-
Notifications
You must be signed in to change notification settings - Fork 24
/
Copy pathgroup.ps1
89 lines (82 loc) · 2.95 KB
/
group.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
#!powershell
# Copyright: (c) 2023, Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#AnsibleRequires -CSharpUtil Ansible.Basic
#AnsibleRequires -PowerShell ..module_utils._ADObject
$setParams = @{
PropertyInfo = @(
[PSCustomObject]@{
Name = 'category'
Option = @{
choices = 'distribution', 'security'
type = 'str'
}
Attribute = 'GroupCategory'
CaseInsensitive = $true
}
[PSCustomObject]@{
Name = 'homepage'
Option = @{ type = 'str' }
Attribute = 'Homepage'
}
[PSCustomObject]@{
Name = 'managed_by'
Option = @{ type = 'str' }
Attribute = 'ManagedBy'
DNLookup = $true
}
[PSCustomObject]@{
Name = 'members'
Option = @{ type = 'add_remove_set' }
Attribute = 'member'
DNLookup = $true
IsRawAttribute = $true
# If the group is part of the CN=Builtin groups, it cannot
# use -Replace. This ensures it always uses -Add/-Remove when
# setting a changed value to handle this.
# https://github.com/ansible-collections/microsoft.ad/issues/130
SupportsReplace = $false
}
[PSCustomObject]@{
Name = 'sam_account_name'
Option = @{ type = 'str' }
Attribute = 'sAMAccountName'
}
[PSCustomObject]@{
Name = 'scope'
Option = @{
choices = 'domainlocal', 'global', 'universal'
type = 'str'
}
Attribute = 'GroupScope'
CaseInsensitive = $true
}
)
ModuleNoun = 'ADGroup'
DefaultPath = {
param($Module, $ADParams)
$GUID_USERS_CONTAINER_W = 'A9D1CA15768811D1ADED00C04FD8D5CD'
$defaultNamingContext = (Get-ADRootDSE @ADParams -Properties defaultNamingContext).defaultNamingContext
Get-ADObject @ADParams -Identity $defaultNamingContext -Properties wellKnownObjects |
Select-Object -ExpandProperty wellKnownObjects |
Where-Object { $_.StartsWith("B:32:$($GUID_USERS_CONTAINER_W):") } |
ForEach-Object Substring 38
}
PreAction = {
param ($Module, $ADParams, $ADObject)
if ($Module.Params.state -eq 'present' -and (-not $Module.Params.scope) -and (-not $ADObject)) {
$Module.FailJson("scope must be set when state=present and the group does not exist")
}
}
PostAction = {
param($Module, $ADParams, $ADObject)
if ($ADObject) {
$Module.Result.sid = $ADObject.SID.Value
}
elseif ($Module.Params.state -eq 'present') {
# Use dummy value for check mode when creating a new user
$Module.Result.sid = 'S-1-5-0000'
}
}
}
Invoke-AnsibleADObject @setParams