ADMF

1.10.68

functions/New-AdmfContext.ps1

                                function New-AdmfContext

{

<#

    .SYNOPSIS

        Creates a new configuration context for ADMF.

    .DESCRIPTION

        Creates a new configuration context for ADMF.

        Contexts are a set of configuration settings.

        You can combine multiple contexts at the same time, merging the settings they contain.

        For more details on how contexts work, see:

            Get-Help about_ADMF_Context

    .PARAMETER Name

        The name of the context to create.

    .PARAMETER Store

        The context store to create the context in.

        Context Stores are registered filesystem locations where ADMF will look for contexts.

        Defaults to the default store found in %AppData%.

    .PARAMETER OutPath

        Create the context in a target path, rather than a registered store.

        Keep in mind, that this will require the context to be manually moved to a registered location in order for it to become available to use.

    .PARAMETER Weight

        The priority of the context.

        This is used to determine the import order when importing multiple contexts.

        The higher the value, the later in the import order.

        Default: 50

    .PARAMETER Description

        Add a description to your context (for documentation purposes only).

    .PARAMETER Author

        The author of the context (for documentation purposes only)

    .PARAMETER Group

        The group to assign the context to.

        By default, will be part of the "Default" group.

        Groups are only relevant fpr the itneractive context selection menu, where they govern the visual display style / grouping.

    .PARAMETER Prerequisite

        Contexts the current context depends on / requires.

    .PARAMETER MutuallyExclusive

        Contexts that are mutually exclusive with each other.

        E.g.: Where the user has to select between one of several environments.

    .PARAMETER DefaultAccessRules

        A new Active Directory environment comes with more deployed security delegations than defined in the schema.

        Several containers - especially the BuiltIn container - have a lot of extra access rules.

        When deploying a restrictive domain content mode, where these objects fall under management, it becomes necessary to also configure these delegations, lest they be removed.

        Setting this switch will include all the default delegations in your new context.

    .PARAMETER Force

        This command refuses to replace an existing context by default.

        Using force, it is a bit more brutish and will kill any previously existing context with the same name in the target store.

    .PARAMETER EnableException

        This parameters disables user-friendly warnings and enables the throwing of exceptions.

        This is less user friendly, but allows catching exceptions in calling scripts.

    .EXAMPLE

        PS C:\> New-AdmfContext -Name 'newContext'

        Creates a new context named "newContext"

    .EXAMPLE

        PS C:\> New-AdmfContext -Name 'Contoso_Baseline' -Store Company -Weight 10 -Author "Sad Joey" -DefaultccessRules -Description "Default baseline for contoso company forests"

        Creates a new context ...

        - Named "Contoso_Baseline"

        - In the context store "Company"

        - With the weight 10 (very low, causing it to be one of the first to be applied)

        - By Sad Joey (a great and non-sad person)

        - that contains the default access rules

        - has a useful description of what it is for

#>

    [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseShouldProcessForStateChangingFunctions", "")]

    [CmdletBinding(DefaultParameterSetName = 'Store')]

    param (

        [Parameter(Mandatory = $true)]

        [PsfValidatePattern('^[\w\d_\-\.]+$', ErrorString = 'ADMF.Validate.Pattern.ContextName')]

        [string]

        $Name,

        [Parameter(ParameterSetName = 'Store')]

        [PsfValidateSet(TabCompletion = 'ADMF.Context.Store')]

        [string]

        $Store = 'Default',

        [Parameter(ParameterSetName = 'Path')]

        [PsfValidateScript('ADMF.Validate.Path.Folder', ErrorString = 'ADMF.Validate.Path.Folder')]

        [string]

        $OutPath,

        [int]

        $Weight = 50,

        [string]

        $Description = "<Insert description-text here>",

        [string]

        $Author = "<Insert your name here>",

        [string]

        $Group = 'Default',

        [string[]]

        $Prerequisite = @(),

        [string[]]

        $MutuallyExclusive = @(),

        [switch]

        $DefaultAccessRules,

        [switch]

        $Force,

        [switch]

        $EnableException

    )

    begin

    {

        if ($OutPath)

        {

            $resolvedPath = Resolve-PSFPath -Provider FileSystem -Path $OutPath -SingleItem

            if (-not $Force -and (Test-Path -Path "$resolvedPath\$Name"))

            {

                Stop-PSFFunction -String 'New-AdmfContext.Context.AlreadyExists' -StringValues $resolvedPath, $Name -EnableException $EnableException -Category InvalidArgument -Cmdlet $PSCmdlet

                return

            }

        }

        else

        {

            $storeObject = Get-AdmfContextStore -Name $Store

            if (-not $Force -and (Test-Path -Path "$($storeObject.Path)\$Name"))

            {

                Stop-PSFFunction -String 'New-AdmfContext.Context.AlreadyExists2' -StringValues $Store, $Name -EnableException $EnableException -Category InvalidArgument -Cmdlet $PSCmdlet

                return

            }

            if (-not (Test-Path -Path $storeObject.Path))

            {

                $null = New-Item -Path $storeObject.Path -ItemType Directory -Force

            }

            $resolvedPath = Resolve-PSFPath -Provider FileSystem -Path $storeObject.Path -SingleItem

        }

    }

    process

    {

        if (Test-PSFFunctionInterrupt) { return }

        # This can only be $true when -Force was used, as otherwise it would fail in begin

        if (Test-Path -Path "$resolvedPath\$Name") { Remove-Item -Path "$resolvedPath\$Name" -Recurse -Force }

        $contextFolder = New-Item -Path $resolvedPath -Name $Name -ItemType Directory

        $contextVersionFolder = New-Item -Path $contextFolder.FullName -Name '1.0.0' -ItemType Directory

        Copy-Item -Path "$script:ModuleRoot\internal\data\context\*" -Destination "$($contextVersionFolder.FullName)\" -Recurse

        #region Default Access Rules

        if ($DefaultAccessRules){

            Copy-Item -Path "$script:ModuleRoot\internal\data\domainDefaults\accessRules\*.json" -Destination "$($contextVersionFolder.FullName)\domain\accessrules\"

            Copy-Item -Path "$script:ModuleRoot\internal\data\domainDefaults\objectCategories\*.psd1" -Destination "$($contextVersionFolder.FullName)\domain\objectcategories\"

            Copy-Item -Path "$script:ModuleRoot\internal\data\domainDefaults\gppermissions\*.json" -Destination "$($contextVersionFolder.FullName)\domain\gppermissions\"

            Copy-Item -Path "$script:ModuleRoot\internal\data\domainDefaults\gppermissionfilters\*.json" -Destination "$($contextVersionFolder.FullName)\domain\gppermissionfilters\"

            Copy-Item -Path "$script:ModuleRoot\internal\data\forestDefaults\schemaDefaultPermissions\*.json" -Destination "$($contextVersionFolder.FullName)\forest\schemaDefaultPermissions\"

        }

        #endregion Default Access Rules

        $contextJson = [pscustomobject]@{

            Version          = '1.0.0'

            Weight          = $Weight

            Description   = $Description

            Author          = $Author

            Prerequisites = $Prerequisite

            MutuallyExclusive = $MutuallyExclusive

            Group          = $Group

        }

        $contextJson | ConvertTo-Json | Set-Content -Path "$($contextVersionFolder.FullName)\context.json"

        Get-AdmfContext -Name $Name -Store $Store

    }

}