DSCResources/MSFT_SPUserProfileProperty/MSFT_SPUserProfileProperty.psm1
function Get-TargetResource { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] param ( [Parameter(Mandatory = $true)] [System.string] $Name, [Parameter()] [ValidateSet("Present", "Absent")] [System.String] $Ensure = "Present", [Parameter(Mandatory = $true)] [System.string] $UserProfileService, [Parameter()] [System.string] $DisplayName, [Parameter()] [ValidateSet("Big Integer", "Binary", "Boolean", "Date", "DateNoYear", "Date Time", "Email", "Float", "HTML", "Integer", "Person", "String (Single Value)", "String (Multi Value)", "TimeZone", "Unique Identifier", "URL")] [System.string] $Type, [Parameter()] [System.string] $Description, [Parameter()] [ValidateSet("Mandatory", "Optin", "Optout", "Disabled")] [System.string] $PolicySetting, [Parameter()] [ValidateSet("Public", "Contacts", "Organization", "Manager", "Private")] [System.string] $PrivacySetting, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $PropertyMappings, [Parameter()] [System.uint32] $Length, [Parameter()] [System.uint32] $DisplayOrder, [Parameter()] [System.Boolean] $IsEventLog, [Parameter()] [System.Boolean] $IsVisibleOnEditor, [Parameter()] [System.Boolean] $IsVisibleOnViewer, [Parameter()] [System.Boolean] $IsUserEditable, [Parameter()] [System.Boolean] $IsAlias, [Parameter()] [System.Boolean] $IsSearchable, [Parameter()] [System.Boolean] $UserOverridePrivacy, [Parameter()] [System.string] $TermStore, [Parameter()] [System.string] $TermGroup, [Parameter()] [System.string] $TermSet, [Parameter()] [System.Management.Automation.PSCredential] $InstallAccount ) Write-Verbose -Message "Getting user profile property $Name" $result = Invoke-SPDSCCommand -Credential $InstallAccount ` -Arguments $PSBoundParameters ` -ScriptBlock { $params = $args[0] $upsa = Get-SPServiceApplication -Name $params.UserProfileService ` -ErrorAction SilentlyContinue $nullReturn = @{ Name = $params.Name UserProfileService = $params.UserProfileService Ensure = "Absent" } if ($null -eq $upsa) { return $nullReturn } $caURL = (Get-SPWebApplication -IncludeCentralAdministration | Where-Object -FilterScript { $_.IsAdministrationWebApplication -eq $true }).Url $context = Get-SPServiceContext -Site $caURL $userProfileSubTypeManager = Get-SPDSCUserProfileSubTypeManager -Context $context $userProfileSubType = $userProfileSubTypeManager.GetProfileSubtype("UserProfile") $userProfileProperty = $userProfileSubType.Properties.GetPropertyByName($params.Name) if ($null -eq $userProfileProperty) { return $nullReturn } $termSet = @{ TermSet = "" TermGroup = "" TermStore = "" } if ($null -ne $userProfileProperty.CoreProperty.TermSet) { $termSet.TermSet = $userProfileProperty.CoreProperty.TermSet.Name $termSet.TermGroup = $userProfileProperty.CoreProperty.TermSet.Group.Name $termSet.TermStore = $userProfileProperty.CoreProperty.TermSet.TermStore.Name } $userProfilePropertyMappings = @() $userProfileConfigManager = New-Object -TypeName "Microsoft.Office.Server.UserProfiles.UserProfileConfigManager" ` -ArgumentList $context if ($null -eq $userProfileConfigManager.ConnectionManager) { return $nullReturn } foreach ($propertyMapping in $params.PropertyMappings) { try { $connection = $userProfileConfigManager.ConnectionManager[$propertyMapping.ConnectionName] # This only works with SharePoint 2013 and AD Sync Connections. $syncConnection = $connection | Where-Object -FilterScript { $null -ne $_.PropertyMapping -and $null -ne $_.PropertyMapping.Item($params.Name) } if ($null -ne $syncConnection) { # This code will only be reached with SP 2013 and AD Sync Connections. $currentMapping = $syncConnection.PropertyMapping.Item($params.Name) if ($null -ne $currentMapping) { $mapping = @{} $mapping.Direction = "Import" $mapping.ConnectionName = $params.MappingConnectionName if ($currentMapping.IsExport) { $mapping.Direction = "Export" } $mapping.PropertyName = $currentMapping.DataSourcePropertyName $userProfilePropertyMappings += (New-CimInstance -ClassName MSFT_SPUserProfilePropertyMapping -ClientOnly -Property @{ ConnectionName = $propertyMapping.ConnectionName PropertyName = $mapping.ConnectionName Direction = $mapping.Direction }) } } else { # This code is for SP 2013, 2016 and 2019 with AD Import Connections. if ($connection.Type -eq "ActiveDirectoryImport") { try { $adImportConnection = [Microsoft.Office.Server.UserProfiles.ActiveDirectoryImportConnection]$connection } catch [Exception] { $adImportConnection = $connection } $propertyFlags = [System.Reflection.BindingFlags]::Instance -bor ` [System.Reflection.BindingFlags]::NonPublic $propMembers = $adImportConnection.GetType().GetMethods($propertyFlags) $adImportPropertyMappingsMethod = $propMembers | Where-Object -FilterScript { $_.Name -eq "ADImportPropertyMappings" } $propertyMappings = $adImportPropertyMappingsMethod.Invoke($adImportConnection, $null) $propertyMappings | ForEach-Object -Process { $currentMappingMembers = $_.GetType().GetMembers($propertyFlags) $profileProperty = $currentMappingMembers | Where-Object -FilterScript { $_.Name -eq "ProfileProperty" } if ($null -ne $profileProperty) { $profilePropertyValue = $profileProperty.GetValue($_) if ($profilePropertyValue -eq $params.Name) { $adAttributeProperty = $currentMappingMembers | Where-Object -FilterScript { $_.Name -eq "ADAttribute" } if ($null -ne $adAttributeProperty) { $userProfilePropertyMappings += (New-CimInstance -ClassName MSFT_SPUserProfilePropertyMapping -ClientOnly -Property @{ ConnectionName = $propertyMapping.ConnectionName PropertyName = $adAttributeProperty.GetValue($_) Direction = "Import" }) } } } } } } } catch [Exception] { Write-Verbose "An unecpexted error occured. Please report an issue! $_" } } return @{ Name = $userProfileProperty.Name UserProfileService = $params.UserProfileService DisplayName = $userProfileProperty.DisplayName Type = $userProfileProperty.CoreProperty.Type Description = $userProfileProperty.Description PolicySetting = $userProfileProperty.PrivacyPolicy PrivacySetting = $userProfileProperty.DefaultPrivacy PropertyMappings = $userProfilePropertyMappings Length = $userProfileProperty.CoreProperty.Length DisplayOrder = $userProfileProperty.DisplayOrder IsEventLog = $userProfileProperty.TypeProperty.IsEventLog IsVisibleOnEditor = $userProfileProperty.TypeProperty.IsVisibleOnEditor IsVisibleOnViewer = $userProfileProperty.TypeProperty.IsVisibleOnViewer IsUserEditable = $userProfileProperty.IsUserEditable IsAlias = $userProfileProperty.IsAlias IsSearchable = $userProfileProperty.CoreProperty.IsSearchable TermStore = $termSet.TermStore TermGroup = $termSet.TermGroup TermSet = $termSet.TermSet UserOverridePrivacy = $userProfileProperty.UserOverridePrivacy Ensure = "Present" } } return $result } function Set-TargetResource { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [System.string] $Name, [Parameter()] [ValidateSet("Present", "Absent")] [System.String] $Ensure = "Present", [Parameter(Mandatory = $true)] [System.string] $UserProfileService, [Parameter()] [System.string] $DisplayName, [Parameter()] [ValidateSet("Big Integer", "Binary", "Boolean", "Date", "DateNoYear", "Date Time", "Email", "Float", "HTML", "Integer", "Person", "String (Single Value)", "String (Multi Value)", "TimeZone", "Unique