DSCResources/AddsProtectFromAccidentalDeletion/AddsProtectFromAccidentalDeletion.schema.psm1

configuration AddsProtectFromAccidentalDeletion
{
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingPlainTextForPassword')]

    param
    (
        [Parameter()]
        [Boolean]
        $ProtectDomain = $false,

        [Parameter()]
        [Boolean]
        $ProtectOrgUnit = $false,

        [Parameter()]
        [String]
        $FilterOrgUnit = '*',

        [Parameter()]
        [Boolean]
        $ProtectUser = $false,

        [Parameter()]
        [String]
        $FilterUser = '*',

        [Parameter()]
        [Boolean]
        $ProtectGroup = $false,

        [Parameter()]
        [String]
        $FilterGroup = '*',

        [Parameter()]
        [Boolean]
        $ProtectComputer = $false,

        [Parameter()]
        [String]
        $FilterComputer = '*',

        [Parameter()]
        [Boolean]
        $ProtectFineGrainedPasswordPolicy = $false,

        [Parameter()]
        [String]
        $FilterFineGrainedPasswordPolicy = '*',

        [Parameter()]
        [Boolean]
        $ProtectReplicationSite = $false,

        [Parameter()]
        [String]
        $FilterReplicationSite = '*'
    )

    Import-DscResource -ModuleName PSDesiredStateConfiguration

    if ( $ProtectDomain -eq $true )
    {
        Script AddsProtectADDomain
        {
            TestScript = {
                $cnt = (Get-ADDomain | `
                            Get-ADObject -Properties ProtectedFromAccidentalDeletion | `
                                Where-Object { $_.ProtectedFromAccidentalDeletion -ne $true } | `
                                    Measure-Object).Count

                Write-Verbose "Unprotected ADDomains: $cnt"

                return ($cnt -eq 0)
            }
            SetScript  = {
                Get-ADDomain | Set-ADObject -ProtectedFromAccidentalDeletion $true
            }
            GetScript  = { return `@ {
                    result = 'N/A'
                }
            }
        }
    }

    if ( $ProtectOrgUnit -eq $true )
    {
        Script AddsProtectOrgUnit
        {
            TestScript = {
                $cnt = (Get-ADOrganizationalUnit -Filter $using:FilterOrgUnit | `
                            Get-ADObject -Properties ProtectedFromAccidentalDeletion | `
                                Where-Object { $_.ProtectedFromAccidentalDeletion -ne $true } | `
                                    Measure-Object).Count

                Write-Verbose "Unprotected ADOrganizationalUnits: $cnt"

                return ($cnt -eq 0)
            }
            SetScript  = {
                Get-ADOrganizationalUnit -Filter $using:FilterOrgUnit | Set-ADObject -ProtectedFromAccidentalDeletion $true
            }
            GetScript  = { return `
                @{
                    result = 'N/A'
                }
            }
        }
    }

    if ( $ProtectUser -eq $true )
    {
        Script AddsProtectUser
        {
            TestScript = {
                $cnt = (Get-ADUser -Filter $using:FilterUser | `
                            Get-ADObject -Properties ProtectedFromAccidentalDeletion | `
                                Where-Object { $_.ProtectedFromAccidentalDeletion -ne $true } | `
                                    Measure-Object).Count

                Write-Verbose "Unprotected ADUsers: $cnt"

                return ($cnt -eq 0)
            }
            SetScript  = {
                Get-ADUser -Filter $using:FilterUser | Set-ADObject -ProtectedFromAccidentalDeletion $true
            }
            GetScript  = { return `@{
                result = 'N/A'
             }
            }
        }
    }

    if ( $ProtectGroup -eq $true )
    {
        Script AddsProtectGroup
        {
            TestScript = {
                $cnt = (Get-ADGroup -Filter $using:FilterGroup | `
                            Get-ADObject -Properties ProtectedFromAccidentalDeletion | `
                                Where-Object { $_.ProtectedFromAccidentalDeletion -ne $true } | `
                                    Measure-Object).Count

                Write-Verbose "Unprotected ADGroups: $cnt"

                return ($cnt -eq 0)
            }
            SetScript  = {
                Get-ADGroup -Filter $using:FilterGroup | Set-ADObject -ProtectedFromAccidentalDeletion $true
            }
            GetScript  = { return `
                @{
                    result = 'N/A'
                }
            }
        }
    }

    if ( $ProtectComputer -eq $true )
    {
        Script AddsProtectComputer
        {
            TestScript = {
                $cnt = (Get-ADComputer -Filter $using:FilterComputer | `
                            Get-ADObject -Properties ProtectedFromAccidentalDeletion | `
                                Where-Object { $_.ProtectedFromAccidentalDeletion -ne $true } | `
                                    Measure-Object).Count

                Write-Verbose "Unprotected ADComputers: $cnt"

                return ($cnt -eq 0)
            }
            SetScript  = {
                Get-ADComputer -Filter $using:FilterComputer | Set-ADObject -ProtectedFromAccidentalDeletion $true
            }
            GetScript  = { return `
                @{
                    result = 'N/A'
                }
            }
        }
    }

    if ( $ProtectFineGrainedPasswordPolicy -eq $true )
    {
        Script AddsProtectFineGrainedPasswordPolicy
        {
            TestScript = {
                $cnt = (Get-ADFineGrainedPasswordPolicy -Filter $using:FilterFineGrainedPasswordPolicy | `
                            Get-ADObject -Properties ProtectedFromAccidentalDeletion | `
                                Where-Object { $_.ProtectedFromAccidentalDeletion -ne $true } | `
                                    Measure-Object).Count

                Write-Verbose "Unprotected ADFineGrainedPasswordPolicies: $cnt"

                return ($cnt -eq 0)
            }
            SetScript  = {
                Get-ADFineGrainedPasswordPolicy -Filter $using:FilterFineGrainedPasswordPolicy | Set-ADObject -ProtectedFromAccidentalDeletion $true
            }
            GetScript  = { return `
                @{
                    result = 'N/A'
                }
            }
        }
    }

    if ($ProtectReplicationSite -eq $true)
    {
        Script AddsProtectReplicationSite
        {
            TestScript = {
                $cnt = (Get-ADReplicationSite -Filter $using:FilterReplicationSite | `
                            Get-ADObject -Properties ProtectedFromAccidentalDeletion | `
                                Where-Object { $_.ProtectedFromAccidentalDeletion -ne $true } | `
                                    Measure-Object).Count

                Write-Verbose "Unprotected ADReplicationSites: $cnt"

                return ($cnt -eq 0)
            }
            SetScript  = {
                Get-ADReplicationSite -Filter $using:FilterReplicationSite | Set-ADObject -ProtectedFromAccidentalDeletion $true
            }
            GetScript  = { return `
                @{
                    result = 'N/A'
                }
            }
        }
    }
}