diff --git a/.gitattributes b/.gitattributes index 547657769..770aeb622 100644 --- a/.gitattributes +++ b/.gitattributes @@ -6,4 +6,6 @@ *.jpg binary *.xl* binary *.pfx binary +*.png binary *.dll binary +*.so binary diff --git a/.github/ISSUE_TEMPLATE/Problem_with_resource.md b/.github/ISSUE_TEMPLATE/Problem_with_resource.md deleted file mode 100644 index 3da140be0..000000000 --- a/.github/ISSUE_TEMPLATE/Problem_with_resource.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -name: Problem with a resource -about: If you have a problem, bug, or enhancement with a resource in this resource module. ---- - -#### Details of the scenario you tried and the problem that is occurring - -#### Verbose logs showing the problem - -#### Suggested solution to the issue - -#### The DSC configuration that is used to reproduce the issue (as detailed as possible) -```powershell -# insert configuration here -``` - -#### The operating system the target node is running - - -#### Version and build of PowerShell the target node is running - - -#### Version of the DSC module that was used - - diff --git a/.github/ISSUE_TEMPLATE/Problem_with_resource.yml b/.github/ISSUE_TEMPLATE/Problem_with_resource.yml new file mode 100644 index 000000000..ab1928b9e --- /dev/null +++ b/.github/ISSUE_TEMPLATE/Problem_with_resource.yml @@ -0,0 +1,97 @@ +name: Problem with a resource +description: If you have a problem, bug, or enhancement with a resource in this resource module. +labels: [] +assignees: [] +body: + - type: markdown + attributes: + value: | + Please prefix the issue title (above) with the resource name, e.g. 'ResourceName: Short description of my issue'! + + Your feedback and support is greatly appreciated, thanks for contributing! + - type: textarea + id: description + attributes: + label: Problem description + description: Details of the scenario you tried and the problem that is occurring. + validations: + required: true + - type: textarea + id: logs + attributes: + label: Verbose logs + description: | + Verbose logs showing the problem. **NOTE! Sensitive information should be obfuscated.** _Will be automatically formatted as plain text._ + placeholder: | + Paste verbose logs here + render: text + validations: + required: true + - type: textarea + id: configuration + attributes: + label: DSC configuration + description: | + The DSC configuration that is used to reproduce the issue (as detailed as possible). **NOTE! Sensitive information should be obfuscated.** _Will be automatically formatted as PowerShell code._ + placeholder: | + Paste DSC configuration here + render: powershell + validations: + required: true + - type: textarea + id: suggestedSolution + attributes: + label: Suggested solution + description: Do you have any suggestions how to solve the issue? + validations: + required: true + - type: textarea + id: targetSPVersion + attributes: + label: SharePoint version and build + description: | + Please provide version and build information of the SharePoint Server the target node is running. _Will be automatically formatted as plain text._ + placeholder: | + Add SharePoint Server information here + render: text + validations: + required: true + - type: textarea + id: targetNodeOS + attributes: + label: Operating system the target node is running + description: | + Please provide as much as possible about the target node, for example edition, version, build, and language. _Will be automatically formatted as plain text._ + + On OS with WMF 5.1 the following command can help get this information: `Get-ComputerInfo -Property @('OsName','OsOperatingSystemSKU','OSArchitecture','WindowsVersion','WindowsBuildLabEx','OsLanguage','OsMuiLanguages')` + placeholder: | + Add operating system information here + render: text + validations: + required: true + - type: textarea + id: targetNodePS + attributes: + label: PowerShell version and build the target node is running + description: | + Please provide the version and build of PowerShell the target node is running. _Will be automatically formatted as plain text._ + + To help with this information, please run this command: `$PSVersionTable` + placeholder: | + Add PowerShell information here + render: text + validations: + required: true + - type: textarea + id: moduleVersion + attributes: + label: SharePointDsc version + description: | + Please provide the version of the SharePointDsc module that was used. _Will be automatically formatted as plain text._ + + To help with this information, please run this command: `Get-Module -Name 'SharePointDsc' -ListAvailable | ft Name,Version,Path` + placeholder: | + Add module information here + render: text + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/Resource_proposal.md b/.github/ISSUE_TEMPLATE/Resource_proposal.md deleted file mode 100644 index 9f2a069a0..000000000 --- a/.github/ISSUE_TEMPLATE/Resource_proposal.