DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof

[ClassVersion("1.0.0")]
class MSFT_MicrosoftGraphMember
{
    [Write, Description("Identity of member. For users, specify a UserPrincipalName. For groups, devices and serviceprincipals, specify DisplayName")] String Identity;
    [Write, Description("Specify User, Group or Device to interpret the identity for Members. Specify User, Group or ServicePrincipal for ScopedRoleMembers."), ValueMap{"User", "Group", "Device", "ServicePrincipal"}, Values{"User", "Group", "Device", "ServicePrincipal"}] String Type;
};
[ClassVersion("1.0.0")]
class MSFT_MicrosoftGraphScopedRoleMembership
{
    [Write, Description("Name of the Azure AD Role that is assigned. See https://learn.microsoft.com/en-us/azure/active-directory/roles/admin-units-assign-roles#roles-that-can-be-assigned-with-administrative-unit-scope")] String RoleName;
    [Write, Description("Member that is assigned the scoped role. Note: Any groups must be role-enabled"), EmbeddedInstance("MSFT_MicrosoftGraphMember")] String RoleMemberInfo;
};
 
[ClassVersion("1.0.0.0"), FriendlyName("AADAdministrativeUnit")]
class MSFT_AADAdministrativeUnit : OMI_BaseResource
{
    [Key, Description("DisplayName of the Administrative Unit")] String DisplayName;
    [Write, Description("Object-Id of the Administrative Unit")] String Id;
    [Write, Description("Description of the Administrative Unit")] String Description;
    [Write, Description("Visibility of the Administrative Unit. Specify HiddenMembership if members of the AU are hidden")] String Visibility;
    [Write, Description("Specify membership type. Possible values are Assigned and Dynamic. Note that the functionality is currently in preview.")] String MembershipType;
    [Write, Description("Specify membership rule. Requires that MembershipType is set to Dynamic. Note that the functionality is currently in preview.")] String MembershipRule;
    [Write, Description("Specify dynamic membership-rule processing-state. Valid values are 'On' and 'Paused'. Requires that MembershipType is set to Dynamic. Note that the functionality is currently in preview.")] String MembershipRuleProcessingState;
    [Write, Description("Specify members. Only specify if MembershipType is NOT set to Dynamic"), EmbeddedInstance("MSFT_MicrosoftGraphMember")] String Members[];
    [Write, Description("Specify Scoped Role Membership. Note: Any groups must be role-enabled"), EmbeddedInstance("MSFT_MicrosoftGraphScopedRoleMembership")] String ScopedRoleMembers[];
    [Write, Description("Present ensures the Administrative Unit exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure;
    [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
    [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
    [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;
    [Write, Description("Secret of the Azure Active Directory application to authenticate with."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret;
    [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint;
    [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
};