DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.schema.mof
/*
**Description** This resource is responsible for ensuring that the user profile sync service has been provisioned (Ensure = "Present") or is not running (Ensure = "Absent") on the current server. This resource uses the InstallAccount to validate the current state only, the set method which will do the provisioning uses the FarmAccount to do the actual work - this means that CredSSP authentication will need to be permitted to allow a connection to the local server. To allow successful provisioning the farm account must be in the local administrators group, however it is not best practice to leave this account in the Administrators group. Therefore this resource will add the FarmAccount credential to the local administrators group at the beginning of the set method, and then remove it once it has completed its work. **Example** SPUserProfileSyncService UserProfileSyncService { UserProfileServiceAppName = "User Profile Service Application" Ensure = "Present" FarmAccount = $FarmAccount RunOnlyWhenWriteable = $true InstallAccount = $InstallAccount } */ [ClassVersion("1.0.0.0"), FriendlyName("SPUserProfileSyncService")] class MSFT_SPUserProfileSyncService : OMI_BaseResource { [Key, Description("The name of the user profile service for this sync instance")] string UserProfileServiceAppName; [Write, Description("Present to ensure the service is running, absent to ensure it is not"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Required, Description("The farm account, which is needed to provision the service app"), EmbeddedInstance("MSFT_Credential")] String FarmAccount; [Write, Description("Should the sync service only run when the user profile database is in a writeable state?")] Boolean RunOnlyWhenWriteable; [Write, Description("POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsAccount if using PowerShell 5"), EmbeddedInstance("MSFT_Credential")] String InstallAccount; }; |