName $farmAccount.UserName - # Cycle the Timer Service so that it picks up the local Admin token + # Cycle the Timer Service and flush Kerberos tickets + # so that it picks up the local Admin token Restart-Service -Name "SPTimerV4" + + $sessions = klist sessions + foreach ($session in $sessions) + { + if ($session.Contains($farmAccount.UserName)) + { + Write-Verbose -Message "Purging Kerberos ticket for $LogonId" + $LogonId = $session.split(' ')[3] + $LogonId = $LogonId.Replace('0:','') + klist -li $LogonId purge | Out-Null + } + + } } $isInDesiredState = $false try { Invoke-SPDSCCommand -Credential $FarmAccount ` - -Arguments ($PSBoundParameters,$farmAccountName) ` + -Arguments ($PSBoundParameters,$farmAccount) ` -ScriptBlock { $params = $args[0] - $farmAccountName = $args[1] + $farmAccount = $args[1] $currentServer = $env:COMPUTERNAME @@ -297,8 +298,8 @@ function Set-TargetResource "named $($params.UserProfileServiceAppName)") } - $userName = $farmAccountName - $password = $params.FarmAccount.GetNetworkCredential().Password + $userName = $farmAccount.UserName + $password = $farmAccount.GetNetworkCredential().Password $ups.SetSynchronizationMachine($currentServer, $syncService.ID, $userName, $password) Start-SPServiceInstance -Identity $syncService.ID @@ -341,7 +342,25 @@ function Set-TargetResource # Remove the Farm Account from the local Admins group, if it was added above if (!$isLocalAdmin) { - Remove-SPDSCUserToLocalAdmin -UserName $farmAccountName + Write-Verbose -Message "Removing farm account from Local Administrators group" + Remove-SPDSCUserToLocalAdmin -UserName $farmAccount.UserName + + # Cycle the Timer Service and flush Kerberos tickets + # so that it picks up the local Admin token + Restart-Service -Name "SPTimerV4" + + $sessions = klist sessions + foreach ($session in $sessions) + { + if ($session.Contains($farmAccount.UserName)) + { + Write-Verbose -Message "Purging Kerberos ticket for $LogonId" + $LogonId = $session.split(' ')[3] + $LogonId = $LogonId.Replace('0:','') + klist -li $LogonId purge | Out-Null + } + + } } } if($syncService.Status -ne $desiredState) @@ -364,7 +383,7 @@ function Test-TargetResource [ValidateSet("Present","Absent")] [System.String] $Ensure = "Present", - [Parameter(Mandatory = $true)] + [Parameter()] [System.Management.Automation.PSCredential] $FarmAccount, diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.schema.mof b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.schema.mof index 68327b13d..b65b4fc6b 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.schema.mof +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.schema.mof @@ -3,7 +3,7 @@ class MSFT_SPUserProfileSyncService : OMI_BaseResource { [Key, Description("The name of the user profile service for this sync instance")] string UserProfileServiceAppName; [Write, Description("Present to ensure the service is running, absent to ensure it is not"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; - [Required, Description("The farm account, which is needed to provision the service app"), EmbeddedInstance("MSFT_Credential")] String FarmAccount; + [Write, Description("PARAMETER IS NOT USED ANYMORE, WILL BE REMOVED IN V3.0"), EmbeddedInstance("MSFT_Credential")] String FarmAccount; [Write, Description("Should the sync service only run when the user profile database is in a writeable state?")] Boolean RunOnlyWhenWriteable; [Write, Description("POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5"), EmbeddedInstance("MSFT_Credential")] String InstallAccount; }; diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/readme.md b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/readme.md index 298fb90d7..be47da9d7 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/readme.md +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/readme.md @@ -21,7 +21,7 @@ parameter, the user profile sync service is provisioned. NOTE: Due to the fact that SharePoint requires certain User Profile components to be -provisioned as the Farm account, do this resource and SPUserProfileSyncService +provisioned as the Farm account, do this resource and SPUserProfileServiceApp require the Farm account to be specified in the FarmAccount parameter. This does however mean that CredSSP is required, which has some security implications. More information about these risks can be found at: diff --git a/Modules/SharePointDsc/Modules/SharePointDsc.Util/SharePointDsc.Util.psm1 b/Modules/SharePointDsc/Modules/SharePointDsc.Util/SharePointDsc.Util.psm1 index fcb3bb1fd..528552bae 100644 --- a/Modules/SharePointDsc/Modules/SharePointDsc.Util/SharePointDsc.Util.psm1 +++ b/Modules/SharePointDsc/Modules/SharePointDsc.Util/SharePointDsc.Util.psm1 @@ -93,7 +93,29 @@ function Get-SPDSCAssemblyVersion } -function Get-SPDSCFarmAccountName +function Get-SPDscFarmAccount +{ + [CmdletBinding()] + param + () + + $farmaccount = (Get-SPFarm).DefaultServiceAccount.Name + + $account = Get-SPManagedAccount | Where-Object -FilterScript { $_.UserName -eq $farmaccount } + + $bindings = [System.Reflection.BindingFlags]::CreateInstance -bor ` + [System.Reflection.BindingFlags]::GetField -bor ` + [System.Reflection.BindingFlags]::Instance -bor ` + [System.Reflection.BindingFlags]::NonPublic + + $pw = $account.GetType().GetField("m_Password", $bindings).GetValue($account); + + return New-Object -TypeName System.Management.Automation.PSCredential ` + -ArgumentList $farmaccount, $pw.SecureStringValue +} + + +function Get-SPDscFarmAccountName { [CmdletBinding()] param From e195f9bde98c4f72401a3f791f4f17d37af12eaf Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 27 Feb 2018 11:51:00 -0500 Subject: [PATCH 19/39] Made modif to re-trigger build process --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 512abbd65..12a123eb5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,7 @@ * If resource specifies Central Admin webapp and Default Zone, the existing AAM will be updated instead of adding a new one * SPVisioServiceApp - * Fixed issue where proxy is not properly getting created + * Fixed an issue where the proxy is not properly getting created ## 2.1 From c6edaf9b45d97a69ba8b7990d7212dfd8e9f214b Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Thu, 1 Mar 2018 09:37:16 +0100 Subject: [PATCH 20/39] Updated Pester tests --- CHANGELOG.md | 4 +- .../MSFT_SPUserProfileServiceApp.psm1 | 4 +- .../MSFT_SPUserProfileSyncService.psm1 | 12 +- ...PointDsc.SPUserProfileServiceApp.Tests.ps1 | 195 +++++++++--------- ...ointDsc.SPUserProfileSyncService.Tests.ps1 | 45 ++-- 5 files changed, 120 insertions(+), 140 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e97fe3064..8dba76992 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,8 +21,8 @@ local Administrator permissions for the resource to function properly. * Updated resource to retrieve the Farm account from the Managed Accounts instead of requiring it as a parameter. - * The FarmAccount parameter is depricated and no longer required. Will be - removed in v3.0. + * The FarmAccount parameter is deprecated and no longer required. Is ignored + in the code and will be removed in v3.0. ## 2.1 diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 index e46f57f3d..d0b8cdb64 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 @@ -304,7 +304,7 @@ function Set-TargetResource $sessions = klist sessions foreach ($session in $sessions) { - if ($session.Contains($farmAccount.UserName)) + if ($session -like "*$($farmAccount.UserName)*") { Write-Verbose -Message "Purging Kerberos ticket for $LogonId" $LogonId = $session.split(' ')[3] @@ -407,7 +407,7 @@ function Set-TargetResource $sessions = klist sessions foreach ($session in $sessions) { - if ($session.Contains($farmAccount.UserName)) + if ($session -like "*$($farmAccount.UserName)*") { Write-Verbose -Message "Purging Kerberos ticket for $LogonId" $LogonId = $session.split(' ')[3] diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.psm1 index 86ee94215..5e30f8547 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.psm1 @@ -247,7 +247,7 @@ function Set-TargetResource $sessions = klist sessions foreach ($session in $sessions) { - if ($session.Contains($farmAccount.UserName)) + if ($session -like "*$($farmAccount.UserName)*") { Write-Verbose -Message "Purging Kerberos ticket for $LogonId" $LogonId = $session.split(' ')[3] @@ -314,7 +314,7 @@ function Set-TargetResource } $count = 0 - $maxCount = 10 + $maxCount = 20 while (($count -lt $maxCount) -and ($syncService.Status -ne $desiredState)) { @@ -324,9 +324,9 @@ function Set-TargetResource } # Get the current status of the Sync service - Write-Verbose ("$([DateTime]::Now.ToShortTimeString()) - Waiting for user profile " + ` - "sync service to become '$desiredState' (waited $count of " + ` - "$maxCount minutes)") + Write-Verbose -Message ("$([DateTime]::Now.ToShortTimeString()) - Waiting for user " + ` + "profile sync service to become '$desiredState' (waited " + ` + "$count of $maxCount minutes)") $services = Get-SPServiceInstance -Server $currentServer ` -ErrorAction SilentlyContinue @@ -352,7 +352,7 @@ function Set-TargetResource $sessions = klist sessions foreach ($session in $sessions) { - if ($session.Contains($farmAccount.UserName)) + if ($session -like "*$($farmAccount.UserName)*") { Write-Verbose -Message "Purging Kerberos ticket for $LogonId" $LogonId = $session.split(' ')[3] diff --git a/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileServiceApp.Tests.ps1 b/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileServiceApp.Tests.ps1 index 44cb1b466..31c9fafdd 100644 --- a/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileServiceApp.Tests.ps1 +++ b/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileServiceApp.Tests.ps1 @@ -2,7 +2,7 @@ [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingConvertToSecureStringWithPlainText", "")] param( [Parameter()] - [string] + [string] $SharePointCmdletModule = (Join-Path -Path $PSScriptRoot ` -ChildPath "..\Stubs\SharePoint\15.0.4805.1000\Microsoft.SharePoint.PowerShell.psm1" ` -Resolve) @@ -23,39 +23,41 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { $getTypeFullName = "Microsoft.Office.Server.Administration.UserProfileApplication" $mockPassword = ConvertTo-SecureString -String "password" -AsPlainText -Force $mockCredential = New-Object -TypeName System.Management.Automation.PSCredential ` - -ArgumentList @("DOMAIN\username", $mockPassword) + -ArgumentList @("$($Env:USERDOMAIN)\$($Env:USERNAME)", $mockPassword) + $mockFarmCredential = New-Object -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @("DOMAIN\sp_farm", $mockPassword) - # Mocks for all contexts - Mock -CommandName Get-SPDSCFarmAccountName -MockWith { - return $mockCredential.Username + # Mocks for all contexts + Mock -CommandName Get-SPDSCFarmAccount -MockWith { + return $mockFarmCredential } - Mock -CommandName New-SPProfileServiceApplication -MockWith { + Mock -CommandName New-SPProfileServiceApplication -MockWith { return (@{ NetBIOSDomainNamesEnabled = $false NoILMUsed = $false } ) - } + } Mock -CommandName New-SPProfileServiceApplicationProxy -MockWith { } - Mock -CommandName Add-SPDSCUserToLocalAdmin -MockWith { } + Mock -CommandName Add-SPDSCUserToLocalAdmin -MockWith { } Mock -CommandName Test-SPDSCUserIsLocalAdmin -MockWith { return $false } Mock -CommandName Remove-SPDSCUserToLocalAdmin -MockWith { } - Mock -CommandName Remove-SPServiceApplication -MockWith { } + Mock -CommandName Remove-SPServiceApplication -MockWith { } # Test contexts - Context -Name "When PSDSCRunAsCredential does not match the Farm Account" -Fixture { + Context -Name "When PSDSCRunAsCredential matches the Farm Account" -Fixture { $testParams = @{ Name = "User Profile Service App" ApplicationPool = "SharePoint Service Applications" Ensure = "Present" - } + } - Mock -CommandName Get-SPDSCFarmAccountName -MockWith { - return "DOMAIN\sp_farm" + Mock -CommandName Get-SPDSCFarmAccount -MockWith { + return $mockCredential } - Mock -CommandName Get-SPServiceApplication -MockWith { - return $null + Mock -CommandName Get-SPServiceApplication -MockWith { + return $null } Mock -CommandName Restart-Service {} @@ -73,34 +75,30 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { } } - Context -Name "When InstallAccount does not match the Farm Account" -Fixture { + Context -Name "When InstallAccount matches the Farm Account" -Fixture { $testParams = @{ Name = "User Profile Service App" ApplicationPool = "SharePoint Service Applications" Ensure = "Present" - InstallAccount = $mockCredential - } - - Mock -CommandName Get-SPDSCFarmAccountName -MockWith { - return "DOMAIN\sp_farm" + InstallAccount = $mockFarmCredential } - Mock -CommandName Get-SPServiceApplication -MockWith { - return $null + Mock -CommandName Get-SPServiceApplication -MockWith { + return $null } Mock -CommandName Restart-Service {} It "Should throw exception in the Get method" { - { Get-TargetResource @testParams } | Should throw "Specified InstallAccount " + { Get-TargetResource @testParams } | Should throw "Specified InstallAccount " } It "Should throw exception in the Test method" { - { Test-TargetResource @testParams } | Should throw "Specified InstallAccount " + { Test-TargetResource @testParams } | Should throw "Specified InstallAccount " } It "Should throw exception in the set method" { - { Set-TargetResource @testParams } | Should throw "Specified InstallAccount " + { Set-TargetResource @testParams } | Should throw "Specified InstallAccount " } } @@ -109,17 +107,16 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Name = "User Profile Service App" ApplicationPool = "SharePoint Service Applications" Ensure = "Present" - InstallAccount = $mockCredential - } + } - Mock -CommandName Get-SPServiceApplication -MockWith { - return $null + Mock -CommandName Get-SPServiceApplication -MockWith { + return $null } Mock -CommandName Restart-Service {} It "Should return absent from the Get method" { - (Get-TargetResource @testParams).Ensure | Should Be "Absent" + (Get-TargetResource @testParams).Ensure | Should Be "Absent" } It "Should return false when the Test method is called" { @@ -137,25 +134,24 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Name = "User Profile Service App" ApplicationPool = "SharePoint Service Applications" Ensure = "Present" - InstallAccount = $mockCredential - } + } - Mock -CommandName Get-SPServiceApplication -MockWith { - $spServiceApp = [PSCustomObject]@{ - DisplayName = $testParams.Name - } + Mock -CommandName Get-SPServiceApplication -MockWith { + $spServiceApp = [PSCustomObject]@{ + DisplayName = $testParams.Name + } $spServiceApp | Add-Member -MemberType ScriptMethod ` -Name GetType ` - -Value { - return @{ - FullName = "Microsoft.Office.UnKnownWebServiceApplication" - } - } -PassThru -Force - return $spServiceApp + -Value { + return @{ + FullName = "Microsoft.Office.UnKnownWebServiceApplication" + } + } -PassThru -Force + return $spServiceApp } It "Should return absent from the Get method" { - (Get-TargetResource @testParams).Ensure | Should Be "Absent" + (Get-TargetResource @testParams).Ensure | Should Be "Absent" } It "Should return false when the Test method is called" { @@ -169,13 +165,12 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { ApplicationPool = "SharePoint Service Applications" EnableNetBIOS = $true Ensure = "Present" - InstallAccount = $mockCredential } - + Mock -CommandName Restart-Service -MockWith {} - Mock -CommandName Get-SPServiceApplication -MockWith { + Mock -CommandName Get-SPServiceApplication -MockWith { return @( - New-Object -TypeName "Object" | + New-Object -TypeName "Object" | Add-Member -MemberType NoteProperty ` -Name TypeName ` -Value "User Profile Service Application" ` @@ -183,7 +178,7 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Add-Member -MemberType NoteProperty ` -Name DisplayName ` -Value $testParams.Name ` - -PassThru | + -PassThru | Add-Member -MemberType NoteProperty ` -Name "NetBIOSDomainNamesEnabled" ` -Value $false ` @@ -195,9 +190,9 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { } -PassThru | Add-Member -MemberType NoteProperty ` -Name ApplicationPool ` - -Value @{ - Name = $testParams.ApplicationPool - } -PassThru | + -Value @{ + Name = $testParams.ApplicationPool + } -PassThru | Add-Member -MemberType ScriptMethod ` -Name GetType ` -Value { @@ -205,7 +200,7 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Add-Member -MemberType NoteProperty ` -Name FullName ` -Value $getTypeFullName ` - -PassThru | + -PassThru | Add-Member -MemberType ScriptMethod ` -Name GetProperties ` -Value { @@ -256,18 +251,18 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { ) ) } -PassThru - } -PassThru -Force + } -PassThru -Force ) } - + It "Should return false from the Get method" { - (Get-TargetResource @testParams).EnableNetBIOS | Should Be $false + (Get-TargetResource @testParams).EnableNetBIOS | Should Be $false } It "Should call Update method on Service Application before finishing set method" { - $Global:SPDscUPSAUpdateCalled = $false + $Global:SPDscUPSAUpdateCalled = $false Set-TargetResource @testParams - $Global:SPDscUPSAUpdateCalled | Should Be $true + $Global:SPDscUPSAUpdateCalled | Should Be $true } It "Should return false when the Test method is called" { @@ -286,13 +281,12 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { ApplicationPool = "SharePoint Service Applications" NoILMUsed = $true Ensure = "Present" - InstallAccount = $mockCredential } - + Mock -CommandName Restart-Service -MockWith {} - Mock -CommandName Get-SPServiceApplication -MockWith { + Mock -CommandName Get-SPServiceApplication -MockWith { return @( - New-Object -TypeName "Object" | + New-Object -TypeName "Object" | Add-Member -MemberType NoteProperty ` -Name TypeName ` -Value "User Profile Service Application" ` @@ -300,7 +294,7 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Add-Member -MemberType NoteProperty ` -Name DisplayName ` -Value $testParams.Name ` - -PassThru | + -PassThru | Add-Member -MemberType NoteProperty ` -Name "NoILMUsed" ` -Value $false ` @@ -312,9 +306,9 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { } -PassThru | Add-Member -MemberType NoteProperty ` -Name ApplicationPool ` - -Value @{ - Name = $testParams.ApplicationPool - } -PassThru | + -Value @{ + Name = $testParams.ApplicationPool + } -PassThru | Add-Member -MemberType ScriptMethod ` -Name GetType ` -Value { @@ -322,7 +316,7 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Add-Member -MemberType NoteProperty ` -Name FullName ` -Value $getTypeFullName ` - -PassThru | + -PassThru | Add-Member -MemberType ScriptMethod ` -Name GetProperties ` -Value { @@ -373,18 +367,18 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { ) ) } -PassThru - } -PassThru -Force + } -PassThru -Force ) } - + It "Should return false from the Get method" { - (Get-TargetResource @testParams).NoILMUsed | Should Be $false + (Get-TargetResource @testParams).NoILMUsed | Should Be $false } It "Should call Update method on Service Application before finishing set method" { - $Global:SPDscUPSAUpdateCalled = $false + $Global:SPDscUPSAUpdateCalled = $false Set-TargetResource @testParams - $Global:SPDscUPSAUpdateCalled | Should Be $true + $Global:SPDscUPSAUpdateCalled | Should Be $true } It "Should return false when the Test method is called" { @@ -402,12 +396,11 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Name = "User Profile Service App" ApplicationPool = "SharePoint Service Applications" Ensure = "Present" - InstallAccount = $mockCredential - } + } - Mock -CommandName Get-SPServiceApplication -MockWith { + Mock -CommandName Get-SPServiceApplication -MockWith { return @( - New-Object -TypeName "Object" | + New-Object -TypeName "Object" | Add-Member -MemberType NoteProperty ` -Name TypeName ` -Value "User Profile Service Application" ` @@ -415,7 +408,7 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Add-Member -MemberType NoteProperty ` -Name DisplayName ` -Value $testParams.Name ` - -PassThru | + -PassThru | Add-Member -MemberType NoteProperty ` -Name "NetBIOSDomainNamesEnabled" ` -Value $false ` @@ -427,9 +420,9 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { } -PassThru | Add-Member -MemberType NoteProperty ` -Name ApplicationPool ` - -Value @{ - Name = $testParams.ApplicationPool - } -PassThru | + -Value @{ + Name = $testParams.ApplicationPool + } -PassThru | Add-Member -MemberType ScriptMethod ` -Name GetType ` -Value { @@ -488,30 +481,29 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { ) ) } -PassThru - } -PassThru -Force + } -PassThru -Force ) } It "Should return present from the get method" { - (Get-TargetResource @testParams).Ensure | Should Be "Present" + (Get-TargetResource @testParams).Ensure | Should Be "Present" } It "Should return true when the Test method is called" { Test-TargetResource @testParams | Should Be $true } } - + Context -Name "When the service app exists but it shouldn't" -Fixture { $testParams = @{ Name = "Test App" ApplicationPool = "-" Ensure = "Absent" - InstallAccount = $mockCredential } - Mock -CommandName Get-SPServiceApplication -MockWith { + Mock -CommandName Get-SPServiceApplication -MockWith { return @( - New-Object -TypeName "Object" | + New-Object -TypeName "Object" | Add-Member -MemberType NoteProperty ` -Name TypeName ` -Value "User Profile Service Application" ` @@ -519,7 +511,7 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Add-Member -MemberType NoteProperty ` -Name DisplayName ` -Value $testParams.Name ` - -PassThru | + -PassThru | Add-Member -MemberType NoteProperty ` -Name "NetBIOSDomainNamesEnabled" ` -Value $false ` @@ -531,9 +523,9 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { } -PassThru | Add-Member -MemberType NoteProperty ` -Name ApplicationPool ` - -Value @{ - Name = $testParams.ApplicationPool - } -PassThru | + -Value @{ + Name = $testParams.ApplicationPool + } -PassThru | Add-Member -MemberType ScriptMethod ` -Name GetType ` -Value { @@ -592,40 +584,39 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { ) ) } -PassThru - } -PassThru -Force + } -PassThru -Force ) } - + It "Should return present from the Get method" { - (Get-TargetResource @testParams).Ensure | Should Be "Present" + (Get-TargetResource @testParams).Ensure | Should Be "Present" } - + It "Should return false from the test method" { Test-TargetResource @testParams | Should Be $false } - + It "Should remove the service application in the set method" { Set-TargetResource @testParams Assert-MockCalled Remove-SPServiceApplication } } - + Context -Name "When the service app doesn't exist and shouldn't" -Fixture { $testParams = @{ Name = "Test App" ApplicationPool = "-" Ensure = "Absent" - InstallAccount = $mockCredential } - Mock -CommandName Get-SPServiceApplication -MockWith { - return $null + Mock -CommandName Get-SPServiceApplication -MockWith { + return $null } - + It "Should return absent from the Get method" { - (Get-TargetResource @testParams).Ensure | Should Be "Absent" + (Get-TargetResource @testParams).Ensure | Should Be "Absent" } - + It "Should return false from the test method" { Test-TargetResource @testParams | Should Be $true } diff --git a/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileSyncService.Tests.ps1 b/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileSyncService.Tests.ps1 index 8b76cf554..f2f78444d 100644 --- a/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileSyncService.Tests.ps1 +++ b/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileSyncService.Tests.ps1 @@ -23,11 +23,13 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { $getTypeFullName = "Microsoft.Office.Server.Administration.UserProfileApplication" $mockPassword = ConvertTo-SecureString -String "password" -AsPlainText -Force $mockCredential = New-Object -TypeName System.Management.Automation.PSCredential ` - -ArgumentList @("DOMAIN\username", $mockPassword) + -ArgumentList @("$($Env:USERDOMAIN)\$($Env:USERNAME)", $mockPassword) + $mockFarmCredential = New-Object -TypeName System.Management.Automation.PSCredential ` + -ArgumentList @("DOMAIN\sp_farm", $mockPassword) # Mocks for all contexts - Mock -CommandName Get-SPDSCFarmAccountName -MockWith { - return $mockCredential.Username + Mock -CommandName Get-SPDSCFarmAccount -MockWith { + return $mockFarmCredential } Mock -CommandName Start-SPServiceInstance -MockWith { } Mock -CommandName Stop-SPServiceInstance -MockWith { } @@ -133,8 +135,8 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Ensure = "Present" } - Mock -CommandName Get-SPDSCFarmAccountName -MockWith { - return "DOMAIN\sp_farm" + Mock -CommandName Get-SPDSCFarmAccount -MockWith { + return $mockCredential } Mock -CommandName Get-SPServiceInstance -MockWith { @@ -142,28 +144,24 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { } It "Should throw exception in the get method" { - { Get-TargetResource @testParams } | Should throw "Specified PSDSCRunAsCredential isn't the Farm Account." + { Get-TargetResource @testParams } | Should throw "Specified PSDSCRunAsCredential " } It "Should throw exception in the test method" { - { Test-TargetResource @testParams } | Should throw "Specified PSDSCRunAsCredential isn't the Farm Account." + { Test-TargetResource @testParams } | Should throw "Specified PSDSCRunAsCredential " } It "Should throw exception in the set method" { - { Set-TargetResource @testParams } | Should throw "Specified PSDSCRunAsCredential isn't the Farm Account." + { Set-TargetResource @testParams } | Should throw "Specified PSDSCRunAsCredential " } } - Context -Name "When InstallAccount is not the Farm Account" -Fixture { + Context -Name "When InstallAccount is the Farm Account" -Fixture { $testParams = @{ UserProfileServiceAppName = "User Profile Service Service App" FarmAccount = $mockCredential Ensure = "Present" - InstallAccount = $mockCredential - } - - Mock -CommandName Get-SPDSCFarmAccountName -MockWith { - return "DOMAIN\sp_farm" + InstallAccount = $mockFarmCredential } Mock -CommandName Get-SPServiceInstance -MockWith { @@ -171,15 +169,15 