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -name: New resource proposal -about: If you have a new resource proposal that you think should be added to this resource module. ---- - -### Description - -### Proposed properties - -### Special considerations or limitations diff --git a/.github/ISSUE_TEMPLATE/Resource_proposal.yml b/.github/ISSUE_TEMPLATE/Resource_proposal.yml new file mode 100644 index 000000000..2ddd09860 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/Resource_proposal.yml @@ -0,0 +1,39 @@ +name: New resource proposal +description: If you have a new resource proposal that you think should be added to this resource module. +title: "NewResourceName: New resource proposal" +labels: [] +assignees: [] +body: + - type: markdown + attributes: + value: | + Please replace `NewResourceName` in the issue title (above) with your proposed resource name. + + Thank you for contributing and making this resource module better! + - type: textarea + id: description + attributes: + label: Resource proposal + description: Provide information how this resource will/should work and how it will help users. + validations: + required: true + - type: textarea + id: proposedProperties + attributes: + label: Proposed properties + description: | + List all the proposed properties that the resource should have (key, required, write, and/or read). For each property provide a detailed description, the data type, if a default value should be used, and if the property is limited to a set of values. + value: | + Property | Type qualifier | Data type | Description | Default value | Allowed values + --- | --- | --- | --- | --- | --- + PropertyName | Key | String | Detailed description | None | None + validations: + required: true + - type: textarea + id: considerations + attributes: + label: Special considerations or limitations + description: | + Provide any considerations or limitations you can think of that a contributor should take in account when coding the proposed resource, and or what limitations a user will encounter or should consider when using the proposed resource. + validations: + required: true diff --git a/CHANGELOG.md b/CHANGELOG.md index e7d63cde8..261d1ec1e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,11 +9,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - SharePointDsc - Added generic unit tests files to quickly run all or a specific unit test + - Updated pipeline scripts to a recent version - SPTrustedIdentityTokenIssuer - Added parameters to support OIDC authentication in SharePoint Server Subscription Edition +- SPWebAppPeoplePickerSettings + - Added the PeopleEditorOnlyResolveWithinSiteCollection parameter to the resource ### Changed +- SharePointDsc + - Updated ReverseDsc version requirement to 2.0.0.10 to fix an issue + with Exporting an array of CIM instances - SPFarm - Suppress a useless reboot that was triggered once a server joined the farm - Suppress a useless 5 minutes sleep triggered once a server joined the farm diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index f9ba8cf65..d7589ddbb 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,9 +1,3 @@ -# Microsoft Open Source Code of Conduct +# Code of Conduct -This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). - -Resources: - -- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/) -- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) -- Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns +This project has adopted the [DSC Community Code of Conduct](https://dsccommunity.org/code_of_conduct). diff --git a/RequiredModules.psd1 b/RequiredModules.psd1 index 1ea9b203e..61b6d83b9 100644 --- a/RequiredModules.psd1 +++ b/RequiredModules.psd1 @@ -26,5 +26,5 @@ xWebAdministration = '3.1.0' # Required for Export of Config - ReverseDSC = "2.0.0.7" + ReverseDSC = "2.0.0.10" } diff --git a/Resolve-Dependency.ps1 b/Resolve-Dependency.ps1 index 760df2398..a8c6b4d10 100644 --- a/Resolve-Dependency.ps1 +++ b/Resolve-Dependency.ps1 @@ -290,7 +290,14 @@ try if ($PSBoundParameters.ContainsKey('MinimumPSDependVersion')) { - $psDependModule = $psDependModule | Where-Object -Property -eq $MinimumPSDependVersion + try + { + $psDependModule = $psDependModule | Where-Object -FilterScript { $_.Version -ge $MinimumPSDependVersion } + } + catch + { + throw ('There was a problem finding the minimum version of PSDepend. Error: {0}' -f $_) + } } if (-not $psDependModule) @@ -328,6 +335,7 @@ try Name = 'PSDepend' Repository = $Gallery Path = $PSDependTarget + Force = $true } if ($MinimumPSDependVersion) @@ -371,6 +379,7 @@ try Name = 'PowerShell-Yaml' Repository = $Gallery Path = $PSDependTarget + Force = $true } Save-Module @SaveModuleParam diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..7bd7bc20f --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,30 @@ +## Security + +The DSC Community takes the security of our modules seriously, which includes all source code repositories managed through our GitHub organization. + +If you believe you have found a security vulnerability in any DSC Community owned repository, please report it to us as described below. + +## Reporting Security Issues + +**Please do not report security vulnerabilities through public GitHub issues.** + +Instead, please report them to one or several members of the DSC Community organization. +The easiest way to do so is to send us a direct message via twitter or slack. + +You should receive a response within 48 hours. If for some reason you do not, please follow up to other member of the community. + +Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: + + * Type of issue + * Full paths of source file(s) related to the manifestation of the issue + * The location of the affected source code (tag/branch/commit or direct URL) + * Any special configuration required to reproduce the issue + * Step-by-step instructions to reproduce the issue + * Proof-of-concept or exploit code (if possible) + * Impact of the issue, including how an attacker might exploit the issue + +This information will help us triage your report more quickly. + +## Preferred Languages + +We prefer all communications to be in English. diff --git a/SharePointDsc/DSCResources/MSFT_SPLogLevel/MSFT_SPLogLevel.psm1 b/SharePointDsc/DSCResources/MSFT_SPLogLevel/MSFT_SPLogLevel.psm1 index 8839ddedc..78528f039 100644 --- a/SharePointDsc/DSCResources/MSFT_SPLogLevel/MSFT_SPLogLevel.psm1 +++ b/SharePointDsc/DSCResources/MSFT_SPLogLevel/MSFT_SPLogLevel.psm1 @@ -405,7 +405,7 @@ function Export-TargetResource $currentBlock = Convert-DSCStringParamToVariable -DSCBlock $currentBlock -ParameterName "PsDscRunAsCredential" # Change hashtable format into CIM Instance format - $currentBlock = $currentBlock -replace "@{", "`r`n MSFT_SPLogLevelItem {" -replace '}', '},' -replace ',\);', "`r`n );" -replace '(\w+)=', '$1="' -replace '; ', '"; ' -replace '}', '"}' + $currentBlock = $currentBlock -replace "@{", "`r`n MSFT_SPLogLevelItem {" -replace '\);', "`r`n );" -replace '(\w+)=', '$1="' -replace '; ', '"; ' -replace '}', '"}' $PartialContent += $currentBlock $PartialContent += " }`r`n" diff --git a/SharePointDsc/DSCResources/MSFT_SPWebAppPeoplePickerSettings/MSFT_SPWebAppPeoplePickerSettings.psm1 b/SharePointDsc/DSCResources/MSFT_SPWebAppPeoplePickerSettings/MSFT_SPWebAppPeoplePickerSettings.psm1 index 6bf43fbbc..96e776b69 100644 --- a/SharePointDsc/DSCResources/MSFT_SPWebAppPeoplePickerSettings/MSFT_SPWebAppPeoplePickerSettings.psm1 +++ b/SharePointDsc/DSCResources/MSFT_SPWebAppPeoplePickerSettings/MSFT_SPWebAppPeoplePickerSettings.psm1 @@ -24,6 +24,10 @@ function Get-TargetResource [System.Boolean] $OnlySearchWithinSiteCollection, + [Parameter()] + [System.Boolean] + $PeopleEditorOnlyResolveWithinSiteCollection, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $SearchActiveDirectoryDomains @@ -61,12 +65,13 @@ function Get-TargetResource } return @{ - WebAppUrl = $params.WebAppUrl - ActiveDirectoryCustomFilter = $wa.PeoplePickerSettings.ActiveDirectoryCustomFilter - ActiveDirectoryCustomQuery = $wa.PeoplePickerSettings.ActiveDirectoryCustomQuery - ActiveDirectorySearchTimeout = $wa.PeoplePickerSettings.ActiveDirectorySearchTimeout.TotalSeconds - OnlySearchWithinSiteCollection = $wa.PeoplePickerSettings.OnlySearchWithinSiteCollection - SearchActiveDirectoryDomains = $searchADDomains + WebAppUrl = $params.WebAppUrl + ActiveDirectoryCustomFilter = $wa.PeoplePickerSettings.ActiveDirectoryCustomFilter + ActiveDirectoryCustomQuery = $wa.PeoplePickerSettings.ActiveDirectoryCustomQuery + ActiveDirectorySearchTimeout = $wa.PeoplePickerSettings.ActiveDirectorySearchTimeout.TotalSeconds + OnlySearchWithinSiteCollection = $wa.PeoplePickerSettings.OnlySearchWithinSiteCollection + PeopleEditorOnlyResolveWithinSiteCollection = $wa.PeoplePickerSettings.PeopleEditorOnlyResolveWithinSiteCollection + SearchActiveDirectoryDomains = $searchADDomains } } return $result @@ -98,6 +103,10 @@ function Set-TargetResource [System.Boolean] $OnlySearchWithinSiteCollection, + [Parameter()] + [System.Boolean] + $PeopleEditorOnlyResolveWithinSiteCollection, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $SearchActiveDirectoryDomains @@ -155,6 +164,14 @@ function Set-TargetResource } } + if ($params.ContainsKey("PeopleEditorOnlyResolveWithinSiteCollection")) + { + if ($params.PeopleEditorOnlyResolveWithinSiteCollection -ne $wa.PeoplePickerSettings.PeopleEditorOnlyResolveWithinSiteCollection) + { + $wa.PeoplePickerSettings.PeopleEditorOnlyResolveWithinSiteCollection = $params.PeopleEditorOnlyResolveWithinSiteCollection + } + } + if ($params.ContainsKey("SearchActiveDirectoryDomains")) { foreach ($searchADDomain in $params.SearchActiveDirectoryDomains) @@ -250,6 +267,10 @@ function Test-TargetResource [System.Boolean] $OnlySearchWithinSiteCollection, + [Parameter()] + [System.Boolean] + $PeopleEditorOnlyResolveWithinSiteCollection, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $SearchActiveDirectoryDomains @@ -306,7 +327,8 @@ function Test-TargetResource -ValuesToCheck @("ActiveDirectoryCustomFilter", ` "ActiveDirectoryCustomQuery", ` "ActiveDirectorySearchTimeout", ` - "OnlySearchWithinSiteCollection") + "OnlySearchWithinSiteCollection", + "PeopleEditorOnlyResolveWithinSiteCollection") Write-Verbose -Message "Test-TargetResource returned $result" diff --git a/SharePointDsc/DSCResources/MSFT_SPWebAppPeoplePickerSettings/MSFT_SPWebAppPeoplePickerSettings.schema.mof b/SharePointDsc/DSCResources/MSFT_SPWebAppPeoplePickerSettings/MSFT_SPWebAppPeoplePickerSettings.schema.mof index d11075c76..fd2bdf8c7 100644 --- a/SharePointDsc/DSCResources/MSFT_SPWebAppPeoplePickerSettings/MSFT_SPWebAppPeoplePickerSettings.schema.mof +++ b/SharePointDsc/DSCResources/MSFT_SPWebAppPeoplePickerSettings/MSFT_SPWebAppPeoplePickerSettings.schema.mof @@ -13,5 +13,6 @@ class MSFT_SPWebAppPeoplePickerSettings : OMI_BaseResource [Write, Description("Sets the custom query that is sent to Active Directory")] String ActiveDirectoryCustomQuery; [Write, Description("Sets the time-out in seconds when a query is issued to Active Directory")] Uint16 ActiveDirectorySearchTimeout; [Write, Description("Specifies whether to search only the current site collection")] Boolean OnlySearchWithinSiteCollection; + [Write, Description("Specifies whether to check the user against the existing site collection users")] Boolean PeopleEditorOnlyResolveWithinSiteCollection; [Write, Description("List of all domains/forests that must be searched"), EmbeddedInstance("MSFT_SPWebAppPPSearchDomain")] String SearchActiveDirectoryDomains[]; }; diff --git a/SharePointDsc/Modules/SharePointDsc.Util/SharePointDsc.Util.psm1 b/SharePointDsc/Modules/SharePointDsc.Util/SharePointDsc.Util.psm1 index 4616e9901..a4d13b065 100644 --- a/SharePointDsc/Modules/SharePointDsc.Util/SharePointDsc.Util.psm1 +++ b/SharePointDsc/Modules/SharePointDsc.Util/SharePointDsc.Util.psm1 @@ -1582,8 +1582,8 @@ function Export-SPConfiguration $BinaryLocation ) - $reverseDSCVersion = [Version]"2.0.0.7" - $reverseDSCModule = Get-Module ReverseDsc -ListAvailable | Where-Object -FilterScript { $_.Version -eq $reverseDSCVersion } + $reverseDSCVersion = [Version]"2.0.0.10" + $reverseDSCModule = Get-Module ReverseDsc -ListAvailable | Where-Object -FilterScript { $_.Version -ge $reverseDSCVersion } if ($null -eq $reverseDSCModule) { Write-Host "[ERROR} ReverseDsc v$($reverseDSCVersion.ToString()) could not be found. Make sure you have this module installed before running this cmdlet!" -ForegroundColor Red diff --git a/SharePointDsc/SharePointDsc.psd1 b/SharePointDsc/SharePointDsc.psd1 index b23d28db9..cdf92a3ff 100644 --- a/SharePointDsc/SharePointDsc.psd1 +++ b/SharePointDsc/SharePointDsc.psd1 @@ -48,12 +48,7 @@ # ProcessorArchitecture = '' # Modules that must be imported into the global environment prior to importing this module - # RequiredModules = @( - # @{ - # ModuleName = "ReverseDSC" - # RequiredVersion = "2.0.0.7" - # } - # ) + # RequiredModules = @() # Assemblies that must be loaded prior to importing this module # RequiredAssemblies = @() diff --git