Merge Dev into Master Build 1.1.0.0 (#33)

* Active directory access entry (#28) * initial ActiveDirectoryAccessEntry resource * updates to ActiveDirectoryAccessEntry resource * ActiveDirectoryAccessEntry unit test; resource fixes * updated readme; added example; mof fixes * version rev * AuditRule fixes * Updated issue with ACLRules not always being an array when trying to add additional objects. Updated issue where Expected.Rules might only be a single object while trying to call a Where extension method. (#31) * Rights guid (#32) * Updated ActiveDirectoryAccessEntry example with a valid ADRights value Refactored Get-SchemaGuidId helper function to Get-DelegationRightsGuid so it returns schemaGuids and rightsGuids * typo corrections * Update Get-SchemaObjectName to resolve SchemaGuids and RightsGuids * Added $guidmap to Get-SchemaObjectName * Added $rootDse to Get-SchemaObjectName
mcollera · Feb 9, 2018 · 6ec7813 · 6ec7813
1 parent 4ed46c3
commit 6ec7813
Show file tree

Hide file tree

Showing 14 changed files with 1,138 additions and 71 deletions.
diff --git a/AccessControlDsc.psd1 b/AccessControlDsc.psd1
@@ -8,7 +8,7 @@
 
 @{
     # Version number of this module.
-    ModuleVersion = '1.0.0.0'
+    ModuleVersion = '1.1.0.0'
 
     # ID used to uniquely identify this module
     GUID = 'a544c26f-3f96-4c1e-8351-1604867aafc5'

diff --git a/DscResources/AccessControlResourceHelper/AccessControlResourceHelper.psm1 b/DscResources/AccessControlResourceHelper/AccessControlResourceHelper.psm1
@@ -118,3 +118,79 @@ function ConvertTo-SID
     }
 
 }
+
+function Assert-Module
+{
+    [CmdletBinding()]
+    param
+    (
+        [Parameter()]
+        [ValidateNotNullOrEmpty()]
+        [System.String]
+        $ModuleName
+    )
+
+    if (-not (Get-Module -Name $ModuleName -ListAvailable))
+    {
+        $errorId = '{0}_ModuleNotFound' -f $ModuleName;
+        $errorMessage = $localizedString.RoleNotFoundError -f $ModuleName;
+        ThrowInvalidOperationError -ErrorId $errorId -ErrorMessage $errorMessage;
+    }
+} 
+
+function Get-DelegationRightsGuid
+{
+    Param 
+    (
+        [Parameter()]
+        [string]
+        $ObjectName
+    )
+
+    if($ObjectName)
+    {
+        # Create a hashtable to store the GUID value of each schemaGuids and rightsGuids
+        $guidmap = @{}
+        $rootdse = Get-ADRootDSE
+        Get-ADObject -SearchBase ($rootdse.SchemaNamingContext) -LDAPFilter "(schemaidguid=*)" -Properties Name,schemaIDGUID | 
+            Foreach-Object -Process { $guidmap[$_.Name] = [System.GUID]$_.schemaIDGUID }
+
+        Get-ADObject -SearchBase ($rootdse.ConfigurationNamingContext) -LDAPFilter "(&(objectclass=controlAccessRight)(rightsguid=*))" -Properties Name,rightsGuid | 
+            Foreach-Object -Process { $guidmap[$_.Name] = [System.GUID]$_.rightsGuid }
+
+        return [system.guid]$guidmap[$ObjectName]
+    }
+    else
+    {
+        return [system.guid]"00000000-0000-0000-0000-000000000000"
+    }
+}
+
+function Get-SchemaObjectName
+{
+    Param
+    (
+        [Parameter()]
+        [guid]
+        $SchemaIdGuid
+    )
+
+    if($SchemaIdGuid)
+    {
+        $guidmap = @{}
+        $rootdse = Get-ADRootDSE
+        Get-ADObject -SearchBase ($rootdse.SchemaNamingContext) -LDAPFilter "(schemaidguid=*)" -Properties Name,schemaIDGUID | 
+            Foreach-Object -Process { $guidmap[$_.Name] = [System.GUID]$_.schemaIDGUID }
+
+        Get-ADObject -SearchBase ($rootdse.ConfigurationNamingContext) -LDAPFilter "(&(objectclass=controlAccessRight)(rightsguid=*))" -Properties Name,rightsGuid | 
+            Foreach-Object -Process { $guidmap[$_.Name] = [System.GUID]$_.rightsGuid }
+
+        # This is to address the edge case where one guid resolves to multiple names ex. f3a64788-5306-11d1-a9c5-0000f80367c1 resolves to Service-Principal-Name,Validated-SPN
+        $names = ( $guidmap.GetEnumerator() | Where-Object -FilterScript { $_.Value -eq $SchemaIdGuid } ).Name
+        return $names -join ','
+    }
+    else
+    {
+        return "none"
+    }
+}