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { } It "Should throw exception in the get method" { - { Get-TargetResource @testParams } | Should throw "Specified InstallAccount isn't the Farm Account." + { Get-TargetResource @testParams } | Should throw "Specified InstallAccount " } It "Should throw exception in the test method" { - { Test-TargetResource @testParams } | Should throw "Specified InstallAccount isn't the Farm Account." + { Test-TargetResource @testParams } | Should throw "Specified InstallAccount " } It "Should throw exception in the set method" { - { Set-TargetResource @testParams } | Should throw "Specified InstallAccount isn't the Farm Account." + { Set-TargetResource @testParams } | Should throw "Specified InstallAccount " } } @@ -188,7 +186,6 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { UserProfileServiceAppName = "User Profile Service Service App" FarmAccount = $mockCredential Ensure = "Present" - InstallAccount = $mockCredential } Mock -CommandName Get-SPServiceInstance -MockWith { @@ -206,7 +203,6 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { UserProfileServiceAppName = "User Profile Service Service App" FarmAccount = $mockCredential Ensure = "Present" - InstallAccount = $mockCredential } Mock -CommandName Get-SPServiceInstance -MockWith { @@ -293,7 +289,6 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { UserProfileServiceAppName = "User Profile Service Service App" FarmAccount = $mockCredential Ensure = "Present" - InstallAccount = $mockCredential } Mock -CommandName Get-SPServiceInstance -MockWith { @@ -323,7 +318,6 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { UserProfileServiceAppName = "User Profile Service Service App" FarmAccount = $mockCredential Ensure = "Absent" - InstallAccount = $mockCredential } Mock -CommandName Get-SPServiceInstance -MockWith { @@ -371,7 +365,6 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { UserProfileServiceAppName = "User Profile Service Service App" FarmAccount = $mockCredential Ensure = "Absent" - InstallAccount = $mockCredential } Mock -CommandName Get-SPServiceInstance -MockWith { @@ -402,7 +395,6 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { FarmAccount = $mockCredential Ensure = "Present" RunOnlyWhenWriteable = $true - InstallAccount = $mockCredential } Mock -CommandName Get-SPServiceInstance -MockWith { @@ -442,7 +434,6 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { FarmAccount = $mockCredential Ensure = "Present" RunOnlyWhenWriteable = $true - InstallAccount = $mockCredential } Mock -CommandName Get-SPServiceInstance -MockWith { @@ -488,7 +479,6 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { FarmAccount = $mockCredential Ensure = "Present" RunOnlyWhenWriteable = $true - InstallAccount = $mockCredential } Mock -CommandName Get-SPServiceInstance -MockWith { @@ -509,16 +499,16 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { { Set-TargetResource @testParams } | Should throw } } + Context -Name "Can't get the Farm Account" -Fixture{ $testParams = @{ UserProfileServiceAppName = "User Profile Service Service App" FarmAccount = $mockCredential Ensure = "Present" RunOnlyWhenWriteable = $true - InstallAccount = $mockCredential } - Mock -CommandName Get-SPDSCFarmAccountName -MockWith{ + Mock -CommandName Get-SPDSCFarmAccount -MockWith{ return $null } @@ -536,7 +526,6 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { $testParams = @{ UserProfileServiceAppName = "User Profile Service Service App" FarmAccount = $mockCredential - InstallAccount = $mockCredential } It "Should throw on the get method" { From 8a55d4bc11c219e2bac2518d696a68f351cf0cd7 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Thu, 1 Mar 2018 12:12:25 +0100 Subject: [PATCH 21/39] Updated code coverage --- .../MSFT_SPUserProfileServiceApp.psm1 | 26 ++----------------- .../MSFT_SPUserProfileSyncService.psm1 | 26 ++----------------- .../SharePointDsc.Util.psm1 | 22 ++++++++++++++++ ...ointDsc.SPUserProfileSyncService.Tests.ps1 | 1 + 4 files changed, 27 insertions(+), 48 deletions(-) diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 index d0b8cdb64..fd435b029 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/MSFT_SPUserProfileServiceApp.psm1 @@ -301,18 +301,7 @@ function Set-TargetResource # so that it picks up the local Admin token Restart-Service -Name "SPTimerV4" - $sessions = klist sessions - foreach ($session in $sessions) - { - if ($session -like "*$($farmAccount.UserName)*") - { - Write-Verbose -Message "Purging Kerberos ticket for $LogonId" - $LogonId = $session.split(' ')[3] - $LogonId = $LogonId.Replace('0:','') - klist -li $LogonId purge | Out-Null - } - - } + Clear-SPDscKerberosToken -Account $farmAccount.UserName } $null = Invoke-SPDSCCommand -Credential $FarmAccount ` @@ -404,18 +393,7 @@ function Set-TargetResource # so that it picks up the local Admin token Restart-Service -Name "SPTimerV4" - $sessions = klist sessions - foreach ($session in $sessions) - { - if ($session -like "*$($farmAccount.UserName)*") - { - Write-Verbose -Message "Purging Kerberos ticket for $LogonId" - $LogonId = $session.split(' ')[3] - $LogonId = $LogonId.Replace('0:','') - klist -li $LogonId purge | Out-Null - } - - } + Clear-SPDscKerberosToken -Account $farmAccount.UserName } } diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.psm1 index 5e30f8547..1fe948f42 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.psm1 @@ -244,18 +244,7 @@ function Set-TargetResource # so that it picks up the local Admin token Restart-Service -Name "SPTimerV4" - $sessions = klist sessions - foreach ($session in $sessions) - { - if ($session -like "*$($farmAccount.UserName)*") - { - Write-Verbose -Message "Purging Kerberos ticket for $LogonId" - $LogonId = $session.split(' ')[3] - $LogonId = $LogonId.Replace('0:','') - klist -li $LogonId purge | Out-Null - } - - } + Clear-SPDscKerberosToken -Account $farmAccount.UserName } $isInDesiredState = $false @@ -349,18 +338,7 @@ function Set-TargetResource # so that it picks up the local Admin token Restart-Service -Name "SPTimerV4" - $sessions = klist sessions - foreach ($session in $sessions) - { - if ($session -like "*$($farmAccount.UserName)*") - { - Write-Verbose -Message "Purging Kerberos ticket for $LogonId" - $LogonId = $session.split(' ')[3] - $LogonId = $LogonId.Replace('0:','') - klist -li $LogonId purge | Out-Null - } - - } + Clear-SPDscKerberosToken -Account $farmAccount.UserName } } if($syncService.Status -ne $desiredState) diff --git a/Modules/SharePointDsc/Modules/SharePointDsc.Util/SharePointDsc.Util.psm1 b/Modules/SharePointDsc/Modules/SharePointDsc.Util/SharePointDsc.Util.psm1 index 528552bae..8073a8fa7 100644 --- a/Modules/SharePointDsc/Modules/SharePointDsc.Util/SharePointDsc.Util.psm1 +++ b/Modules/SharePointDsc/Modules/SharePointDsc.Util/SharePointDsc.Util.psm1 @@ -20,6 +20,28 @@ function Add-SPDSCUserToLocalAdmin ([ADSI]"WinNT://$($env:computername)/Administrators,group").Add("WinNT://$domainName/$accountName") | Out-Null } +function Clear-SPDscKerberosToken +{ + param ( + [Parameter(Mandatory=$true)] + [System.String] + $Account + ) + + $sessions = klist sessions + foreach ($session in $sessions) + { + if ($session -like "*$($Account)*") + { + Write-Verbose -Message "Purging Kerberos ticket for $LogonId" + $LogonId = $session.split(' ')[3] + $LogonId = $LogonId.Replace('0:','') + klist -li $LogonId purge | Out-Null + } + + } +} + function Convert-SPDscADGroupIDToName { param( diff --git a/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileSyncService.Tests.ps1 b/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileSyncService.Tests.ps1 index f2f78444d..fd49d4f56 100644 --- a/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileSyncService.Tests.ps1 +++ b/Tests/Unit/SharePointDsc/SharePointDsc.SPUserProfileSyncService.Tests.ps1 @@ -28,6 +28,7 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { -ArgumentList @("DOMAIN\sp_farm", $mockPassword) # Mocks for all contexts + Mock -CommandName Clear-SPDscKerberosToken -MockWith { } Mock -CommandName Get-SPDSCFarmAccount -MockWith { return $mockFarmCredential } From 9cfc9beaa8d0faa3dd60a35efec950b313f11f73 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Thu, 1 Mar 2018 22:19:14 +0100 Subject: [PATCH 22/39] Review comments --- .../MSFT_SPUserProfileServiceApp/readme.md | 16 +++++++++------- .../MSFT_SPUserProfileSyncService/readme.md | 11 ++++------- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/readme.md b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/readme.md index de4e13453..9e80e6f6d 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/readme.md +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/readme.md @@ -4,12 +4,14 @@ This resource will provision an instance of the user profile service to the farm. It creates the required databases using the parameters that are passed in to it (although these are only used during the initial provisioning). -The specified InstallAccount or PSDSCRunAsCredential shouldn't be the Farm Account. -The resource will throw an error when it is. However, the FarmAccount parameter -should be the Farm Account. The resource will throw an error if it is not. This is -done to ensure that the databases are created with the correct schema owners and -allow the user profile sync service to operate correctly. The Farm Account is -temporarily granted local Administrator permissions. +The specified InstallAccount or PSDSCRunAsCredential cannot be the Farm Account. +The resource will throw an error when it is. + +To allow successful provisioning, the farm account must be in the local +administrators group, however it is not best practice to leave this account in +the Administrators group. Therefore this resource will add the Farm Account +credential to the local administrators group at the beginning of the set method +and remove it again later on. The default value for the Ensure parameter is Present. When not specifying this parameter, the service application is provisioned. @@ -17,7 +19,7 @@ parameter, the service application is provisioned. NOTE: Due to the fact that SharePoint requires certain User Profile components to be provisioned as the Farm account, do this resource and SPUserProfileSyncService -require the Farm account to be specified in the FarmAccount parameter. +retrieve the Farm account from the Managed Accounts. This does however mean that CredSSP is required, which has some security implications. More information about these risks can be found at: http://www.powershellmagazine.com/2014/03/06/accidental-sabotage-beware-of-credssp/ diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/readme.md b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/readme.md index be47da9d7..dfb8c727d 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/readme.md +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/readme.md @@ -4,15 +4,12 @@ This resource is responsible for ensuring that the user profile sync service has been provisioned (Ensure = "Present") or is not running (Ensure = "Absent") on the current server. -The specified InstallAccount or PSDSCRunAsCredential shouldn't be the Farm Account. -The resource will throw an error when it is. However, the FarmAccount parameter -should be the Farm Account. The resource will throw an error if it is not. This is -done to ensure that the databases are created with the correct schema owners and -allow the user profile sync service to operate correctly. +The specified InstallAccount or PSDSCRunAsCredential cannot be the Farm Account. +The resource will throw an error when it is. To allow successful provisioning, the farm account must be in the local administrators group, however it is not best practice to leave this account in -the Administrators group. Therefore this resource will add the FarmAccount +the Administrators group. Therefore this resource will add the Farm Account credential to the local administrators group at the beginning of the set method and remove it again later on. @@ -22,7 +19,7 @@ parameter, the user profile sync service is provisioned. NOTE: Due to the fact that SharePoint requires certain User Profile components to be provisioned as the Farm account, do this resource and SPUserProfileServiceApp -require the Farm account to be specified in the FarmAccount parameter. +retrieve the Farm account from the Managed Accounts. This does however mean that CredSSP is required, which has some security implications. More information about these risks can be found at: http://www.powershellmagazine.com/2014/03/06/accidental-sabotage-beware-of-credssp/ From c4f7614bc526de09a41352be757a7e96700dbdfe Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 2 Mar 2018 14:49:04 -0600 Subject: [PATCH 23/39] Updated Changelog --- CHANGELOG.