Identifier", "URL")] [System.string] $Type, [Parameter()] [System.string] $Description, [Parameter()] [ValidateSet("Mandatory", "Optin", "Optout", "Disabled")] [System.string] $PolicySetting, [Parameter()] [ValidateSet("Public", "Contacts", "Organization", "Manager", "Private")] [System.string] $PrivacySetting, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $PropertyMappings, [Parameter()] [System.uint32] $Length, [Parameter()] [System.uint32] $DisplayOrder, [Parameter()] [System.Boolean] $IsEventLog, [Parameter()] [System.Boolean] $IsVisibleOnEditor, [Parameter()] [System.Boolean] $IsVisibleOnViewer, [Parameter()] [System.Boolean] $IsUserEditable, [Parameter()] [System.Boolean] $IsAlias, [Parameter()] [System.Boolean] $IsSearchable, [Parameter()] [System.Boolean] $UserOverridePrivacy, [Parameter()] [System.string] $TermStore, [Parameter()] [System.string] $TermGroup, [Parameter()] [System.string] $TermSet, [Parameter()] [System.Management.Automation.PSCredential] $InstallAccount ) # Note for integration test: CA can take a couple of minutes to notice the change. don't try # refreshing properties page. Go through from a fresh "flow" from Service apps page Write-Verbose -Message "Setting user profile property $Name" $PSBoundParameters.Ensure = $Ensure Invoke-SPDSCCommand -Credential $InstallAccount ` -Arguments $PSBoundParameters ` -ScriptBlock { $params = $args[0] if ( ($params.ContainsKey("TermSet") ` -or $params.ContainsKey("TermGroup") ` -or $params.ContainsKey("TermSet") ) ` -and ($params.ContainsKey("TermSet") ` -and $params.ContainsKey("TermGroup") ` -and $params.ContainsKey("TermSet") -eq $false) ) { throw ("You have to provide all 3 parameters Termset, TermGroup and TermStore " + ` "when providing any of the 3.") } if ($params.ContainsKey("TermSet") ` -and (@("string (single value)", "string (multi value)").Contains($params.Type.ToLower()) -eq $false)) { throw "Only String and String Multivalue can use Termsets" } $ups = Get-SPServiceApplication -Name $params.UserProfileService ` -ErrorAction SilentlyContinue if ($null -eq $ups) { return $null } $caURL = (Get-SPWebApplication -IncludeCentralAdministration | Where-Object -FilterScript { $_.IsAdministrationWebApplication -eq $true }).Url $context = Get-SPServiceContext $caURL $userProfileConfigManager = New-Object -TypeName "Microsoft.Office.Server.UserProfiles.UserProfileConfigManager" ` -ArgumentList $context if ($null -eq $userProfileConfigManager) { #if config manager returns when ups is available then isuee is permissions throw ("Account running process needs admin permissions on the user profile " + ` "service application") } $coreProperties = $userProfileConfigManager.ProfilePropertyManager.GetCoreProperties() $userProfileSubTypeManager = Get-SPDSCUserProfileSubTypeManager $context $userProfileSubType = $userProfileSubTypeManager.GetProfileSubtype("UserProfile") $userProfileProperty = $userProfileSubType.Properties.GetPropertyByName($params.Name) if ($null -ne $userProfileProperty -and $params.ContainsKey("Type") ` -and $userProfileProperty.CoreProperty.Type -ne $params.Type) { throw ("Can't change property type. Current Type is " + ` "$($userProfileProperty.CoreProperty.Type)") } $termSet = $null if ($params.ContainsKey("TermSet")) { $currentTermSet = $userProfileProperty.CoreProperty.TermSet; if ($currentTermSet.Name -ne $params.TermSet -or $currentTermSet.Group.Name -ne $params.TermGroup -or $currentTermSet.TermStore.Name -ne $params.TermStore) { $session = New-Object -TypeName Microsoft.SharePoint.Taxonomy.TaxonomySession ` -ArgumentList $caURL $termStore = $session.TermStores[$params.TermStore] if ($null -eq $termStore) { throw "Term Store $($params.termStore) not found" } $group = $termStore.Groups[$params.TermGroup] if ($null -eq $group) { throw "Term Group $($params.termGroup) not found" } $termSet = $group.TermSets[$params.TermSet] if ($null -eq $termSet) { throw "Term Set $($params.termSet) not found" } } } if ($params.ContainsKey("Ensure") -and $params.Ensure -eq "Absent") { if ($null -ne $userProfileProperty) { $coreProperties.RemovePropertyByName($params.Name) return } } elseif ($null -eq $userProfileProperty) { $coreProperty = $coreProperties.Create($false) $coreProperty.Name = $params.Name $coreProperty.DisplayName = $params.DisplayName Set-SPDscObjectPropertyIfValuePresent -ObjectToSet $coreProperty ` -PropertyToSet "Length" ` -ParamsValue $params ` -ParamKey "Length" if ($params.Type -eq "String (Multi Value)") { $coreProperty.IsMultivalued = $true } $coreProperty.Type = $params.Type if ($null -ne $termSet) { $coreProperty.TermSet = $termSet } $userProfilePropertyManager = $userProfileConfigManager.ProfilePropertyManager $userProfileTypeProperties = $userProfilePropertyManager.GetProfileTypeProperties([Microsoft.Office.Server.UserProfiles.ProfileType]::User) $userProfileSubTypeProperties = $userProfileSubType.Properties $CoreProperties.Add($coreProperty) $upTypeProperty = $userProfileTypeProperties.Create($coreProperty) $userProfileTypeProperties.Add($upTypeProperty) $upSubProperty = $userProfileSubTypeProperties.Create($UPTypeProperty) $userProfileSubTypeProperties.Add($upSubProperty) Start-Sleep -Milliseconds 100 $userProfileProperty = $userProfileSubType.Properties.GetPropertyByName($params.Name) } $coreProperty = $userProfileProperty.CoreProperty $userProfileTypeProperty = $userProfileProperty.TypeProperty Set-SPDscObjectPropertyIfValuePresent -ObjectToSet $coreProperty ` -PropertyToSet "DisplayName" ` -ParamsValue $params ` -ParamKey "DisplayName" Set-SPDscObjectPropertyIfValuePresent -ObjectToSet $coreProperty ` -PropertyToSet "Description" ` -ParamsValue $params ` -ParamKey "Description" Set-SPDscObjectPropertyIfValuePresent -ObjectToSet $userProfileTypeProperty ` -PropertyToSet "IsVisibleOnViewer" ` -ParamsValue $params ` -ParamKey "IsVisibleOnViewer" Set-SPDscObjectPropertyIfValuePresent -ObjectToSet $userProfileTypeProperty ` -PropertyToSet "IsVisibleOnEditor" ` -ParamsValue $params ` -ParamKey "IsVisibleOnEditor" Set-SPDscObjectPropertyIfValuePresent -ObjectToSet $userProfileTypeProperty ` -PropertyToSet "IsEventLog" ` -ParamsValue $params ` -ParamKey "IsEventLog" Set-SPDscObjectPropertyIfValuePresent -ObjectToSet $coreProperty ` -PropertyToSet "IsSearchable" ` -ParamsValue $params ` -ParamKey "IsSearchable" Set-SPDscObjectPropertyIfValuePresent -ObjectToSet $userProfileProperty ` -PropertyToSet "DefaultPrivacy" ` -ParamsValue $params ` -ParamKey "PrivacySetting" Set-SPDscObjectPropertyIfValuePresent -ObjectToSet $userProfileProperty ` -PropertyToSet "PrivacyPolicy" ` -ParamsValue $params ` -ParamKey "PolicySetting" Set-SPDscObjectPropertyIfValuePresent -ObjectToSet $userProfileProperty ` -PropertyToSet "IsUserEditable" ` -ParamsValue $params ` -ParamKey "IsUserEditable" Set-SPDscObjectPropertyIfValuePresent -ObjectToSet $userProfileProperty ` -PropertyToSet "UserOverridePrivacy" ` -ParamsValue $params ` -ParamKey "UserOverridePrivacy" if ($termSet) { $coreProperty.TermSet = $termSet } $userProfileProperty.CoreProperty.Commit() $userProfileTypeProperty.Commit() $userProfileProperty.Commit() if ($params.ContainsKey("DisplayOrder")) { $profileManager = New-Object -TypeName "Microsoft.Office.Server.UserProfiles.UserProfileManager" ` -ArgumentList $context $profileManager.Properties.SetDisplayOrderByPropertyName($params.Name, $params.DisplayOrder) $profileManager.Properties.CommitDisplayOrder() } if ($params.ContainsKey("PropertyMappings")) { foreach ($propertyMapping in $params.PropertyMappings) { $syncConnection = $userProfileConfigManager.ConnectionManager[$propertyMapping.ConnectionName] if ($null -eq $syncConnection) { throw "connection not found" } if ($null -ne $syncConnection.PropertyMapping) { $currentMapping = $syncConnection.PropertyMapping.Item($params.Name) } if ($null -eq $currentMapping ` -or ($currentMapping.DataSourcePropertyName -ne $propertyMapping.PropertyName) ` -or ($currentMapping.IsImport ` -and $propertyMapping.Direction -eq "Export") ) { if ($null -ne $currentMapping) { $currentMapping.Delete() #API allows updating, but UI doesn't do that. } $export = $propertyMapping.Direction -eq "Export" if ($syncConnection.Type -eq "ActiveDirectoryImport") { if ($export) { throw "not implemented" } else { $syncConnection.AddPropertyMapping($propertyMapping.PropertyName, $params.Name) $syncConnection.Update() } } else { if ($export) { $syncConnection.PropertyMapping.AddNewExportMapping([Microsoft.Office.Server.UserProfiles.ProfileType]::User, $params.Name, $propertyMapping.PropertyName) } else { $syncConnection.PropertyMapping.AddNewMapping([Microsoft.Office.Server.UserProfiles.ProfileType]::User, $params.Name, $propertyMapping.PropertyName) } } } } } } } function Test-TargetResource { [CmdletBinding()] [OutputType([System.Boolean])] param ( [Parameter(Mandatory = $true)] [System.string] $Name, [Parameter()] [ValidateSet("Present", "Absent")] [System.String] $Ensure = "Present", [Parameter(Mandatory = $true)] [System.string] $UserProfileService, [Parameter()] [System.string] $DisplayName, [Parameter()] [ValidateSet("Big Integer", "Binary", "Boolean", "Date", "DateNoYear", "Date Time", "Email", "Float", "HTML", "Integer", "Person", "String (Single Value)", "String (Multi Value)", "TimeZone", "Unique Identifier", "URL")] [System.string] $Type, [Parameter()] [System.string] $Description, [Parameter()] [ValidateSet("Mandatory", "Optin", "Optout", "Disabled")] [System.string] $PolicySetting, [Parameter()] [ValidateSet("Public", "Contacts", "Organization", "Manager", "Private")] [System.string] $PrivacySetting, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $PropertyMappings, [Parameter()] [System.uint32] $Length, [Parameter()] [System.uint32] $DisplayOrder, [Parameter()] [System.Boolean] $IsEventLog, [Parameter()] [System.Boolean] $IsVisibleOnEditor, [Parameter()] [System.Boolean] $IsVisibleOnViewer, [Parameter()] [System.Boolean] $IsUserEditable, [Parameter()] [System.Boolean] $IsAlias, [Parameter()] [System.Boolean] $IsSearchable, [Parameter()] [System.Boolean] $UserOverridePrivacy, [Parameter()] [System.string] $TermStore, [Parameter()] [System.string] $TermGroup, [Parameter()] [System.string] $TermSet, [Parameter()] [System.Management.Automation.PSCredential] $InstallAccount ) Write-Verbose -Message "Testing for user profile property $Name" $PSBoundParameters.Ensure = $Ensure $CurrentValues = Get-TargetResource @PSBoundParameters if ($Ensure -eq "Present") { return Test-SPDscParameterState -CurrentValues $CurrentValues ` -DesiredValues $PSBoundParameters ` -ValuesToCheck @("Name", "DisplayName", "Type", "Description", "PolicySetting", "PrivacySetting", "PropertyMappings", "Length", "DisplayOrder", "IsEventLog", "IsVisibleOnEditor", "IsVisibleOnViewer", "IsUserEditable", "IsAlias", "IsSearchabe", "UserOverridePrivacy", "TermGroup", "TermStore", "TermSet", "Ensure") } else { return Test-SPDscParameterState -CurrentValues $CurrentValues ` -DesiredValues $PSBoundParameters ` -ValuesToCheck @("Ensure") } } Export-ModuleMember -Function *-TargetResource |