a/SharePointDsc/WikiSource/Contributing-to-SharePointDsc.md b/SharePointDsc/WikiSource/Contributing-to-SharePointDsc.md new file mode 100644 index 000000000..0e46dc73d --- /dev/null +++ b/SharePointDsc/WikiSource/Contributing-to-SharePointDsc.md @@ -0,0 +1,194 @@ +If you are keen to make SharePointDsc better, why not consider contributing your work to the project? Every little change helps us make a better resource for everyone to use, and we would love to have contributions from the community. + +# Core contribution guidelines + +We follow all of the standard contribution guidelines for DSC resources [outlined in the DscResources repo](https://github.com/PowerShell/DscResources/blob/master/CONTRIBUTING.md), so please review these as a baseline for contributing. Specifically, be sure to read the following linked article from that page: + +* [Style Guidelines and Best Practices](https://github.com/PowerShell/DscResources/blob/master/StyleGuidelines.md) + +## SharePointDsc specific coding principles + +The Get-TargetResource function should not return $null as a result. It may, however, return a hashtable where some properties have a $null value. For example: +```PowerShell +function Get-TargetResource +{ + $nullreturn = @{ + ServiceAppName = $ServiceAppName + Name = $Name + RequestLimit = $null + WaitTime = $null + Ensure = "Absent" + } + return $nullreturn +} +``` + +In some cases, SharePoint does not publically publish information via the object model. If this is the case, reflection can be used to call the internal method. Since this comes with significant risks, however, we only allow reflection to be used to retrieve data and **not** to set data. + +## Design Guidelines + +To help ensure that SharePointDsc resources are created in a consistent manner, there are a number of design guidelines that guide the thinking applied to how the resources should be built. These design rules should be taken into account when submitting changes or new functionality to the SharePointDsc module. + +1. Each resource in SharePointDsc should strive to make changes to only the current server, and not require a remote connection to other servers to complete their work. +2. Supported versions of SharePoint for SharePointDsc are SharePoint Server 2013 with Service Pack 1 or higher, SharePoint Server 2016 and SharePoint Server 2019. SharePoint 2010 is not supported due to requiring PowerShell 4, which is not supported with that version of the product. Where a resource will not work with all versions we support (such as functionality or features being added or deprecated between versions), a clear and concise error should be returned that explains this. + +3. Any breaking change should be committed to a new branch so that it can be included in the next major version release. A change will be considered a 'breaking' change under the following circumstances: + +* A new mandatory property is added to a resource +* The data type of any resource property is changed +* Any property is removed or renamed in a resource +* A resource is removed +* A change in the expected outcome of how a resource behaves is made +* Any change that modifies the list of prerequisites for the module to run + +4. Resources that will make changes within site collections should not be part of SharePointDsc. The reason is that these types of changes can conflict with actions performed by the site collection owners/administrators. For example: In SPSite we use the title field during site creation, but do not update the title later on. This is because a site collection administrator can have a reason for changing the title and in such a case, SharePointDsc would reset the title, confusing the site collection administrator. + + * Only in specific cases can we deviate from this principle. + * One exception is the SPWeb resource. That was fully coded already and submitted as a Pull Request. Since we didn't want to throw away that code, we decided to include it into the module. + +# SharePointDsc specific guidelines + +## Dynamic documentation + +With over 100 resources in our module, we want to keep the documentation work light. To aid this, we are generating our documentation dynamically. Therefore, for each DSC resource we have, the following items must be completed so we can generate these: + +1. In the folder for the resource, place a readme.md file that contains heading 'Description' and a text description of the module. +2. In the schema.mof file for the