DscResources/AddsProtectFromAccidentalDeletion/AddsProtectFromAccidentalDeletion.schema.psm1
|
configuration AddsProtectFromAccidentalDeletion { param ( [Parameter()] [Boolean] $ProtectDomain = $false, [Parameter()] [Boolean] $ProtectOrgUnit = $false, [Parameter()] [String] $FilterOrgUnit = '*', [Parameter()] [Boolean] $ProtectUser = $false, [Parameter()] [String] $FilterUser = '*', [Parameter()] [Boolean] $ProtectGroup = $false, [Parameter()] [String] $FilterGroup = '*', [Parameter()] [Boolean] $ProtectComputer = $false, [Parameter()] [String] $FilterComputer = '*', [Parameter()] [Boolean] $ProtectFineGrainedPasswordPolicy = $false, [Parameter()] [String] $FilterFineGrainedPasswordPolicy = '*', [Parameter()] [Boolean] $ProtectReplicationSite = $false, [Parameter()] [String] $FilterReplicationSite = '*' ) Import-DscResource -ModuleName PSDesiredStateConfiguration if( $ProtectDomain -eq $true ) { Script AddsProtectADDomain { TestScript = { $cnt = (Get-ADDomain | ` Get-ADObject -Properties ProtectedFromAccidentalDeletion | ` Where-Object { $_.ProtectedFromAccidentalDeletion -ne $true } | ` Measure-Object).Count Write-Verbose "Unprotected ADDomains: $cnt" return ($cnt -eq 0) } SetScript = { Get-ADDomain | Set-ADObject -ProtectedFromAccidentalDeletion $true } GetScript = { return @{result = 'N/A'} } } } if( $ProtectOrgUnit -eq $true ) { Script AddsProtectOrgUnit { TestScript = { $cnt = (Get-ADOrganizationalUnit -Filter $using:FilterOrgUnit | ` Get-ADObject -Properties ProtectedFromAccidentalDeletion | ` Where-Object { $_.ProtectedFromAccidentalDeletion -ne $true } | ` Measure-Object).Count Write-Verbose "Unprotected ADOrganizationalUnits: $cnt" return ($cnt -eq 0) } SetScript = { Get-ADOrganizationalUnit -Filter $using:FilterOrgUnit | Set-ADObject -ProtectedFromAccidentalDeletion $true } GetScript = { return @{result = 'N/A'} } } } if( $ProtectUser -eq $true ) { Script AddsProtectUser { TestScript = { $cnt = (Get-ADUser -Filter $using:FilterUser | ` Get-ADObject -Properties ProtectedFromAccidentalDeletion | ` Where-Object { $_.ProtectedFromAccidentalDeletion -ne $true } | ` Measure-Object).Count Write-Verbose "Unprotected ADUsers: $cnt" return ($cnt -eq 0) } SetScript = { Get-ADUser -Filter $using:FilterUser | Set-ADObject -ProtectedFromAccidentalDeletion $true } GetScript = { return @{result = 'N/A'} } } } if( $ProtectGroup -eq $true ) { Script AddsProtectGroup { TestScript = { $cnt = (Get-ADGroup -Filter $using:FilterGroup | ` Get-ADObject -Properties ProtectedFromAccidentalDeletion | ` Where-Object { $_.ProtectedFromAccidentalDeletion -ne $true } | ` Measure-Object).Count Write-Verbose "Unprotected ADGroups: $cnt" return ($cnt -eq 0) } SetScript = { Get-ADGroup -Filter $using:FilterGroup | Set-ADObject -ProtectedFromAccidentalDeletion $true } GetScript = { return @{result = 'N/A'} } } } if( $ProtectComputer -eq $true ) { Script AddsProtectComputer { TestScript = { $cnt = (Get-ADComputer -Filter $using:FilterComputer | ` Get-ADObject -Properties ProtectedFromAccidentalDeletion | ` Where-Object { $_.ProtectedFromAccidentalDeletion -ne $true } | ` Measure-Object).Count Write-Verbose "Unprotected ADComputers: $cnt" return ($cnt -eq 0) } SetScript = { Get-ADComputer -Filter $using:FilterComputer | Set-ADObject -ProtectedFromAccidentalDeletion $true } GetScript = { return @{result = 'N/A'} } } } if( $ProtectFineGrainedPasswordPolicy -eq $true ) { Script AddsProtectFineGrainedPasswordPolicy { TestScript = { $cnt = (Get-ADFineGrainedPasswordPolicy -Filter $using:FilterFineGrainedPasswordPolicy | ` Get-ADObject -Properties ProtectedFromAccidentalDeletion | ` Where-Object { $_.ProtectedFromAccidentalDeletion -ne $true } | ` Measure-Object).Count Write-Verbose "Unprotected ADFineGrainedPasswordPolicies: $cnt" return ($cnt -eq 0) } SetScript = { Get-ADFineGrainedPasswordPolicy -Filter $using:FilterFineGrainedPasswordPolicy | Set-ADObject -ProtectedFromAccidentalDeletion $true } GetScript = { return @{result = 'N/A'} } } } if( $ProtectReplicationSite -eq $true ) { Script AddsProtectReplicationSite { TestScript = { $cnt = (Get-ADReplicationSite -Filter $using:FilterReplicationSite | ` Get-ADObject -Properties ProtectedFromAccidentalDeletion | ` Where-Object { $_.ProtectedFromAccidentalDeletion -ne $true } | ` Measure-Object).Count Write-Verbose "Unprotected ADReplicationSites: $cnt" return ($cnt -eq 0) } SetScript = { Get-ADReplicationSite -Filter $using:FilterReplicationSite | Set-ADObject -ProtectedFromAccidentalDeletion $true } GetScript = { return @{result = 'N/A'} } } } } |