DSCResources/MSFT_SPIrmSettings/MSFT_SPIrmSettings.psm1

function Get-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Collections.Hashtable])]
    param
    (
        [parameter(Mandatory = $true)]  [System.String] [ValidateSet("Present","Absent")] $Ensure,
        [parameter(Mandatory = $false)] [System.Boolean] $UseADRMS,
        [parameter(Mandatory = $false)] [System.String] $RMSserver,
        [parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] $InstallAccount
    )
    
   write-verbose "Getting SharePoint IRM Settings"
    
   $result = Invoke-SPDSCCommand -Credential $InstallAccount -Arguments $PSBoundParameters -ScriptBlock {
        $params = $args[0]
        
        try {
            $spFarm = Get-SPFarm
        } catch {
            Write-Verbose -Verbose "No local SharePoint farm was detected. IRM settings will not be applied"
            return @{ 
                    Ensure = "Absent" 
                    UseADRMS =  $UseADRMS
                    RMSserver = $RMSserver 
                   }
        }

        # Get a reference to the Administration WebService
        $admService = Get-SPDSCContentService
        
        if ($admService.IrmSettings.IrmRMSEnabled)
         { $Ensure = "Present" }
        else
         { $Ensure = "Absent" }
         
        
        return @{
            Ensure = $Ensure  
            UseADRMS =  $admService.IrmSettings.IrmRMSUseAD
            RMSserver = $admService.IrmSettings.IrmRMSCertServer
        }       
      
   } 
    
   return $Result 
}


function Set-TargetResource
{
    [CmdletBinding()]
    param
    (
        [parameter(Mandatory = $true)]  [System.String] [ValidateSet("Present","Absent")] $Ensure,
        [parameter(Mandatory = $false)] [System.Boolean] $UseADRMS,
        [parameter(Mandatory = $false)] [System.String] $RMSserver,
        [parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] $InstallAccount
    )
    
    write-verbose "Applying SharePoint IRM settings"
     
    Invoke-SPDSCCommand -Credential $InstallAccount -Arguments $PSBoundParameters -ScriptBlock {
        $params = $args[0]

        try {
            $spFarm = Get-SPFarm
        } catch {
            throw "No local SharePoint farm was detected. IRM settings will not be applied"
            return
        }
        
        $admService = Get-SPDSCContentService
        
        if ($params.UseADRMS -and ($null -ne $params.RMSserver)) {
            throw "Cannot specify both an RMSserver and set UseADRMS to True"
        }
        
        if ($params.UseADRMS -ne $true) { $params.UseADRMS = $false }
        
        if ($params.Ensure -eq "Present")
        {
            $admService.IrmSettings.IrmRMSEnabled = $true
            $admService.IrmSettings.IrmRMSUseAD = $params.UseADRMS
            $admService.IrmSettings.IrmRMSCertServer = $params.RMSserver 
        } else {
            $admService.IrmSettings.IrmRMSEnabled = $false
            $admService.IrmSettings.IrmRMSUseAD = $false 
            $admService.IrmSettings.IrmRMSCertServer = $null
        }
        
        $admService.Update() 
        
    }
}


function Test-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Boolean])]
    param
    (
        [parameter(Mandatory = $true)]  [System.String] [ValidateSet("Present","Absent")] $Ensure,
        [parameter(Mandatory = $false)] [System.Boolean] $UseADRMS,
        [parameter(Mandatory = $false)] [System.String] $RMSserver,
        [parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] $InstallAccount
    )
    
    Write-Verbose "Testing SharePoint IRM settings"
    
    $CurrentValues = Get-TargetResource @PSBoundParameters

    if ($null -eq $CurrentValues) { return $false }

    if ($UseADRMS -ne $true) { $PSBoundParameters.UseADRMS = $false }

    return Test-SPDscParameterState -CurrentValues $CurrentValues -DesiredValues $PSBoundParameters
    
}

Export-ModuleMember -Function *-TargetResource