resource, ensure that there are description attributes on all properties. +3. Generate 1 or more example configurations for the resource in the Examples/resources/[resource name] folder using PowerShell help syntax to describe the example at the top of the file. Each example configuration must be complete and runnable, must be called "example" and it must only take parameters of PSCredential types. This will allow our unit tests to validate the examples as part of our build process. + +With these items in place, we can dynamically generate the help files for PowerShell as well as this wiki. + +## Testing against SharePoint Server 2013, 2016, 2019 and Subscription Edition + +SharePointDsc is designed to work correctly against the Server 2013, 2016, 2019 and Subscription Edition versions of the product. The automated unit tests that are run in SharePointDsc will execute against all versions of the product using the stub modules we include in the unit tests directory. + +Where a resource applies to only a specific version (such as [SPUserProfileSyncService](https://github.com/dsccommunity/SharePointDsc/blob/master/SharePointDsc/DSCResources/MSFT_SPUserProfileSyncService/MSFT_SPUserProfileSyncService.psm1)) the code should throw meaningful errors to indicate that it should not be used with the installed version of the product. + +## Test your changes on a SharePoint test environment + +This might sound a little stupid, but in the past we noticed that code changes were submitted that could never work on a SharePoint environment. So always make sure you test your updates against a real life SharePoint environment! You can use [this](https://github.com/dsccommunity/SharePointDsc/wiki/Creating-an-Azure-development-environment) article to create your own test environment in Azure. + +# Tools + +For SharePointDsc there are several tools available to help developing or are being used in the GitHub repository. + +## GitHub Desktop + +In order to work with a local copy of the repository, you need the [GitHub Desktop](https://desktop.github.com/). The GitHub Desktop include the [Git tools](https://git-scm.com/downloads), but adds a nice GUI on top of it. Using this GUI you can see what commits have been made and what changes where made in those commits. Checkout the training section below if you want to learn more about Git. + +## Visual Studio Code + +To develop SharePointDsc, we recommend the use of [Visual Studio Code](https://code.visualstudio.com/) with the [PowerShell extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.PowerShell) to enable PowerShell support. The SharePointDsc project already contains some definitions that configure Visual Studio Code to use the correct formatting. + +## PSScriptAnalyzer +To check code for compliance to PowerShell best practices, we are using [PSScriptAnalyzer](https://github.com/PowerShell/PSScriptAnalyzer). You can install this module locally as well and have your code checked. Visual Studio Code is also using this module to display possible issues in your PowerShell code. + +## Azure DevOps + +We are using [Azure DevOps](https://dev.azure.com/dsccommunity/SharePointDsc/) as the Continuous Integration solution for our project. When a Pull Request is submitted, Azure DevOps will run all the required tests against all supported SharePoint versions. If you want to see what happened, for example if the test fails, you can review the Azure DevOps log by clicking on the "Details" link behind the Azure DevOps test. + +Since the log is very big, a quick way to see which tests failed is to click "View raw log" link and searching for "[-]", which is present in all failed tests. + +## Pester + +All DSC Resource Kit modules are using [Pester](https://github.com/pester/Pester) to perform Unit tests on the code. Pester is also able to calculate the code coverage off all tests. Check out the training section below if you want to learn more about Pester. + +> _**IMPORTANT**: Make sure you run the below commands:_ +> * _Using Windows PowerShell v5.1. Running unit tests might work on PowerShell v7, but this hasn't been tested yet (because SharePoint itself requires Windows PowerShell v5.1). Testing running unit tests with PowerShell v7 is on the roadmap._ +> * _In an elevated PowerShell session. The code will throw a lot of errors when you don't!_ + +You can run all tests by performing these steps: +* Open PowerShell +* Browse to the local clone folder (e.g. c:\src\SharePointDsc) +* Build the module by running `.