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 12a123eb5..e8c6dfd5e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,8 +2,6 @@ ## Unreleased -* SPDistributedCacheClientSettings - * Added the new resource * SPAlternateURL * If resource specifies Central Admin webapp and Default Zone, the existing AAM will be updated instead of adding a new one From c56a9c7de8f3cc076d91c249c733acc2bba6810e Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 2 Mar 2018 15:09:41 -0600 Subject: [PATCH 24/39] Changes to acknowledge review --- ...MSFT_SPDistributedCacheClientSettings.psm1 | 93 ++++++++++++------- .../1-ConfigureClientSettings.ps1 | 2 +- ...SPDistributedCacheClientSettings.Tests.ps1 | 41 +++++++- 3 files changed, 102 insertions(+), 34 deletions(-) diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 index 72a325e3a..4823dac1f 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 @@ -246,123 +246,123 @@ function Set-TargetResource [Parameter()] [System.UInt32] - $DLTCMaxConnectionsToServer, + $DLTCMaxConnectionsToServer = 1, [Parameter()] [System.UInt32] - $DLTCRequestTimeout, + $DLTCRequestTimeout = 3000, [Parameter()] [System.UInt32] - $DLTCChannelOpenTimeOut, + $DLTCChannelOpenTimeOut = 3000, [Parameter()] [System.UInt32] - $DVSCMaxConnectionsToServer, + $DVSCMaxConnectionsToServer = 1, [Parameter()] [System.UInt32] - $DVSCRequestTimeout, + $DVSCRequestTimeout = 3000, [Parameter()] [System.UInt32] - $DVSCChannelOpenTimeOut, + $DVSCChannelOpenTimeOut = 3000, [Parameter()] [System.UInt32] - $DACMaxConnectionsToServer, + $DACMaxConnectionsToServer = 1, [Parameter()] [System.UInt32] - $DACRequestTimeout, + $DACRequestTimeout = 3000, [Parameter()] [System.UInt32] - $DACChannelOpenTimeOut, + $DACChannelOpenTimeOut = 3000, [Parameter()] [System.UInt32] - $DAFMaxConnectionsToServer, + $DAFMaxConnectionsToServer = 1, [Parameter()] [System.UInt32] - $DAFRequestTimeout, + $DAFRequestTimeout = 3000, [Parameter()] [System.UInt32] - $DAFChannelOpenTimeOut, + $DAFChannelOpenTimeOut = 3000, [Parameter()] [System.UInt32] - $DAFCMaxConnectionsToServer, + $DAFCMaxConnectionsToServer = 1, [Parameter()] [System.UInt32] - $DAFCRequestTimeout, + $DAFCRequestTimeout = 3000, [Parameter()] [System.UInt32] - $DAFCChannelOpenTimeOut, + $DAFCChannelOpenTimeOut = 3000, [Parameter()] [System.UInt32] - $DBCMaxConnectionsToServer, + $DBCMaxConnectionsToServer = 1, [Parameter()] [System.UInt32] - $DBCRequestTimeout, + $DBCRequestTimeout = 3000, [Parameter()] [System.UInt32] - $DBCChannelOpenTimeOut, + $DBCChannelOpenTimeOut = 3000, [Parameter()] [System.UInt32] - $DDCMaxConnectionsToServer, + $DDCMaxConnectionsToServer = 1, [Parameter()] [System.UInt32] - $DDCRequestTimeout, + $DDCRequestTimeout = 3000, [Parameter()] [System.UInt32] - $DDCChannelOpenTimeOut, + $DDCChannelOpenTimeOut = 3000, [Parameter()] [System.UInt32] - $DSCMaxConnectionsToServer, + $DSCMaxConnectionsToServer = 1, [Parameter()] [System.UInt32] - $DSCRequestTimeout, + $DSCRequestTimeout = 3000, [Parameter()] [System.UInt32] - $DSCChannelOpenTimeOut, + $DSCChannelOpenTimeOut = 3000, [Parameter()] [System.UInt32] - $DTCMaxConnectionsToServer, + $DTCMaxConnectionsToServer = 1, [Parameter()] [System.UInt32] - $DTCRequestTimeout, + $DTCRequestTimeout = 3000, [Parameter()] [System.UInt32] - $DTCChannelOpenTimeOut, + $DTCChannelOpenTimeOut = 3000, [Parameter()] [System.UInt32] - $DSTACMaxConnectionsToServer, + $DSTACMaxConnectionsToServer = 1, [Parameter()] [System.UInt32] - $DSTACRequestTimeout, + $DSTACRequestTimeout = 3000, [Parameter()] [System.UInt32] - $DSTACChannelOpenTimeOut, + $DSTACChannelOpenTimeOut = 3000, [Parameter()] [System.Management.Automation.PSCredential] @@ -690,7 +690,38 @@ function Test-TargetResource return Test-SPDscParameterState -CurrentValues $CurrentValues ` -DesiredValues $PSBoundParameters ` - -ValuesToCheck @("Ensure") + -ValuesToCheck @("Ensure", + "DLTCMaxConnectionsToServer", + "DLTCRequestTimeout", + "DLTCChannelOpenTimeOut", + "DVSCMaxConnectionsToServer", + "DVSCRequestTimeout", + "DVSCChannelOpenTimeOut", + "DACMaxConnectionsToServer", + "DACRequestTimeout", + "DACChannelOpenTimeOut", + "DAFMaxConnectionsToServer", + "DAFRequestTimeout", + "DAFChannelOpenTimeOut", + "DAFCMaxConnectionsToServer", + "DAFCRequestTimeout", + "DAFCChannelOpenTimeOut", + "DBCMaxConnectionsToServer", + "DBCRequestTimeout", + "DBCChannelOpenTimeOut", + "DDCMaxConnectionsToServer", + "DDCRequestTimeout", + "DDCChannelOpenTimeOut", + "DSCMaxConnectionsToServer", + "DSCRequestTimeout", + "DSCChannelOpenTimeOut", + "DTCMaxConnectionsToServer", + "DTCRequestTimeout", + "DTCChannelOpenTimeOut", + "DSTACMaxConnectionsToServer", + "DSTACRequestTimeout", + "DSTACChannelOpenTimeOut" + ) } Export-ModuleMember -Function *-TargetResource diff --git a/Modules/SharePointDsc/Examples/Resources/SPDistributedCacheClientSettings/1-ConfigureClientSettings.ps1 b/Modules/SharePointDsc/Examples/Resources/SPDistributedCacheClientSettings/1-ConfigureClientSettings.ps1 index c5f8b9158..734556a83 100644 --- a/Modules/SharePointDsc/Examples/Resources/SPDistributedCacheClientSettings/1-ConfigureClientSettings.ps1 +++ b/Modules/SharePointDsc/Examples/Resources/SPDistributedCacheClientSettings/1-ConfigureClientSettings.ps1 @@ -46,7 +46,7 @@ DSTACMaxConnectionsToServer = 3 DSTACRequestTimeout = 1000 DSTACChannelOpenTimeOut = 1000 - InstallAccount = $SetupAccount + PsDscRunAscredential = $SetupAccount } } } diff --git a/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 b/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 index 1e56e5a2d..09152b9ac 100644 --- a/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 +++ b/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 @@ -40,7 +40,7 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { } } - Context -Name "Some Distributed Cache Client Settings are Properly Configured" -Fixture { + Context -Name "Some Distributed Cache Client Settings are Not Properly Configured" -Fixture { $testParams = @{ Ensure = "Present" DLTCMaxConnectionsToServer = 5 @@ -84,9 +84,46 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { } It "Should successfully test the resource" { - (Test-TargetResource @testParams) | Should Be $true + (Test-TargetResource @testParams) | Should Be $false } } + Context -Name "Some Distributed Cache Client Settings are Not Properly Configured" -Fixture { + $testParams = @{ + Ensure = "Present" + DLTCMaxConnectionsToServer = 1 + DLTCRequestTimeout = 3000 + DLTCChannelOpenTimeOut = 3000 + DVSCMaxConnectionsToServer = 1 + DVSCRequestTimeout = 3000 + DVSCChannelOpenTimeOut = 3000 + DACMaxConnectionsToServer = 1 + DACRequestTimeout = 3000 + DACChannelOpenTimeOut = 3000 + DAFMaxConnectionsToServer = 1 + DAFRequestTimeout = 3000 + DAFChannelOpenTimeOut = 3000 + DAFCMaxConnectionsToServer = 1 + DAFCRequestTimeout = 3000 + DAFCChannelOpenTimeOut = 3000 + DBCMaxConnectionsToServer = 1 + DBCRequestTimeout = 3000 + DBCChannelOpenTimeOut = 3000 + DDCMaxConnectionsToServer = 1 + DDCRequestTimeout = 3000 + DDCChannelOpenTimeOut = 3000 + DSCMaxConnectionsToServer = 1 + DSCRequestTimeout = 3000 + DSCChannelOpenTimeOut = 3000 + DTCMaxConnectionsToServer = 1 + DTCRequestTimeout = 3000 + DTCChannelOpenTimeOut = 3000 + DSTACMaxConnectionsToServer = 1 + DSTACRequestTimeout = 3000 + DSTACChannelOpenTimeOut = 3000 + } + It "Should successfully test the resource" { + (Test-TargetResource @testParams) | Should Be $false + } } } From e1739df57086b7197db86cd5ed739cd98088867b Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 2 Mar 2018 17:28:56 -0600 Subject: [PATCH 25/39] Typo --- .../SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 b/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 index 09152b9ac..a625f574b 100644 --- a/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 +++ b/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 @@ -124,6 +124,7 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { It "Should successfully test the resource" { (Test-TargetResource @testParams) | Should Be $false } + } } } From e01758a9fe04265fd6991267762d10c3d47cb225 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Tue, 6 Mar 2018 14:17:56 +0100 Subject: [PATCH 26/39] Updated description of SPTimerJobState --- CHANGELOG.md | 3 +++ .../MSFT_SPTimerJobState/MSFT_SPTimerJobState.schema.mof | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 66dd26ecf..6d120f3cb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,9 @@ * SPManagedMetadataServiceApp * Fixed issue with creating the Content Type Hub on an existing MMS service app without Content Type Hub. +* SPTimerJobState + * Updated description of WebAppUrl parameter to make it clear that + "N/A" has to be used to specify a global timer job. * SPUserProfileServiceApp * Fixed issue introduced in v2.0, where the Farm Account had to have local Administrator permissions for the resource to function properly. diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPTimerJobState/MSFT_SPTimerJobState.schema.mof b/Modules/SharePointDsc/DSCResources/MSFT_SPTimerJobState/MSFT_SPTimerJobState.schema.mof index 3406f700c..f330b4ad9 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPTimerJobState/MSFT_SPTimerJobState.schema.mof +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPTimerJobState/MSFT_SPTimerJobState.schema.mof @@ -2,7 +2,7 @@ class MSFT_SPTimerJobState : OMI_BaseResource { [Key, Description("The type name of the timer job (not the display name)")] String TypeName; - [Key, Description("The URL of the web application that the timer job belongs to, N/A if no web application is applicable")] String WebAppUrl; + [Key, Description("The URL of the web application that the timer job belongs to. Use 'N/A' if no web application is applicable")] String WebAppUrl; [Write, Description("Should the timer job be enabled or not")] Boolean Enabled; [Write, Description("The schedule for the timer job to execute on")] String Schedule; [Write, Description("POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5"), EmbeddedInstance("MSFT_Credential")] String InstallAccount; From 12628ad039ae346ef2b49848fb6f9b8862190b25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andi=20Kr=C3=BCger?= Date: Fri, 9 Mar 2018 20:17:08 +0100 Subject: [PATCH 27/39] Fix SPManagedMetadataServiceApp - TypeName vs. .GetType().FullName --- CHANGELOG.md | 3 +++ .../MSFT_SPManagedMetadataServiceAppDefault.psm1 | 4 ++-- ...SharePointDsc.SPManagedMetadataServiceAppDefault.Tests.ps1 | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e8c6dfd5e..7ee1eea0c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,9 @@ AAM will be updated instead of adding a new one * SPVisioServiceApp * Fixed an issue where the proxy is not properly getting created +* SPManagedMetadataServiceAppDefault + * Fixed issue where .GetType().FullName and TypeName were not used + properly ## 2.1 diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPManagedMetadataServiceAppDefault/MSFT_SPManagedMetadataServiceAppDefault.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPManagedMetadataServiceAppDefault/MSFT_SPManagedMetadataServiceAppDefault.psm1 index a9f755102..b09795678 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPManagedMetadataServiceAppDefault/MSFT_SPManagedMetadataServiceAppDefault.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPManagedMetadataServiceAppDefault/MSFT_SPManagedMetadataServiceAppDefault.psm1 @@ -38,7 +38,7 @@ function Get-TargetResource } $serviceAppProxies = $serviceAppProxies | Where-Object -FilterScript { - $_.GetType().FullName -eq "Managed Metadata Service Connection" + $_.GetType().FullName -eq "Microsoft.SharePoint.Taxonomy.MetadataWebServiceApplicationProxy" } if ($null -eq $serviceAppProxies) @@ -126,7 +126,7 @@ function Set-TargetResource $serviceAppProxies = Get-SPServiceApplicationProxy -ErrorAction SilentlyContinue $serviceAppProxies = $serviceAppProxies | Where-Object -FilterScript { - $_.GetType().FullName -eq "Managed Metadata Service Connection" + $_.GetType().FullName -eq "Microsoft.SharePoint.Taxonomy.MetadataWebServiceApplicationProxy" } foreach ($serviceAppProxy in $serviceAppProxies) diff --git a/Tests/Unit/SharePointDsc/SharePointDsc.SPManagedMetadataServiceAppDefault.Tests.ps1 b/Tests/Unit/SharePointDsc/SharePointDsc.SPManagedMetadataServiceAppDefault.Tests.ps1 index 85de716a2..261f1c4e2 100644 --- a/Tests/Unit/SharePointDsc/SharePointDsc.SPManagedMetadataServiceAppDefault.Tests.ps1 +++ b/Tests/Unit/SharePointDsc/SharePointDsc.SPManagedMetadataServiceAppDefault.Tests.ps1 @@ -18,7 +18,7 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:SPDscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:SPDscHelper.InitializeScript -NoNewScope - $getTypeFullName = "Managed Metadata Service Connection" + $getTypeFullName = "Microsoft.SharePoint.Taxonomy.MetadataWebServiceApplicationProxy" $managedMetadataServiceApplicationProxy = @{ TypeName = "Managed Metadata Service Connection" From 842d24334d793fe9776fb2737579eb34e60b21c8 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 12 Mar 2018 20:59:28 +0100 Subject: [PATCH 28/39] Review comments --- CHANGELOG.md | 2 +- .../MSFT_SPTimerJobState/MSFT_SPTimerJobState.schema.mof | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aa37ea07a..df84d9a6a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,7 +21,7 @@ * Fixed issue introduced in v2.0, where the Farm Account had to have local Administrator permissions for the resource to function properly. * Updated resource to retrieve the Farm account from the Managed Accounts - instead of requiring it as a parameter + instead of requiring it as a parameter. * SPUserProfileSyncService * Fixed issue introduced in v2.0, where the Farm Account had to have local Administrator permissions for the resource to function properly. diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPTimerJobState/MSFT_SPTimerJobState.schema.mof b/Modules/SharePointDsc/DSCResources/MSFT_SPTimerJobState/MSFT_SPTimerJobState.schema.mof index f330b4ad9..210e8234e 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPTimerJobState/MSFT_SPTimerJobState.schema.mof +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPTimerJobState/MSFT_SPTimerJobState.schema.mof @@ -2,7 +2,7 @@ class MSFT_SPTimerJobState : OMI_BaseResource { [Key, Description("The type name of the timer job (not the display name)")] String TypeName; - [Key, Description("The URL of the web application that the timer job belongs to. Use 'N/A' if no web application is applicable")] String WebAppUrl; + [Key, Description("The URL of the web application that the timer job belongs to. Use the value 'N/A' if no web application is applicable")] String WebAppUrl; [Write, Description("Should the timer job be enabled or not")] Boolean Enabled; [Write, Description("The schedule for the timer job to execute on")] String Schedule; [Write, Description("POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5"), EmbeddedInstance("MSFT_Credential")] String InstallAccount; From 1f9f07af3cf5c60f687b7b89088a5c28a00a54c0 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 12 Mar 2018 21:22:55 +0100 Subject: [PATCH 29/39] Corrected typos --- .../DSCResources/MSFT_SPUserProfileServiceApp/readme.md | 2 +- .../DSCResources/MSFT_SPUserProfileSyncService/readme.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/readme.md b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/readme.md index 9e80e6f6d..1e977f93f 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/readme.md +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileServiceApp/readme.md @@ -18,7 +18,7 @@ parameter, the service application is provisioned. NOTE: Due to the fact that SharePoint requires certain User Profile components to be -provisioned as the Farm account, do this resource and SPUserProfileSyncService +provisioned as the Farm account, this resource and SPUserProfileSyncService retrieve the Farm account from the Managed Accounts. This does however mean that CredSSP is required, which has some security implications. More information about these risks can be found at: diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/readme.md b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/readme.md index dfb8c727d..ad89863c8 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/readme.md +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/readme.md @@ -18,7 +18,7 @@ parameter, the user profile sync service is provisioned. NOTE: Due to the fact that SharePoint requires certain User Profile components to be -provisioned as the Farm account, do this resource and SPUserProfileServiceApp +provisioned as the Farm account, this resource and SPUserProfileServiceApp retrieve the Farm account from the Managed Accounts. This does however mean that CredSSP is required, which has some security implications. More information about these risks can be found at: From 5ceea0fbb29523d61fb1ae8bef89a6adba0d2e39 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 12 Mar 2018 21:24:49 +0100 Subject: [PATCH 30/39] Merge with Dev --- CHANGELOG.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9dd6e9d8e..de09f47fd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,9 @@ * SPManagedMetadataServiceApp * Fixed issue with creating the Content Type Hub on an existing MMS service app without Content Type Hub. +* SPManagedMetadataServiceAppDefault + * Fixed issue where .GetType().FullName and TypeName were not used + properly * SPTimerJobState * Updated description of WebAppUrl parameter to make it clear that "N/A" has to be used to specify a global timer job. @@ -31,9 +34,6 @@ in the code and will be removed in v3.0. * SPVisioServiceApp * Fixed an issue where the proxy is not properly getting created -* SPManagedMetadataServiceAppDefault - * Fixed issue where .GetType().FullName and TypeName were not used - properly ## 2.1 From 6b5f020cf723416b491fc2cba761677276c4c990 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Tue, 13 Mar 2018 12:44:10 +0100 Subject: [PATCH 31/39] Review comment --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index de09f47fd..d0e8414c3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,7 +16,7 @@ service app without Content Type Hub. * SPManagedMetadataServiceAppDefault * Fixed issue where .GetType().FullName and TypeName were not used - properly + properly. * SPTimerJobState * Updated description of WebAppUrl parameter to make it clear that "N/A" has to be used to specify a global timer job. From 681d5fb06dba55389451d2656353020af441bd0e Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 14 Mar 2018 06:57:37 -0400 Subject: [PATCH 32/39] Converted Key to IsSingleInstance --- .../MSFT_SPDistributedCacheClientSettings.psm1 | 12 ++++++------ .../MSFT_SPDistributedCacheClientSettings.schema.mof | 3 ++- .../1-ConfigureClientSettings.ps1 | 2 +- ...intDsc.SPDistributedCacheClientSettings.Tests.ps1 | 2 ++ 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 index 4823dac1f..36be16dc0 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 @@ -5,9 +5,9 @@ function Get-TargetResource param ( [Parameter(Mandatory = $true)] - [ValidateSet("Present","Absent")] + [ValidateSet("Yes")] [System.String] - $Ensure, + $IsSingleInstance, [Parameter()] [System.UInt32] @@ -240,9 +240,9 @@ function Set-TargetResource param ( [Parameter(Mandatory = $true)] - [ValidateSet("Present","Absent")] + [ValidateSet("Yes")] [System.String] - $Ensure, + $IsSingleInstance, [Parameter()] [System.UInt32] @@ -553,9 +553,9 @@ function Test-TargetResource param ( [Parameter(Mandatory = $true)] - [ValidateSet("Present","Absent")] + [ValidateSet("Yes")] [System.String] - $Ensure, + $IsSingleInstance, [Parameter()] [System.UInt32] diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.schema.mof b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.schema.mof index 8950b9f0e..71345cab5 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.schema.mof +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.schema.mof @@ -1,7 +1,8 @@ [ClassVersion("1.0.0.0"), FriendlyName("SPDistributedCacheClientSettings")] class MSFT_SPDistributedCacheClientSettings : OMI_BaseResource { - [Key, Description("Present to initiate the configuration of the settings. Absent is not supported"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; + [Key, Description("Unique key for the resource. Set to 'Yes' to apply configuration."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; + [Write, Description("Present to initiate the configuration of the settings. Absent is not supported"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Maximum number of connections to the Distributed Logon Token Cache")] UInt32 DLTCMaxConnectionsToServer; [Write, Description("Request timeout for the Distributed Logon Token Cache")] UInt32 DLTCRequestTimeout; [Write, Description("Channel timeout for the Distributed Logon Token Cache")] UInt32 DLTCChannelOpenTimeOut; diff --git a/Modules/SharePointDsc/Examples/Resources/SPDistributedCacheClientSettings/1-ConfigureClientSettings.ps1 b/Modules/SharePointDsc/Examples/Resources/SPDistributedCacheClientSettings/1-ConfigureClientSettings.ps1 index 734556a83..489266a5d 100644 --- a/Modules/SharePointDsc/Examples/Resources/SPDistributedCacheClientSettings/1-ConfigureClientSettings.ps1 +++ b/Modules/SharePointDsc/Examples/Resources/SPDistributedCacheClientSettings/1-ConfigureClientSettings.ps1 @@ -15,7 +15,7 @@ node localhost { SPDistributedCacheClientSettings Settings { - Ensure = "Present" + IsSingleInstance = "Yes" DLTCMaxConnectionsToServer = 3 DLTCRequestTimeout = 1000 DLTCChannelOpenTimeOut = 1000 diff --git a/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 b/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 index a625f574b..dcf14dfd7 100644 --- a/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 +++ b/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 @@ -42,6 +42,7 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Context -Name "Some Distributed Cache Client Settings are Not Properly Configured" -Fixture { $testParams = @{ + IsSingleInstance = "Yes" Ensure = "Present" DLTCMaxConnectionsToServer = 5 DLTCRequestTimeout = 1000 @@ -89,6 +90,7 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { } Context -Name "Some Distributed Cache Client Settings are Not Properly Configured" -Fixture { $testParams = @{ + IsSingleInstance = "Yes" Ensure = "Present" DLTCMaxConnectionsToServer = 1 DLTCRequestTimeout = 3000 From c03815ca12e2afe33efcaa4cc900232dc65ad007 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 14 Mar 2018 08:33:17 -0400 Subject: [PATCH 33/39] Added the IsSingleInstance param to the return set of Get --- .../MSFT_SPDistributedCacheClientSettings.psm1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 index 36be16dc0..b3fcad666 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 @@ -142,6 +142,7 @@ function Get-TargetResource $params = $args[0] $nullReturnValue = @{ + IsSingleInstance = "Yes" Ensure = "Absent" DLTCMaxConnectionsToServer = $null DLTCRequestTimeout = $null @@ -190,6 +191,7 @@ function Get-TargetResource $DSTAC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedServerToAppServerAccessTokenCache" $returnValue = @{ + IsSingleInstance = "Yes" Ensure = "Present" DLTCMaxConnectionsToServer = $DLTC.MaxConnectionsToServer DLTCRequestTimeout = $DLTC.RequestTimeout @@ -690,7 +692,8 @@ function Test-TargetResource return Test-SPDscParameterState -CurrentValues $CurrentValues ` -DesiredValues $PSBoundParameters ` - -ValuesToCheck @("Ensure", + -ValuesToCheck @("IsSingleInstance", + "Ensure", "DLTCMaxConnectionsToServer", "DLTCRequestTimeout", "DLTCChannelOpenTimeOut", From e3feb95af10e8a2e17595ee6c02c5a19b31a8e61 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 14 Mar 2018 10:07:46 -0400 Subject: [PATCH 34/39] Removed Ensure from tests --- .../SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 | 2 -- 1 file changed, 2 deletions(-) diff --git a/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 b/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 index dcf14dfd7..1999021b7 100644 --- a/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 +++ b/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 @@ -43,7 +43,6 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Context -Name "Some Distributed Cache Client Settings are Not Properly Configured" -Fixture { $testParams = @{ IsSingleInstance = "Yes" - Ensure = "Present" DLTCMaxConnectionsToServer = 5 DLTCRequestTimeout = 1000 DLTCChannelOpenTimeOut = 1000 @@ -91,7 +90,6 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Context -Name "Some Distributed Cache Client Settings are Not Properly Configured" -Fixture { $testParams = @{ IsSingleInstance = "Yes" - Ensure = "Present" DLTCMaxConnectionsToServer = 1 DLTCRequestTimeout = 3000 DLTCChannelOpenTimeOut = 3000 From e347b383bcf16d48423bf5fd214165f76273fcf9 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 14 Mar 2018 14:12:10 -0400 Subject: [PATCH 35/39] Updates to Logic --- .../MSFT_SPDistributedCacheClientSettings.psm1 | 15 +++++++++++++++ ...FT_SPDistributedCacheClientSettings.schema.mof | 1 + ...Dsc.SPDistributedCacheClientSettings.Tests.ps1 | 2 ++ 3 files changed, 18 insertions(+) diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 index b3fcad666..deefeb1c1 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 @@ -129,6 +129,11 @@ function Get-TargetResource [System.UInt32] $DSTACChannelOpenTimeOut, + [Parameter()] + [ValidateSet("Present","Absent")] + [System.String] + $Ensure = "Present", + [Parameter()] [System.Management.Automation.PSCredential] $InstallAccount @@ -366,6 +371,11 @@ function Set-TargetResource [System.UInt32] $DSTACChannelOpenTimeOut = 3000, + [Parameter()] + [ValidateSet("Present","Absent")] + [System.String] + $Ensure = "Present", + [Parameter()] [System.Management.Automation.PSCredential] $InstallAccount @@ -679,6 +689,11 @@ function Test-TargetResource [System.UInt32] $DSTACChannelOpenTimeOut, + [Parameter()] + [ValidateSet("Present","Absent")] + [System.String] + $Ensure = "Present", + [Parameter()] [System.Management.Automation.PSCredential] $InstallAccount diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.schema.mof b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.schema.mof index 71345cab5..b0b447dd5 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.schema.mof +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.schema.mof @@ -33,5 +33,6 @@ class MSFT_SPDistributedCacheClientSettings : OMI_BaseResource [Write, Description("Maximum number of connections to the Distributed Server to Application Server Cache")] UInt32 DSTACMaxConnectionsToServer; [Write, Description("Request timeout for the Distributed Server to Application Server Cache")] UInt32 DSTACRequestTimeout; [Write, Description("Channel timeout for the Distributed Server to Application Server Cache")] UInt32 DSTACChannelOpenTimeOut; + [Write, Description("Present ensures the configs are applied, absent is not supported"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5"), EmbeddedInstance("MSFT_Credential")] String InstallAccount; }; diff --git a/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 b/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 index 1999021b7..55edd5bdf 100644 --- a/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 +++ b/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 @@ -42,6 +42,7 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Context -Name "Some Distributed Cache Client Settings are Not Properly Configured" -Fixture { $testParams = @{ + Ensure = "Present" IsSingleInstance = "Yes" DLTCMaxConnectionsToServer = 5 DLTCRequestTimeout = 1000 @@ -89,6 +90,7 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { } Context -Name "Some Distributed Cache Client Settings are Not Properly Configured" -Fixture { $testParams = @{ + Ensure = "Present" IsSingleInstance = "Yes" DLTCMaxConnectionsToServer = 1 DLTCRequestTimeout = 3000 From 21256d1d82ce5b06207339fa2ee1100cbf71d6cd Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 14 Mar 2018 14:26:02 -0400 Subject: [PATCH 36/39] Removed all Ensure instances --- ...MSFT_SPDistributedCacheClientSettings.psm1 | 24 ++----------------- ...PDistributedCacheClientSettings.schema.mof | 2 -- ...SPDistributedCacheClientSettings.Tests.ps1 | 16 ++----------- 3 files changed, 4 insertions(+), 38 deletions(-) diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 index deefeb1c1..851949e0a 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 @@ -129,11 +129,6 @@ function Get-TargetResource [System.UInt32] $DSTACChannelOpenTimeOut, - [Parameter()] - [ValidateSet("Present","Absent")] - [System.String] - $Ensure = "Present", - [Parameter()] [System.Management.Automation.PSCredential] $InstallAccount @@ -148,7 +143,6 @@ function Get-TargetResource $nullReturnValue = @{ IsSingleInstance = "Yes" - Ensure = "Absent" DLTCMaxConnectionsToServer = $null DLTCRequestTimeout = $null DLTCChannelOpenTimeOut = $null @@ -197,7 +191,6 @@ function Get-TargetResource $returnValue = @{ IsSingleInstance = "Yes" - Ensure = "Present" DLTCMaxConnectionsToServer = $DLTC.MaxConnectionsToServer DLTCRequestTimeout = $DLTC.RequestTimeout DLTCChannelOpenTimeOut = $DLTC.ChannelOpenTimeOut @@ -371,11 +364,6 @@ function Set-TargetResource [System.UInt32] $DSTACChannelOpenTimeOut = 3000, - [Parameter()] - [ValidateSet("Present","Absent")] - [System.String] - $Ensure = "Present", - [Parameter()] [System.Management.Automation.PSCredential] $InstallAccount @@ -383,7 +371,7 @@ function Set-TargetResource Write-Verbose -Message "Setting the Distributed Cache Client Settings" - if ($Ensure -eq "Present") + if ($IsSingleInstance -eq "Yes") { Invoke-SPDSCCommand -Credential $InstallAccount ` -Arguments $PSBoundParameters ` @@ -554,7 +542,7 @@ function Set-TargetResource } else { - throw "The SPDistributedCacheClientSettings resource only supports Ensure='Present'." + throw "The SPDistributedCacheClientSettings resource only supports IsSingleInstance='Yes'." } } @@ -689,11 +677,6 @@ function Test-TargetResource [System.UInt32] $DSTACChannelOpenTimeOut, - [Parameter()] - [ValidateSet("Present","Absent")] - [System.String] - $Ensure = "Present", - [Parameter()] [System.Management.Automation.PSCredential] $InstallAccount @@ -701,14 +684,11 @@ function Test-TargetResource Write-Verbose -Message "Testing the Distributed Cache Client Settings" - $PSBoundParameters.Ensure = $Ensure - $CurrentValues = Get-TargetResource @PSBoundParameters return Test-SPDscParameterState -CurrentValues $CurrentValues ` -DesiredValues $PSBoundParameters ` -ValuesToCheck @("IsSingleInstance", - "Ensure", "DLTCMaxConnectionsToServer", "DLTCRequestTimeout", "DLTCChannelOpenTimeOut", diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.schema.mof b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.schema.mof index b0b447dd5..e899e0ebb 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.schema.mof +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.schema.mof @@ -2,7 +2,6 @@ class MSFT_SPDistributedCacheClientSettings : OMI_BaseResource { [Key, Description("Unique key for the resource. Set to 'Yes' to apply configuration."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; - [Write, Description("Present to initiate the configuration of the settings. Absent is not supported"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Maximum number of connections to the Distributed Logon Token Cache")] UInt32 DLTCMaxConnectionsToServer; [Write, Description("Request timeout for the Distributed Logon Token Cache")] UInt32 DLTCRequestTimeout; [Write, Description("Channel timeout for the Distributed Logon Token Cache")] UInt32 DLTCChannelOpenTimeOut; @@ -33,6 +32,5 @@ class MSFT_SPDistributedCacheClientSettings : OMI_BaseResource [Write, Description("Maximum number of connections to the Distributed Server to Application Server Cache")] UInt32 DSTACMaxConnectionsToServer; [Write, Description("Request timeout for the Distributed Server to Application Server Cache")] UInt32 DSTACRequestTimeout; [Write, Description("Channel timeout for the Distributed Server to Application Server Cache")] UInt32 DSTACChannelOpenTimeOut; - [Write, Description("Present ensures the configs are applied, absent is not supported"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5"), EmbeddedInstance("MSFT_Credential")] String InstallAccount; }; diff --git a/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 b/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 index 55edd5bdf..fdc4dd5f3 100644 --- a/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 +++ b/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 @@ -30,19 +30,8 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { } } # Test contexts - Context -Name "Ensure is set to Absent" -Fixture { - $testParams = @{ - Ensure = "Absent" - } - - It "Should throw an error complaining that Ensure can't be Absent" { - { Set-TargetResource @testParams } | Should Throw "The SPDistributedCacheClientSettings resource only supports Ensure='Present'." - } - } - Context -Name "Some Distributed Cache Client Settings are Not Properly Configured" -Fixture { $testParams = @{ - Ensure = "Present" IsSingleInstance = "Yes" DLTCMaxConnectionsToServer = 5 DLTCRequestTimeout = 1000 @@ -76,8 +65,8 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { DSTACChannelOpenTimeOut = 1000 } - It "Should return Ensure equals Present" { - (Get-TargetResource @testParams).Ensure | Should Be "Present" + It "Should return IsSingleInstance equals Yes" { + (Get-TargetResource @testParams).IsSingleInstance | Should Be "Yes" } It "Should properly set the settings" { @@ -90,7 +79,6 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { } Context -Name "Some Distributed Cache Client Settings are Not Properly Configured" -Fixture { $testParams = @{ - Ensure = "Present" IsSingleInstance = "Yes" DLTCMaxConnectionsToServer = 1 DLTCRequestTimeout = 3000 From e44f8b4f680d0f6547dfd2f5c18f5cb1c10b3b2f Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 15 Mar 2018 05:31:20 -0400 Subject: [PATCH 37/39] Fixes last comments --- ...MSFT_SPDistributedCacheClientSettings.psm1 | 318 +++++++++--------- ...SPDistributedCacheClientSettings.Tests.ps1 | 22 +- 2 files changed, 169 insertions(+), 171 deletions(-) diff --git a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 index 851949e0a..800d7dd7f 100644 --- a/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 +++ b/Modules/SharePointDsc/DSCResources/MSFT_SPDistributedCacheClientSettings/MSFT_SPDistributedCacheClientSettings.psm1 @@ -371,178 +371,171 @@ function Set-TargetResource Write-Verbose -Message "Setting the Distributed Cache Client Settings" - if ($IsSingleInstance -eq "Yes") - { - Invoke-SPDSCCommand -Credential $InstallAccount ` - -Arguments $PSBoundParameters ` - -ScriptBlock { - $params = $args[0] - - #DistributedLogonTokenCache - $DLTC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedLogonTokenCache" + Invoke-SPDSCCommand -Credential $InstallAccount ` + -Arguments $PSBoundParameters ` + -ScriptBlock { + $params = $args[0] - if($params.DLTCMaxConnectionsToServer) - { - $DLTC.MaxConnectionsToServer = $params.DLTCMaxConnectionsToServer - } - if($params.DLTCRequestTimeout) - { - $DLTC.RequestTimeout = $params.DLTCRequestTimeout - } - if($params.DLTCChannelOpenTimeOut) - { - $DLTC.ChannelOpenTimeOut = $params.DLTCChannelOpenTimeOut - } - Set-SPDistributedCacheClientSetting -ContainerType "DistributedLogonTokenCache" $DLTC + #DistributedLogonTokenCache + $DLTC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedLogonTokenCache" - #DistributedViewStateCache - $DVSC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedViewStateCache" - if($params.DVSCMaxConnectionsToServer) - { - $DVSC.MaxConnectionsToServer = $params.DVSCMaxConnectionsToServer - } - if($params.DVSCRequestTimeout) - { - $DVSC.RequestTimeout = $params.DVSCRequestTimeout - } - if($params.DVSCChannelOpenTimeOut) - { - $DVSC.ChannelOpenTimeOut = $params.DVSCChannelOpenTimeOut - } - Set-SPDistributedCacheClientSetting -ContainerType "DistributedViewStateCache" $DVSC + if($params.DLTCMaxConnectionsToServer) + { + $DLTC.MaxConnectionsToServer = $params.DLTCMaxConnectionsToServer + } + if($params.DLTCRequestTimeout) + { + $DLTC.RequestTimeout = $params.DLTCRequestTimeout + } + if($params.DLTCChannelOpenTimeOut) + { + $DLTC.ChannelOpenTimeOut = $params.DLTCChannelOpenTimeOut + } + Set-SPDistributedCacheClientSetting -ContainerType "DistributedLogonTokenCache" $DLTC - #DistributedAccessCache - $DAC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedAccessCache" - if($params.DACMaxConnectionsToServer) - { - $DAC.MaxConnectionsToServer = $params.DACMaxConnectionsToServer - } - if($params.DACRequestTimeout) - { - $DAC.RequestTimeout = $params.DACRequestTimeout - } - if($params.DACChannelOpenTimeOut) - { - $DAC.ChannelOpenTimeOut = $params.DACChannelOpenTimeOut - } - Set-SPDistributedCacheClientSetting -ContainerType "DistributedAccessCache" $DAC + #DistributedViewStateCache + $DVSC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedViewStateCache" + if($params.DVSCMaxConnectionsToServer) + { + $DVSC.MaxConnectionsToServer = $params.DVSCMaxConnectionsToServer + } + if($params.DVSCRequestTimeout) + { + $DVSC.RequestTimeout = $params.DVSCRequestTimeout + } + if($params.DVSCChannelOpenTimeOut) + { + $DVSC.ChannelOpenTimeOut = $params.DVSCChannelOpenTimeOut + } + Set-SPDistributedCacheClientSetting -ContainerType "DistributedViewStateCache" $DVSC - #DistributedActivityFeedCache - $DAF = Get-SPDistributedCacheClientSetting -ContainerType "DistributedActivityFeedCache" - if($params.DAFMaxConnectionsToServer) - { - $DAF.MaxConnectionsToServer = $params.DAFMaxConnectionsToServer - } - if($params.DAFRequestTimeout) - { - $DAF.RequestTimeout = $params.DAFRequestTimeout - } - if($params.DAFChannelOpenTimeOut) - { - $DAF.ChannelOpenTimeOut = $params.DAFChannelOpenTimeOut - } - Set-SPDistributedCacheClientSetting -ContainerType "DistributedActivityFeedCache" $DAF + #DistributedAccessCache + $DAC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedAccessCache" + if($params.DACMaxConnectionsToServer) + { + $DAC.MaxConnectionsToServer = $params.DACMaxConnectionsToServer + } + if($params.DACRequestTimeout) + { + $DAC.RequestTimeout = $params.DACRequestTimeout + } + if($params.DACChannelOpenTimeOut) + { + $DAC.ChannelOpenTimeOut = $params.DACChannelOpenTimeOut + } + Set-SPDistributedCacheClientSetting -ContainerType "DistributedAccessCache" $DAC - #DistributedActivityFeedLMTCache - $DAFC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedActivityFeedLMTCache" - if($params.DAFCMaxConnectionsToServer) - { - $DAFC.MaxConnectionsToServer = $params.DAFCMaxConnectionsToServer - } - if($params.DAFCRequestTimeout) - { - $DAFC.RequestTimeout = $params.DAFCRequestTimeout - } - if($params.DAFCChannelOpenTimeOut) - { - $DAFC.ChannelOpenTimeOut = $params.DAFCChannelOpenTimeOut - } - Set-SPDistributedCacheClientSetting -ContainerType "DistributedActivityFeedLMTCache" $DAFC + #DistributedActivityFeedCache + $DAF = Get-SPDistributedCacheClientSetting -ContainerType "DistributedActivityFeedCache" + if($params.DAFMaxConnectionsToServer) + { + $DAF.MaxConnectionsToServer = $params.DAFMaxConnectionsToServer + } + if($params.DAFRequestTimeout) + { + $DAF.RequestTimeout = $params.DAFRequestTimeout + } + if($params.DAFChannelOpenTimeOut) + { + $DAF.ChannelOpenTimeOut = $params.DAFChannelOpenTimeOut + } + Set-SPDistributedCacheClientSetting -ContainerType "DistributedActivityFeedCache" $DAF - #DistributedBouncerCache - $DBC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedBouncerCache" - if($params.DBCMaxConnectionsToServer) - { - $DBC.MaxConnectionsToServer = $params.DBCMaxConnectionsToServer - } - if($params.DBCRequestTimeout) - { - $DBC.RequestTimeout = $params.DBCRequestTimeout - } - if($params.DBCChannelOpenTimeOut) - { - $DBC.ChannelOpenTimeOut = $params.DBCChannelOpenTimeOut - } - Set-SPDistributedCacheClientSetting -ContainerType "DistributedBouncerCache" $DBC + #DistributedActivityFeedLMTCache + $DAFC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedActivityFeedLMTCache" + if($params.DAFCMaxConnectionsToServer) + { + $DAFC.MaxConnectionsToServer = $params.DAFCMaxConnectionsToServer + } + if($params.DAFCRequestTimeout) + { + $DAFC.RequestTimeout = $params.DAFCRequestTimeout + } + if($params.DAFCChannelOpenTimeOut) + { + $DAFC.ChannelOpenTimeOut = $params.DAFCChannelOpenTimeOut + } + Set-SPDistributedCacheClientSetting -ContainerType "DistributedActivityFeedLMTCache" $DAFC - #DistributedDefaultCache - $DDC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedDefaultCache" - if($params.DDCMaxConnectionsToServer) - { - $DDC.MaxConnectionsToServer = $params.DDCMaxConnectionsToServer - } - if($params.DDCRequestTimeout) - { - $DDC.RequestTimeout = $params.DDCRequestTimeout - } - if($params.DDCChannelOpenTimeOut) - { - $DDC.ChannelOpenTimeOut = $params.DDCChannelOpenTimeOut - } - Set-SPDistributedCacheClientSetting -ContainerType "DistributedDefaultCache" $DDC + #DistributedBouncerCache + $DBC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedBouncerCache" + if($params.DBCMaxConnectionsToServer) + { + $DBC.MaxConnectionsToServer = $params.DBCMaxConnectionsToServer + } + if($params.DBCRequestTimeout) + { + $DBC.RequestTimeout = $params.DBCRequestTimeout + } + if($params.DBCChannelOpenTimeOut) + { + $DBC.ChannelOpenTimeOut = $params.DBCChannelOpenTimeOut + } + Set-SPDistributedCacheClientSetting -ContainerType "DistributedBouncerCache" $DBC - #DistributedSearchCache - $DSC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedSearchCache" - if($params.DSCMaxConnectionsToServer) - { - $DSC.MaxConnectionsToServer = $params.DSCMaxConnectionsToServer - } - if($params.DSCRequestTimeout) - { - $DSC.RequestTimeout = $params.DSCRequestTimeout - } - if($params.DSCChannelOpenTimeOut) - { - $DSC.ChannelOpenTimeOut = $params.DSCChannelOpenTimeOut - } - Set-SPDistributedCacheClientSetting -ContainerType "DistributedSearchCache" $DSC + #DistributedDefaultCache + $DDC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedDefaultCache" + if($params.DDCMaxConnectionsToServer) + { + $DDC.MaxConnectionsToServer = $params.DDCMaxConnectionsToServer + } + if($params.DDCRequestTimeout) + { + $DDC.RequestTimeout = $params.DDCRequestTimeout + } + if($params.DDCChannelOpenTimeOut) + { + $DDC.ChannelOpenTimeOut = $params.DDCChannelOpenTimeOut + } + Set-SPDistributedCacheClientSetting -ContainerType "DistributedDefaultCache" $DDC - #DistributedSecurityTrimmingCache - $DTC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedSecurityTrimmingCache" - if($params.DTCMaxConnectionsToServer) - { - $DTC.MaxConnectionsToServer = $params.DTCMaxConnectionsToServer - } - if($params.DTCRequestTimeout) - { - $DTC.RequestTimeout = $params.DTCRequestTimeout - } - if($params.DTCChannelOpenTimeOut) - { - $DTC.ChannelOpenTimeOut = $params.DTCChannelOpenTimeOut - } - Set-SPDistributedCacheClientSetting -ContainerType "DistributedSecurityTrimmingCache" $DTC + #DistributedSearchCache + $DSC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedSearchCache" + if($params.DSCMaxConnectionsToServer) + { + $DSC.MaxConnectionsToServer = $params.DSCMaxConnectionsToServer + } + if($params.DSCRequestTimeout) + { + $DSC.RequestTimeout = $params.DSCRequestTimeout + } + if($params.DSCChannelOpenTimeOut) + { + $DSC.ChannelOpenTimeOut = $params.DSCChannelOpenTimeOut + } + Set-SPDistributedCacheClientSetting -ContainerType "DistributedSearchCache" $DSC - #DistributedServerToAppServerAccessTokenCache - $DSTAC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedServerToAppServerAccessTokenCache" - if($params.DSTACMaxConnectionsToServer) - { - $DSTAC.MaxConnectionsToServer = $params.DSTACMaxConnectionsToServer - } - if($params.DSTACRequestTimeout) - { - $DSTAC.RequestTimeout = $params.DSTACRequestTimeout - } - if($params.DSTACChannelOpenTimeOut) - { - $DSTAC.ChannelOpenTimeOut = $params.DSTACChannelOpenTimeOut - } - Set-SPDistributedCacheClientSetting -ContainerType "DistributedServerToAppServerAccessTokenCache" $DSTAC + #DistributedSecurityTrimmingCache + $DTC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedSecurityTrimmingCache" + if($params.DTCMaxConnectionsToServer) + { + $DTC.MaxConnectionsToServer = $params.DTCMaxConnectionsToServer } - } - else - { - throw "The SPDistributedCacheClientSettings resource only supports IsSingleInstance='Yes'." + if($params.DTCRequestTimeout) + { + $DTC.RequestTimeout = $params.DTCRequestTimeout + } + if($params.DTCChannelOpenTimeOut) + { + $DTC.ChannelOpenTimeOut = $params.DTCChannelOpenTimeOut + } + Set-SPDistributedCacheClientSetting -ContainerType "DistributedSecurityTrimmingCache" $DTC + + #DistributedServerToAppServerAccessTokenCache + $DSTAC = Get-SPDistributedCacheClientSetting -ContainerType "DistributedServerToAppServerAccessTokenCache" + if($params.DSTACMaxConnectionsToServer) + { + $DSTAC.MaxConnectionsToServer = $params.DSTACMaxConnectionsToServer + } + if($params.DSTACRequestTimeout) + { + $DSTAC.RequestTimeout = $params.DSTACRequestTimeout + } + if($params.DSTACChannelOpenTimeOut) + { + $DSTAC.ChannelOpenTimeOut = $params.DSTACChannelOpenTimeOut + } + Set-SPDistributedCacheClientSetting -ContainerType "DistributedServerToAppServerAccessTokenCache" $DSTAC } } @@ -688,8 +681,7 @@ function Test-TargetResource return Test-SPDscParameterState -CurrentValues $CurrentValues ` -DesiredValues $PSBoundParameters ` - -ValuesToCheck @("IsSingleInstance", - "DLTCMaxConnectionsToServer", + -ValuesToCheck @("DLTCMaxConnectionsToServer", "DLTCRequestTimeout", "DLTCChannelOpenTimeOut", "DVSCMaxConnectionsToServer", diff --git a/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 b/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 index fdc4dd5f3..bef1f6ef1 100644 --- a/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 +++ b/Tests/Unit/SharePointDsc/SharePointDsc.SPDistributedCacheClientSettings.Tests.ps1 @@ -22,15 +22,15 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { # Mocks for all contexts Mock -CommandName Set-SPDistributedCacheClientSetting{} - Mock -CommandName Get-SPDistributedCacheClientSetting -MockWith { - return @{ - MaxConnectionsToServer = 3 - RequestTimeout = 1000 - ChannelOpenTimeOut = 1000 - } } # Test contexts Context -Name "Some Distributed Cache Client Settings are Not Properly Configured" -Fixture { + Mock -CommandName Get-SPDistributedCacheClientSetting -MockWith { + return @{ + MaxConnectionsToServer = 3 + RequestTimeout = 1000 + ChannelOpenTimeOut = 1000 + } } $testParams = @{ IsSingleInstance = "Yes" DLTCMaxConnectionsToServer = 5 @@ -73,11 +73,17 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { Set-TargetResource @testParams } - It "Should successfully test the resource" { + It "Should return false from Test-TargetResource" { (Test-TargetResource @testParams) | Should Be $false } } Context -Name "Some Distributed Cache Client Settings are Not Properly Configured" -Fixture { + Mock -CommandName Get-SPDistributedCacheClientSetting -MockWith { + return @{ + MaxConnectionsToServer = 1 + RequestTimeout = 3000 + ChannelOpenTimeOut = 3000 + } } $testParams = @{ IsSingleInstance = "Yes" DLTCMaxConnectionsToServer = 1 @@ -112,7 +118,7 @@ Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { DSTACChannelOpenTimeOut = 3000 } It "Should successfully test the resource" { - (Test-TargetResource @testParams) | Should Be $false + (Test-TargetResource @testParams) | Should Be $true } } } From 53cbf0acbf9877a45768499a22cda7271bf5d971 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Tue, 20 Mar 2018 15:51:23 +0100 Subject: [PATCH 38/39] v2.2 prep --- CHANGELOG.md | 6 +- Modules/SharePointDsc/SharePointDsc.psd1 | 80 ++++++++++-------------- 2 files changed, 37 insertions(+), 49 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b4b6afe35..f17d56bff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,15 +1,15 @@ # Change log for SharePointDsc -## Unreleased +## 2.2 -* SPDistributedCacheClientSettings - * Added the new resource * SPAlternateURL * If resource specifies Central Admin webapp and Default Zone, the existing AAM will be updated instead of adding a new one * SPContentDatabase * Fixed issue where mounting a content database which had to be upgraded resulted in a reboot. +* SPDistributedCacheClientSettings + * Added the new resource * SPFarmAdministrators * Fixed issue where member comparisons was case sensitive. This had to be case insensitive. diff --git a/Modules/SharePointDsc/SharePointDsc.psd1 b/Modules/SharePointDsc/SharePointDsc.psd1 index 0ed32d792..565cb7dbc 100644 --- a/Modules/SharePointDsc/SharePointDsc.psd1 +++ b/Modules/SharePointDsc/SharePointDsc.psd1 @@ -12,7 +12,7 @@ # RootModule = '' # Version number of this module. -ModuleVersion = '2.1.0.0' +ModuleVersion = '2.2.0.0' # ID used to uniquely identify this module GUID = '6c1176a0-4fac-4134-8ca2-3fa8a21a7b90' @@ -128,53 +128,41 @@ PrivateData = @{ # ReleaseNotes of this module ReleaseNotes = " - * General - * Updated the integration tests for building the Azure environment - * Works in any Azure environment. - * Updated the SqlServer configuration to use SqlServerDsc version 10.0.0.0. * SPAlternateURL - * Added the ability to manage the Central Administration AAMs - * SPDiagnosticsProvider - * Added the resource - * SPFarm - * Corrected issue where ServerRole parameter is returned in SP2013 - * SPInfoPathFormsServiceConfig - * Added the resource - * SPInstallPrereqs - * Fixed two typos in to be installed Windows features for SharePoint 2016 - * SPSearchAutoritativePage - * Added missing readme.md - * SPSearchCrawlerImpactRule - * Fixed issue where an error was thrown when retrieving Crawl Impact rules - * Added missing readme.md - * SPSearchCrawlMapping - * Added missing readme.md - * SPSecureStoreServiceApp - * Fixed issue in Get-TargetResource to return AuditingEnabled property - * SPSecurityTokenServiceConfig - * Added the resource - * SPServiceIdentity - * Fixed issue with correctly retrieving the process identity for the - Search instance - * Added support for LocalSystem, LocalService and NetworkService - * SPUserProfileProperty - * Fixed issues with the User Profile properties for 2016 - * SPUserProfileServiceAppPermissions - * Removed the mandatory requirement from secondary parameters - * SPUserProfileSyncConnection - * Fixed issues with the User Profile Sync connection for SharePoint - 2016 + * If resource specifies Central Admin webapp and Default Zone, the existing + AAM will be updated instead of adding a new one + * SPContentDatabase + * Fixed issue where mounting a content database which had to be upgraded + resulted in a reboot. + * SPDistributedCacheClientSettings + * Added the new resource + * SPFarmAdministrators + * Fixed issue where member comparisons was case sensitive. This had + to be case insensitive. + * SPManagedMetadataServiceApp + * Fixed issue with creating the Content Type Hub on an existing MMS + service app without Content Type Hub. + * SPManagedMetadataServiceAppDefault + * Fixed issue where .GetType().FullName and TypeName were not used + properly. + * SPTimerJobState + * Updated description of WebAppUrl parameter to make it clear that + N/A has to be used to specify a global timer job. + * SPUserProfileServiceApp + * Fixed issue introduced in v2.0, where the Farm Account had to have + local Administrator permissions for the resource to function properly. + * Updated resource to retrieve the Farm account from the Managed Accounts + instead of requiring it as a parameter. * SPUserProfileSyncService - * Added returning the FarmAccount to the Get method - * SPWebAppAuthentication - * Corrected issue where parameter validation wasn't performed correctly - * SPWebApplicationExtension - * Fixed issue with test always failing when Ensure was set to Absent - * SPWorkManagementServiceApp - * Added check for SharePoint 2016, since this functionality has been - removed in SharePoint 2016 -" - + * Fixed issue introduced in v2.0, where the Farm Account had to have + local Administrator permissions for the resource to function properly. + * Updated resource to retrieve the Farm account from the Managed Accounts + instead of requiring it as a parameter. + * The FarmAccount parameter is deprecated and no longer required. Is ignored + in the code and will be removed in