DSCResources/MSFT_SPUserProfileProperty/MSFT_SPUserProfileProperty.psm1
function Get-TargetResource { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] param ( [parameter(Mandatory = $true)] [System.string] $Name , [parameter(Mandatory = $false)] [ValidateSet("Present","Absent")] [System.String] $Ensure = "Present", [parameter(Mandatory = $true)] [System.string] $UserProfileService , [parameter(Mandatory = $false)] [System.string] $DisplayName , [parameter(Mandatory = $false)] [ValidateSet("BigInteger", "Binary", "Boolean", "Date", "DateNoYear", "DateTime", "Email", "Float", "Guid", "HTML", "Integer", "Person", "String", "StringMultiValue", "TimeZone", "URL")] [System.string] $Type , [parameter(Mandatory = $false)] [System.string] $Description , [parameter(Mandatory = $false)] [ValidateSet("Mandatory", "Optin","Optout", "Disabled")] [System.string] $PolicySetting , [parameter(Mandatory = $false)] [ValidateSet("Public", "Contacts", "Organization", "Manager", "Private")] [System.string] $PrivacySetting , [parameter(Mandatory = $false)] [System.string] $MappingConnectionName , [parameter(Mandatory = $false)] [System.string] $MappingPropertyName , [parameter(Mandatory = $false)] [System.string] $MappingDirection , [parameter(Mandatory = $false)] [System.uint32] $Length , [parameter(Mandatory = $false)] [System.uint32] $DisplayOrder , [parameter(Mandatory = $false)] [System.Boolean] $IsEventLog , [parameter(Mandatory = $false)] [System.Boolean] $IsVisibleOnEditor , [parameter(Mandatory = $false)] [System.Boolean] $IsVisibleOnViewer , [parameter(Mandatory = $false)] [System.Boolean] $IsUserEditable , [parameter(Mandatory = $false)] [System.Boolean] $IsAlias , [parameter(Mandatory = $false)] [System.Boolean] $IsSearchable, [parameter(Mandatory = $false)] [System.Boolean] $UserOverridePrivacy , [parameter(Mandatory = $false)] [System.string] $TermStore , [parameter(Mandatory = $false)] [System.string] $TermGroup , [parameter(Mandatory = $false)] [System.string] $TermSet , [parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] $InstallAccount ) Write-Verbose -Message "Getting user profile service application $Name" $result = Invoke-SPDSCCommand -Credential $InstallAccount -Arguments $PSBoundParameters -ScriptBlock { $params = $args[0] $upsa = Get-SPServiceApplication -Name $params.UserProfileService -ErrorAction SilentlyContinue $nullReturn = @{ Name = $params.Name UserProfileService = $params.UserProfileService Ensure = "Absent" } if ($null -eq $upsa) { return $nullReturn } $caURL = (Get-SpWebApplication -IncludeCentralAdministration | ?{$_.IsAdministrationWebApplication -eq $true }).Url $context = Get-SPServiceContext -Site $caURL $userProfileConfigManager = new-object Microsoft.Office.Server.UserProfiles.UserProfileConfigManager($context) $userProfileSubTypeManager = Get-SPDSCUserProfileSubTypeManager $context $userProfileSubType = $userProfileSubTypeManager.GetProfileSubtype("UserProfile") $userProfileProperty = $userProfileSubType.Properties.GetPropertyByName($params.Name) if($null -eq $userProfileProperty ){ return $nullReturn } $termSet = @{ TermSet = "" TermGroup ="" TermStore = "" } if($userProfileProperty.CoreProperty.TermSet -ne $null) { $termSet.TermSet = $userProfileProperty.CoreProperty.TermSet.Name $termSet.TermGroup = $userProfileProperty.CoreProperty.TermSet.Group.Name $termSet.TermStore = $userProfileProperty.CoreProperty.TermSet.TermStore.Name } $mapping = @{ ConectionName = "" PropertyName ="" Direction = "" } $syncConnection = $userProfileConfigManager.ConnectionManager | ? {$_.PropertyMapping.Item($params.Name) -ne $null} if($syncConnection -ne $null) { $currentMapping = $syncConnection.PropertyMapping.Item($params.Name) if($currentMapping -ne $null) { $mapping.Direction = "Import" $mapping.ConnectionName = $params.MappingConnectionName if($currentMapping.IsExport) { $mapping.Direction = "Export" } $mapping.PropertyName = $currentMapping.DataSourcePropertyName } } return @{ Name = $userProfileProperty.Name UserProfileServiceAppName = $params.UserProfileService DisplayName = $userProfileProperty.DisplayName Type = $userProfileProperty.CoreProperty.Type Description = $userProfileProperty.Description PolicySetting = $userProfileProperty.PrivacyPolicy PrivacySetting = $userProfileProperty.DefaultPrivacy MappingConnectionName = $mapping.ConnectionName MappingPropertyName = $mapping.PropertyName MappingDirection = $Mapping.Direction Length = $userProfileProperty.CoreProperty.Length DisplayOrder =$userProfileProperty.DisplayOrder IsEventLog =$userProfileProperty.TypeProperty.IsEventLog IsVisibleOnEditor=$userProfileProperty.TypeProperty.IsVisibleOnEditor IsVisibleOnViewer =$userProfileProperty.TypeProperty.IsVisibleOnViewer IsUserEditable = $userProfileProperty.IsUserEditable IsAlias = $userProfileProperty.IsAlias IsSearchable = $userProfileProperty.CoreProperty.IsSearchable TermStore = $termSet.TermStore TermGroup = $termSet.TermGroup TermSet = $termSet.TermSet UserOverridePrivacy = $userProfileProperty.AllowPolicyOverride Ensure = "Present" } } return $result } function Set-TargetResource { [CmdletBinding()] param ( [parameter(Mandatory = $true)] [System.string ] $Name , [parameter(Mandatory = $false)] [ValidateSet("Present","Absent")] [System.String] $Ensure = "Present", [parameter(Mandatory = $true)] [System.string ] $UserProfileService , [parameter(Mandatory = $false)] [System.string ] $DisplayName , [parameter(Mandatory = $false)] [ValidateSet("BigInteger", "Binary", "Boolean", "Date", "DateNoYear", "DateTime", "Email", "Float", "Guid", "HTML", "Integer", "Person", "String", "StringMultiValue", "TimeZone", "URL")][System.string ] $Type , [parameter(Mandatory = $false)] [System.string ] $Description , [parameter(Mandatory = $false)] [ValidateSet("Mandatory", "Optin","Optout", "Disabled")] [System.string ] $PolicySetting , [parameter(Mandatory = $false)] [ValidateSet("Public", "Contacts", "Organization", "Manager", "Private")] [System.string ] $PrivacySetting , [parameter(Mandatory = $false)] [System.string ] $MappingConnectionName , [parameter(Mandatory = $false)] [System.string ] $MappingPropertyName , [parameter(Mandatory = $false)] [System.string ] $MappingDirection , [parameter(Mandatory = $false)] [System.uint32] $Length , [parameter(Mandatory = $false)] [System.uint32] $DisplayOrder , [parameter(Mandatory = $false)] [System.Boolean] $IsEventLog , [parameter(Mandatory = $false)] [System.Boolean] $IsVisibleOnEditor , [parameter(Mandatory = $false)] [System.Boolean] $IsVisibleOnViewer , [parameter(Mandatory = $false)] [System.Boolean] $IsUserEditable , [parameter(Mandatory = $false)] [System.Boolean] $IsAlias , [parameter(Mandatory = $false)] [System.Boolean] $IsSearchable, [parameter(Mandatory = $false)] [System.Boolean] $UserOverridePrivacy , [parameter(Mandatory = $false)] [System.string ] $TermStore , [parameter(Mandatory = $false)] [System.string ] $TermGroup , [parameter(Mandatory = $false)] [System.string ] $TermSet , [parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] $InstallAccount ) #note for integration test: CA can take a couple of minutes to notice the change. don't try refreshing properties