\build.ps1 -Tasks Build` +* Start all tests by running `.\build.ps1 -Tasks Test` + +This executes all tests for SharePoint 2013 on the code. This can take several hours to complete, depending on the specifications of your machine. If you want to run the tests for a different SharePoint version, use: + +**SharePoint 2016** +```PowerShell +.\build.ps1 -Tasks test -PesterScript @(@{ Path = '/Tests/Unit'; Parameters = @{SharePointCmdletModule = '/Tests/Unit/Stubs/SharePoint/16.0.4456.1000/Microsoft.SharePoint.PowerShell.psm1' }}) +``` +**SharePoint 2019** +```PowerShell + .\build.ps1 -Tasks test -PesterScript @(@{ Path = '/Tests/Unit'; Parameters = @{SharePointCmdletModule = '/Tests/Unit/Stubs/SharePoint/16.0.10337.12109/Microsoft.SharePoint.PowerShell.psm1' }}) +``` +**SharePoint Subscription Edition** +```PowerShell + .\build.ps1 -Tasks test -PesterScript @(@{ Path = '/Tests/Unit'; Parameters = @{SharePointCmdletModule = '/Tests/Unit/Stubs/SharePoint/16.0.14326.20450/SharePointServer.psm1' }}) +``` + +We are also checking for compliance to the [coding style guide and other generic tests](https://github.com/PowerShell/DscResource.Tests#dsc-resource-common-meta-tests). You can run these tests locally by executing the following steps: +* Open PowerShell +* Browse to the local clone folder +* Build the module by running (required if you restarted PowerShell or updated a resource) `.\build.ps1 -Tasks Build` +* Start all High Quality Resource Module (HQRM) tests by running `.\build.ps1 -Tasks hqrmtests` +This executes all HQRM tests on the code. + +## Test single resource +To run an individual Pester test, run the following script (update the first two lines with the correct values): +```PowerShell +$modulePath = '' # e.g. C:\src\SharePointDsc +$resource = '' # e.g. SPSite + +cd $modulePath +.\build.ps1 -Tasks Build + +$path15 = Join-Path -Path $modulePath -ChildPath '\Tests\Unit\Stubs\SharePoint\15.0.4805.1000\Microsoft.SharePoint.PowerShell.psm1' +$path16 = Join-Path -Path $modulePath -ChildPath '\Tests\Unit\Stubs\SharePoint\16.0.4456.1000\Microsoft.SharePoint.PowerShell.psm1' +$path19 = Join-Path -Path $modulePath -ChildPath '\Tests\Unit\Stubs\SharePoint\16.0.10337.12109\Microsoft.SharePoint.PowerShell.psm1' +$pathSE = Join-Path -Path $modulePath -ChildPath '\Tests\Unit\Stubs\SharePoint\16.0.14326.20450\SharePointServer.psm1' + +$testPath = Join-Path -Path $modulePath -ChildPath ".\Tests\Unit\SharePointDsc\SharePointDsc.$resource.Tests.ps1" +$compiledModulePath = Split-Path -Path (Get-Module SharePointDsc).Path +$resourcePath = Join-Path -Path $compiledModulePath -ChildPath "\DSCResources\MSFT_$resource\MSFT_$resource.psm1" +Invoke-Pester -Script @( + @{ Path = $testPath; Parameters = @{SharePointCmdletModule = $path15 } }, + @{ Path = $testPath; Parameters = @{SharePointCmdletModule = $path16 } }, + @{ Path = $testPath; Parameters = @{SharePointCmdletModule = $path19 } }, + @{ Path = $testPath; Parameters = @{SharePointCmdletModule = $pathSE } } +) -CodeCoverage $resourcePath +``` +This will run the unit tests for all four SharePoint versions **and** will calculate code coverage of the unit tests across these versions. + +**NOTE:** Make sure you have version 4.10.1 of Pester. Update the module from the PowerShell Gallery by running the command `Install-Module Pester -RequiredVersion 4.10.1 -Force` + +**NOTE 2:** If you have Windows 10, please read [this page](https://github.com/pester/Pester/wiki/Installation-and-Update) to update successfully to the most recent version: + +**NOTE 3:** When you are troubleshooting Pester tests and you make a code change in the resource, you have to build the module again. Updates to the Pester test itself do not require this. + +## Reviewable + +When a Pull Request is submitted, a code review will have to take place to ensure it meets all defined standards. The code review will be done via [Reviewable](https://reviewable.io), a platform that easily enables reviewers to check code changes, add comments and approve changes. Only when all review comments are resolved will we be able to merge the Pull Request. + +# Troubleshooting + +The Microsoft Docs site has a good [article on troubleshooting DSC](https://docs.microsoft.com/en-us/powershell/dsc/troubleshooting) which has a list of tips and tricks on how to collect information while troubleshooting DSC. + +When troubleshooting an issue, you can use the [built-in debugging