v3.0. + * SPVisioServiceApp + * Fixed an issue where the proxy is not properly getting created + " } # End of PSData hashtable } # End of PrivateData hashtable From b1cd1ea8abfa48037ee82814cd8f31bf0ea01ef5 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Tue, 20 Mar 2018 20:01:45 +0100 Subject: [PATCH 39/39] Adding documentation to release --- .../en-US/about_SPAlternateUrl.help.txt | 18 +- ..._SPDistributedCacheClientSettings.help.txt | 196 ++++++++++++++++++ .../en-US/about_SPTimerJobState.help.txt | 2 +- .../about_SPUserProfileServiceApp.help.txt | 19 +- .../about_SPUserProfileSyncService.help.txt | 21 +- 5 files changed, 243 insertions(+), 13 deletions(-) create mode 100644 Modules/SharePointDsc/en-US/about_SPDistributedCacheClientSettings.help.txt diff --git a/Modules/SharePointDsc/en-US/about_SPAlternateUrl.help.txt b/Modules/SharePointDsc/en-US/about_SPAlternateUrl.help.txt index 03d24fd59..028f892bf 100644 --- a/Modules/SharePointDsc/en-US/about_SPAlternateUrl.help.txt +++ b/Modules/SharePointDsc/en-US/about_SPAlternateUrl.help.txt @@ -8,14 +8,28 @@ application. Alternatively a URL can be removed from a zone to ensure that it will remain empty and have no alternate URL. + The default value for the Ensure parameter is Present. When not specifying this + parameter, the setting is configured. + + ## Central Administration + To select the Central Administration site, use the following command to retrieve the correct web application name: (Get-SPWebApplication -IncludeCentralAdministration | Where-Object { $_.IsAdministrationWebApplication }).DisplayName - The default value for the Ensure parameter is Present. When not specifying this - parameter, the setting is configured. + To update the existing Default Zone AAM for Central Administration (e.g. to + implement HTTPS), use the above command to retrieve the web application name + (by default, it will be "SharePoint Central Administration v4") and specify + "Default" as the Zone. If you wish to add AAM's instead, you may use the other + zones to do so. + + Using SPAlternateUrl to update the Default Zone AAM for Central Administration + will update the AAM in SharePoint as well as the CentralAdministrationUrl value + in the registry. It will not, however, update bindings in IIS. It is recommended + to use the xWebsite resource from the xWebAdministration module to configure the + appropriate bindings in IIS. .PARAMETER WebAppName Key - String diff --git a/Modules/SharePointDsc/en-US/about_SPDistributedCacheClientSettings.help.txt b/Modules/SharePointDsc/en-US/about_SPDistributedCacheClientSettings.help.txt new file mode 100644 index 000000000..0acd30fb3 --- /dev/null +++ b/Modules/SharePointDsc/en-US/about_SPDistributedCacheClientSettings.help.txt @@ -0,0 +1,196 @@ +.NAME + SPDistributedCacheClientSettings + +# Description + + This resource is responsible for configuring the distributed cache client + settings. It only accepts Ensure='Present' as a key. The resource can + configure the following cache components: DistributedLogonTokenCache, + DistributedViewStateCache, DistributedAccessCache, + DistributedActivityFeedCache, DistributedActivityFeedLMTCache, + DistributedBouncerCache, DistributedDefaultCache, DistributedSearchCache, + DistributedSecurityTrimmingCache, and DistributedServerToAppServerAccessTokenCache. + +.PARAMETER IsSingleInstance + Key - String + Allowed values: Yes + Unique key for the resource. Set to 'Yes' to apply configuration. + +.PARAMETER DLTCMaxConnectionsToServer + Write - UInt32 + Maximum number of connections to the Distributed Logon Token Cache + +.PARAMETER DLTCRequestTimeout + Write - UInt32 + Request timeout for the Distributed Logon Token Cache + +.PARAMETER DLTCChannelOpenTimeOut + Write - UInt32 + Channel timeout for the Distributed Logon Token Cache + +.PARAMETER DVSCMaxConnectionsToServer + Write - UInt32 + Maximum number of connections to the Distributed View State Cache + +.PARAMETER DVSCRequestTimeout + Write - UInt32 + Request timeout for the Distributed View State Cache + +.PARAMETER DVSCChannelOpenTimeOut + Write - UInt32 + Channel timeout for the Distributed View State Cache + +.PARAMETER DACMaxConnectionsToServer + Write - UInt32 + Maximum number of connections to the Distributed Access Cache + +.PARAMETER DACRequestTimeout + Write - UInt32 + Request timeout for the Distributed Access Cache + +.PARAMETER DACChannelOpenTimeOut + Write - UInt32 + Channel timeout for the Distributed Access Cache + +.PARAMETER DAFMaxConnectionsToServer + Write - UInt32 + Maximum number of connections to the Distributed Activity Feed Cache + +.PARAMETER DAFRequestTimeout + Write - UInt32 + Request timeout for the Distributed Activity Feed Cache + +.PARAMETER DAFChannelOpenTimeOut + Write - UInt32 + Channel timeout for the Distributed Activity Feed Cache + +.PARAMETER DAFCMaxConnectionsToServer + Write - UInt32 + Maximum number of connections to the Distributed Activity Feed LMT Cache + +.PARAMETER DAFCRequestTimeout + Write - UInt32 + Request timeout for the Distributed Activity Feed LMT Cache + +.PARAMETER DAFCChannelOpenTimeOut + Write - UInt32 + Channel timeout for the Distributed Activity Feed LMT Cache + +.PARAMETER DBCMaxConnectionsToServer + Write - UInt32 + Maximum number of connections to the Distributed Bouncer Cache + +.PARAMETER DBCRequestTimeout + Write - UInt32 + Request timeout for the Distributed Bouncer Cache + +.PARAMETER DBCChannelOpenTimeOut + Write - UInt32 + Channel timeout for the Distributed Bouncer Cache + +.PARAMETER DDCMaxConnectionsToServer + Write - UInt32 + Maximum number of connections to the Distributed Default Cache + +.PARAMETER DDCRequestTimeout + Write - UInt32 + Request timeout for the Distributed Default Cache + +.PARAMETER DDCChannelOpenTimeOut + Write - UInt32 + Channel timeout for the Distributed Default Cache + +.PARAMETER DSCMaxConnectionsToServer + Write - UInt32 + Maximum number of connections to the Distributed Search Cache + +.PARAMETER DSCRequestTimeout + Write - UInt32 + Request timeout for the Distributed Search Cache + +.PARAMETER DSCChannelOpenTimeOut + Write - UInt32 + Channel timeout for the Distributed Search Cache + +.PARAMETER DTCMaxConnectionsToServer + Write - UInt32 + Maximum number of connections to the Distributed Security Trimming Cache + +.PARAMETER DTCRequestTimeout + Write - UInt32 + Request timeout for the Distributed Security Trimming Cache + +.PARAMETER DTCChannelOpenTimeOut + Write - UInt32 + Channel timeout for the Distributed Security Trimming Cache + +.PARAMETER DSTACMaxConnectionsToServer + Write - UInt32 + Maximum number of connections to the Distributed Server to Application Server Cache + +.PARAMETER DSTACRequestTimeout + Write - UInt32 + Request timeout for the Distributed Server to Application Server Cache + +.PARAMETER DSTACChannelOpenTimeOut + Write - UInt32 + Channel timeout for the Distributed Server to Application Server Cache + +.PARAMETER InstallAccount + Write - String + POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5 + + +.EXAMPLE + This example configures the distributed cache client settings. + + + Configuration Example + { + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $SetupAccount + ) + Import-DscResource -ModuleName SharePointDsc + + node localhost { + SPDistributedCacheClientSettings Settings + { + IsSingleInstance = "Yes" + DLTCMaxConnectionsToServer = 3 + DLTCRequestTimeout = 1000 + DLTCChannelOpenTimeOut = 1000 + DVSCMaxConnectionsToServer = 3 + DVSCRequestTimeout = 1000 + DVSCChannelOpenTimeOut = 1000 + DACMaxConnectionsToServer = 3 + DACRequestTimeout = 1000 + DACChannelOpenTimeOut = 1000 + DAFMaxConnectionsToServer = 3 + DAFRequestTimeout = 1000 + DAFChannelOpenTimeOut = 1000 + DAFCMaxConnectionsToServer = 3 + DAFCRequestTimeout = 1000 + DAFCChannelOpenTimeOut = 1000 + DBCMaxConnectionsToServer = 3 + DBCRequestTimeout = 1000 + DBCChannelOpenTimeOut = 1000 + DDCMaxConnectionsToServer = 3 + DDCRequestTimeout = 1000 + DDCChannelOpenTimeOut = 1000 + DSCMaxConnectionsToServer = 3 + DSCRequestTimeout = 1000 + DSCChannelOpenTimeOut = 1000 + DTCMaxConnectionsToServer = 3 + DTCRequestTimeout = 1000 + DTCChannelOpenTimeOut = 1000 + DSTACMaxConnectionsToServer = 3 + DSTACRequestTimeout = 1000 + DSTACChannelOpenTimeOut = 1000 + PsDscRunAscredential = $SetupAccount + } + } + } + + diff --git a/Modules/SharePointDsc/en-US/about_SPTimerJobState.help.txt b/Modules/SharePointDsc/en-US/about_SPTimerJobState.help.txt index 9e3360bf0..3c1cc7b3a 100644 --- a/Modules/SharePointDsc/en-US/about_SPTimerJobState.help.txt +++ b/Modules/SharePointDsc/en-US/about_SPTimerJobState.help.txt @@ -33,7 +33,7 @@ .PARAMETER WebAppUrl Key - String - The URL of the web application that the timer job belongs to, N/A if no web application is applicable + The URL of the web application that the timer job belongs to. Use the value 'N/A' if no web application is applicable .PARAMETER Enabled Write - Boolean diff --git a/Modules/SharePointDsc/en-US/about_SPUserProfileServiceApp.help.txt b/Modules/SharePointDsc/en-US/about_SPUserProfileServiceApp.help.txt index d998fc2e2..9a6d3bab7 100644 --- a/Modules/SharePointDsc/en-US/about_SPUserProfileServiceApp.help.txt +++ b/Modules/SharePointDsc/en-US/about_SPUserProfileServiceApp.help.txt @@ -7,13 +7,26 @@ farm. It creates the required databases using the parameters that are passed in to it (although these are only used during the initial provisioning). - The specified InstallAccount or PSDSCRunAsCredential has to be the Farm Account. - This is done to ensure that the databases are created with the correct schema - owners and allow the user profile sync service to operate correctly. + The specified InstallAccount or PSDSCRunAsCredential cannot be the Farm Account. + The resource will throw an error when it is. + + To allow successful provisioning, the farm account must be in the local + administrators group, however it is not best practice to leave this account in + the Administrators group. Therefore this resource will add the Farm Account + credential to the local administrators group at the beginning of the set method + and remove it again later on. The default value for the Ensure parameter is Present. When not specifying this parameter, the service application is provisioned. + NOTE: + Due to the fact that SharePoint requires certain User Profile components to be + provisioned as the Farm account, this resource and SPUserProfileSyncService + retrieve the Farm account from the Managed Accounts. + This does however mean that CredSSP is required, which has some security + implications. More information about these risks can be found at: + http://www.powershellmagazine.com/2014/03/06/accidental-sabotage-beware-of-credssp/ + .PARAMETER Name Key - string The name of the user profile service diff --git a/Modules/SharePointDsc/en-US/about_SPUserProfileSyncService.help.txt b/Modules/SharePointDsc/en-US/about_SPUserProfileSyncService.help.txt index 6138b4966..045fa89ce 100644 --- a/Modules/SharePointDsc/en-US/about_SPUserProfileSyncService.help.txt +++ b/Modules/SharePointDsc/en-US/about_SPUserProfileSyncService.help.txt @@ -7,19 +7,26 @@ has been provisioned (Ensure = "Present") or is not running (Ensure = "Absent") on the current server. - This resource requires that the FarmAccount is specified as the InstallAccount - or PsDscRunAsCredential parameter. It will throw an exception if this is not - the case. + The specified InstallAccount or PSDSCRunAsCredential cannot be the Farm Account. + The resource will throw an error when it is. - To allow successful provisioning the farm account must be in the local + To allow successful provisioning, the farm account must be in the local administrators group, however it is not best practice to leave this account in - the Administrators group. Therefore this resource will add the FarmAccount + the Administrators group. Therefore this resource will add the Farm Account credential to the local administrators group at the beginning of the set method and remove it again later on. The default value for the Ensure parameter is Present. When not specifying this parameter, the user profile sync service is provisioned. + NOTE: + Due to the fact that SharePoint requires certain User Profile components to be + provisioned as the Farm account, this resource and SPUserProfileServiceApp + retrieve the Farm account from the Managed Accounts. + This does however mean that CredSSP is required, which has some security + implications. More information about these risks can be found at: + http://www.powershellmagazine.com/2014/03/06/accidental-sabotage-beware-of-credssp/ + .PARAMETER UserProfileServiceAppName Key - string The name of the user profile service for this sync instance @@ -30,8 +37,8 @@ Present to ensure the service is running, absent to ensure it is not .PARAMETER FarmAccount - Required - String - The farm account, which is needed to provision the service app + Write - String + PARAMETER IS NOT USED ANYMORE, WILL BE REMOVED IN V3.0 .PARAMETER RunOnlyWhenWriteable Write - Boolean