Examples/Resources/ADObjectPermissionEntry/1-ADObjectPermissionEntry_DelegateFullControl_Config.ps1

<#PSScriptInfo
.VERSION 1.0
.GUID c096de91-61ee-41e9-917a-069c62b34d50
.AUTHOR Microsoft Corporation
.COMPANYNAME Microsoft Corporation
.COPYRIGHT (c) Microsoft Corporation. All rights reserved.
.TAGS DSCConfiguration
.LICENSEURI https://github.com/PowerShell/ActiveDirectoryDsc/blob/master/LICENSE
.PROJECTURI https://github.com/PowerShell/ActiveDirectoryDsc
.ICONURI
.EXTERNALMODULEDEPENDENCIES
.REQUIREDSCRIPTS
.EXTERNALSCRIPTDEPENDENCIES
.RELEASENOTES
.PRIVATEDATA
#>


#Requires -module ActiveDirectoryDsc

<#
    .DESCRIPTION
        This configuration will add full control (GenericAll) permissions to
        the virtual computer object (VCO) ROLE01 for a cluster name object (CNO)
        CONTOSO\CLUSTER01$. This is used so that the Windows Failover Cluster
        can control the roles AD objects.
#>

Configuration ADObjectPermissionEntry_DelegateFullControl_Config
{
    Import-DscResource -Module ActiveDirectoryDsc

    Node localhost
    {
        ADObjectPermissionEntry 'ADObjectPermissionEntry'
        {
            Ensure                             = 'Present'
            Path                               = 'CN=ROLE01,CN=Computers,DC=contoso,DC=com'
            IdentityReference                  = 'CONTOSO\CLUSTER01$'
            ActiveDirectoryRights              = 'GenericAll'
            AccessControlType                  = 'Allow'
            ObjectType                         = '00000000-0000-0000-0000-000000000000'
            ActiveDirectorySecurityInheritance = 'None'
            InheritedObjectType                = '00000000-0000-0000-0000-000000000000'
        }
    }
}