page. go through from a fresh "flow" from Service apps page :) Write-Verbose -Message "Creating user profile property $Name" $PSBoundParameters.Ensure = $Ensure $test = $PSBoundParameters Invoke-SPDSCCommand -Credential $InstallAccount -Arguments $test -ScriptBlock { $params = $args[0] #region Validating parameter combinations if( ($params.ContainsKey("TermSet") -or $params.ContainsKey("TermGroup") -or $params.ContainsKey("TermSet") ) -and ($params.ContainsKey("TermSet") -and $params.ContainsKey("TermGroup") -and $params.ContainsKey("TermSet") -eq $false ) ) { throw "You have to provide all 3 parameters Termset, TermGroup and TermStore when providing any of the 3." } #what if combination property type + termstore isn't possible? if($params.ContainsKey("TermSet") -and (@("string","stringmultivalue").Contains($params.Type.ToLower()) -eq $false) ){ throw "Only String and String Maultivalue can use Termsets" } #endregion #region setting up objects $ups = Get-SPServiceApplication -Name $params.UserProfileService -ErrorAction SilentlyContinue If ($null -eq $ups) { return $null } $caURL = (Get-SpWebApplication -IncludeCentralAdministration | ?{$_.IsAdministrationWebApplication -eq $true }).Url $context = Get-SPServiceContext $caURL $userProfileConfigManager = new-object Microsoft.Office.Server.UserProfiles.UserProfileConfigManager($context) if($null -eq $userProfileConfigManager) { #if config manager returns when ups is available then isuee is permissions throw "account running process needs admin permissions on the user profile service application" } $coreProperties = $userProfileConfigManager.ProfilePropertyManager.GetCoreProperties() $userProfilePropertyManager = $userProfileConfigManager.ProfilePropertyManager $userProfileTypeProperties = $userProfilePropertyManager.GetProfileTypeProperties([Microsoft.Office.Server.UserProfiles.ProfileType]::User) $userProfileSubTypeManager = Get-SPDSCUserProfileSubTypeManager $context $userProfileSubType = $userProfileSubTypeManager.GetProfileSubtype("UserProfile") $userProfileSubTypeProperties = $userProfileSubType.Properties #endregion $userProfileProperty = $userProfileSubType.Properties.GetPropertyByName($params.Name) if($userProfileProperty -ne $null -and $userProfileProperty.CoreProperty.Type -ne $params.Type ) { throw "Can't change property type. Current Type is $($userProfileProperty.CoreProperty.Type)" } #region retrieving term set $termSet =$null #Get-TermSet if ($params.ContainsKey("TermSet")) { $currentTermSet=$userProfileProperty.CoreProperty.TermSet; if($currentTermSet.Name -ne $params.TermSet -or $currentTermSet.Group.Name -ne $params.TermGroup -or $currentTermSet.TermStore.Name -ne $params.TermStore){ $session = new-Object Microsoft.SharePoint.Taxonomy.TaxonomySession($caURL); $termStore = $session.TermStores[$params.TermStore]; if($termStore -eq $null) { throw "Term Store $($params.termStore) not found" } $group = $termStore.Groups[$params.TermGroup]; if($group -eq $null) { throw "Term Group $($params.termGroup) not found" } $termSet = $group.TermSets[$params.TermSet]; if($termSet -eq $null) { throw "Term Set $($params.termSet) not found" } } } #endregion #Ensure-Property $params if( $params.ContainsKey("Ensure") -and $params.Ensure -eq "Absent"){ if($userProfileProperty -ne $null) { $coreProperties.RemovePropertyByName($params.Name) return; } } elseif($userProfileProperty -eq $null){ #region creating property $coreProperty = $coreProperties.Create($false) $coreProperty.Name = $params.Name $coreProperty.DisplayName = $params.DisplayName Set-SPDSCObjectPropertyIfValueExists -ObjectToSet $coreProperty -PropertyToSet "Length" -ParamsValue $params -ParamKey "Length" if($params.Type.ToLower() -eq "stringmultivalue") { $coreProperty.IsMultivalued =$true; } $coreProperty.Type = $params.Type if($termSet -ne $null){ $coreProperty.TermSet = $termSet } $CoreProperties.Add($coreProperty) $upTypeProperty = $userProfileTypeProperties.Create($coreProperty) $userProfileTypeProperties.Add($upTypeProperty) $upSubProperty = $userProfileSubTypeProperties.Create($UPTypeProperty) $userProfileSubTypeProperties.Add($upSubProperty) Sleep -Milliseconds 100 $userProfileProperty = $userProfileSubType.Properties.GetPropertyByName($params.Name) #return $userProfileProperty #endregion } #region setting up properties #update-property $userProfileProperty $params $termSet $coreProperty = $userProfileProperty.CoreProperty $userProfileTypeProperty = $userProfileProperty.TypeProperty Set-SPDSCObjectPropertyIfValueExists -ObjectToSet $coreProperty -PropertyToSet "DisplayName" -ParamsValue $params -ParamKey "DisplayName" Set-SPDSCObjectPropertyIfValueExists -ObjectToSet $coreProperty -PropertyToSet "Description" -ParamsValue $params -ParamKey "Description" Set-SPDSCObjectPropertyIfValueExists -ObjectToSet $userProfileTypeProperty -PropertyToSet "IsVisibleOnViewer" -ParamsValue $params -ParamKey "IsVisibleOnViewer" Set-SPDSCObjectPropertyIfValueExists -ObjectToSet $userProfileTypeProperty -PropertyToSet "IsVisibleOnEditor" -ParamsValue $params -ParamKey "IsVisibleOnEditor" Set-SPDSCObjectPropertyIfValueExists -ObjectToSet $userProfileTypeProperty -PropertyToSet "IsEventLog" -ParamsValue $params -ParamKey "IsEventLog" Set-SPDSCObjectPropertyIfValueExists -ObjectToSet $userProfileProperty -PropertyToSet "DefaultPrivacy" -ParamsValue $params -ParamKey "PrivacySetting" Set-SPDSCObjectPropertyIfValueExists -ObjectToSet $userProfileProperty -PropertyToSet "PrivacyPolicy" -ParamsValue $params -ParamKey "PolicySetting" Set-SPDSCObjectPropertyIfValueExists -ObjectToSet $userProfileProperty -PropertyToSet "IsUserEditable" -ParamsValue $params -ParamKey "IsUserEditable" Set-SPDSCObjectPropertyIfValueExists -ObjectToSet $userProfileProperty -PropertyToSet "UserOverridePrivacy" -ParamsValue $params -ParamKey "UserOverridePrivacy" if($termSet -ne $null){ $coreProperty.TermSet = $termSet } #endregion $userProfileProperty.CoreProperty.Commit() $userProfileTypeProperty.Commit() $userProfileProperty.Commit() #/Ensure-Property #region display order # Set-DisplayOrder if($params.ContainsKey("DisplayOrder")) { $profileManager = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager($context) $profileManager.Properties.SetDisplayOrderByPropertyName($params.Name,$params.DisplayOrder) $profileManager.Properties.CommitDisplayOrder() } #endregion #region mapping #Set-Mapping if($params.ContainsKey("MappingConnectionName") -and $params.ContainsKey("MappingPropertyName")){ $syncConnection = $userProfileConfigManager.ConnectionManager | Where-Object { $_.DisplayName -eq $params.MappingConnectionName} if($null -eq $syncConnection ) { throw "connection not found" } $syncConnection = $userProfileConfigManager.ConnectionManager| Where-Object { $_.DisplayName -eq $params.MappingConnectionName} #$userProfileConfigManager.ConnectionManager[$params.MappingConnectionName] $currentMapping = $syncConnection.PropertyMapping.Item($params.Name) if($currentMapping -eq $null -or ($currentMapping.DataSourcePropertyName -ne $params.MappingPropertyName) -or ($currentMapping.IsImport -and $params.ContainsKey("MappingDirection") -and $params.MappingDirection -eq "Export") ){ if($currentMapping -ne $null ){ $currentMapping.Delete() #API allows updating, but UI doesn't do that. } $export = $params.ContainsKey("MappingDirection") -and $params.MappingDirection -eq "Export" if ($Connection.Type -eq "ActiveDirectoryImport"){ if($export){ throw "not implemented" }else{ $Connection.AddPropertyMapping($params.MappingPropertyName,$params.Name) $Connection.Update() } }else{ if ($export){ $syncConnection.PropertyMapping.AddNewExportMapping([Microsoft.Office.Server.UserProfiles.ProfileType]::User,$params.Name,$params.MappingPropertyName) }else{ $syncConnection.PropertyMapping.AddNewMapping([Microsoft.Office.Server.UserProfiles.ProfileType]::User,$params.Name,$params.MappingPropertyName) } } } } #endregion } } function Test-TargetResource { [CmdletBinding()] [OutputType([System.Boolean])] param ( [parameter(Mandatory = $true)] [System.string ] $Name , [parameter(Mandatory = $false)] [ValidateSet("Present","Absent")] [System.String] $Ensure = "Present", [parameter(Mandatory = $true)] [System.string ] $UserProfileService , [parameter(Mandatory = $false)] [System.string ] $DisplayName , [parameter(Mandatory = $false)] [ValidateSet("BigInteger", "Binary", "Boolean", "Date", "DateNoYear", "DateTime", "Email", "Float", "Guid", "HTML", "Integer", "Person", "String", "StringMultiValue", "TimeZone", "URL")][System.string ] $Type , [parameter(Mandatory = $false)] [System.string ] $Description , [parameter(Mandatory = $false)] [ValidateSet("Mandatory","Optin","Optout","Disabled")] [System.string ] $PolicySetting , [parameter(Mandatory = $false)] [ValidateSet("Public","Contacts","Organization","Manager","Private")] [System.string ] $PrivacySetting , [parameter(Mandatory = $false)] [System.string ] $MappingConnectionName , [parameter(Mandatory = $false)] [System.string ] $MappingPropertyName , [parameter(Mandatory = $false)] [System.string ] $MappingDirection , [parameter(Mandatory = $false)] [System.uint32] $Length , [parameter(Mandatory = $false)] [System.uint32] $DisplayOrder , [parameter(Mandatory = $false)] [System.Boolean] $IsEventLog , [parameter(Mandatory = $false)] [System.Boolean] $IsVisibleOnEditor , [parameter(Mandatory = $false)] [System.Boolean] $IsVisibleOnViewer , [parameter(Mandatory = $false)] [System.Boolean] $IsUserEditable , [parameter(Mandatory = $false)] [System.Boolean] $IsAlias , [parameter(Mandatory = $false)] [System.Boolean] $IsSearchable, [parameter(Mandatory = $false)] [System.Boolean] $UserOverridePrivacy , [parameter(Mandatory = $false)] [System.string ] $TermStore , [parameter(Mandatory = $false)] [System.string ] $TermGroup , [parameter(Mandatory = $false)] [System.string ] $TermSet , [parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] $InstallAccount ) $CurrentValues = Get-TargetResource @PSBoundParameters Write-Verbose -Message "Testing for user profile property $Name" $PSBoundParameters.Ensure = $Ensure if ($Ensure -eq "Present") { return Test-SPDSCSpecificParameters -CurrentValues $CurrentValues -DesiredValues $PSBoundParameters -ValuesToCheck @("Name","DisplayName","Type", "Description", "PolicySetting", "PrivacySetting","MappingConnectionName","MappingPropertyName", "MappingDirection", "Length", "DisplayOrder", "IsEventLog", "IsVisibleOnEditor", "IsVisibleOnViewer","IsUserEditable", "IsAlias", "IsSearchabe", "UserOverridePrivacy", "TermGroup", "TermStore", "TermSet", "Ensure") } else { return Test-SPDSCSpecificParameters -CurrentValues $CurrentValues -DesiredValues $PSBoundParameters -ValuesToCheck @("Ensure") } } Export-ModuleMember -Function *-TargetResource |