possibilities](https://docs.microsoft.com/en-us/powershell/dsc/debugresource) in PowerShell DSC. Running the command `Enable-DscDebug -BreakAll` on the target machine enables debugging. By running `Start-DscConfiguration` and specifying the configuration to deploy, a new deployment starts, stopping with the following information: + ```PowerShell +Enter-PSSession -ComputerName TEST-SRV -Credential +Enter-PSHostProcess -Id 9000 -AppDomainName DscPsPluginWkr_AppDomain +Debug-Runspace -Id 9 + ``` +By running these commands, you connect to the remote machine, entering a debug session. + +Another debug option is to open the Pester file and the resource psm1 file. By placing breakpoints in those files and running the Pester file, PowerShell stops at the set breakpoint. This enables you to step through the code, troubleshooting either the resource or the Pester test. + +# Training + +The following resources can be used to get familiar with several technologies used within SharePointDsc: + +* PowerShell Desired State Configuration and SharePointDsc + * [Microsoft Learn: "Getting Started with PowerShell Desired State Configuration"](https://docs.microsoft.com/en-us/shows/getting-started-with-powershell-dsc/) + * [Microsoft Learn: "Advanced PowerShell Desired State Configuration"](https://docs.microsoft.com/en-us/shows/advanced-powershell-dsc-and-custom-resources/) + * [Microsoft Learn: "SharePoint Automation with DSC"](https://docs.microsoft.com/en-us/shows/sharepoint-automation-with-dsc/) +* Git + * [Git manual](https://git-scm.com/book/en/v2) + * [PluralSight: "How Git Works"](https://app.pluralsight.com/library/courses/how-git-works/table-of-contents) This is a very good training to get familiar with the Git concept. + * [PluralSight: "Mastering Git"](https://app.pluralsight.com/library/courses/mastering-git/table-of-contents) This is a very good training to get familiar with the Git concept. +* Pester + * [Microsoft Learn: "Testing PowerShell with Pester"](https://docs.microsoft.com/en-us/shows/testing-powershell-with-pester/) + * [PluralSight: "Testing PowerShell with Pester"](https://www.pluralsight.com/courses/powershell-testing-pester) + +**NOTE:** A subscription is required for the PluralSight trainings diff --git a/SharePointDsc/WikiSource/Creating-Configuration-Files.md b/SharePointDsc/WikiSource/Creating-Configuration-Files.md new file mode 100644 index 000000000..50545474e --- /dev/null +++ b/SharePointDsc/WikiSource/Creating-Configuration-Files.md @@ -0,0 +1,103 @@ +PowerShell DSC allows for a single configuration file to be applied to a server to describe +what is should 'look like' - what services will run, what products are installed, and how +they are configured. +In the context of deploying a SharePoint farm this gives us a number of options for how to +go about deploying the farm with a number of different configurations based on roles, with +a number of components that are common across all deployments. + +## Things every configuration is likely to have + +When describing a configuration for a SharePoint Server, there are a number of common +components that are likely to exist in every configuration. +Namely the components related to the installation of the product - +_[SPInstallPreReqs](SPInstallPreReqs)_ and _[SPInstall](SPInstall)_. + +It is also important to understand how the SharePointDsc resources impersonate and communicate +with the SharePoint PowerShell cmdlet's. +For PowerShell 5 (which we recommend) you should use the PsDscRunAsCredential property to specify + the account a resource should run as. +However for PowerShell 4 this is not an option, and the InstallAccount option is to be used in +that situation, which relies on creating a local PowerShell session that uses CredSSP authentication. +This means you are likely to want to use the xCredSSP resources also (see _[Remote sessions and +the InstallAccount variable](Remote-sessions-and-the-InstallAccount-variable)_) for more information +on this). +There are also a limited number of scenario's in SharePointDsc that will always use this CredSSP +approach (such as provisioning the user profile sync service) so it is recommended that even if +you use PowerShell 5 and PsDscRunAsCredential, you should still configure the CredSSP settings. + +## Creating a single server deployment + +The single server deployment is the most straightforward - you will have one configuration file +that will describe all of the components that you want to have on that server. +This is not likely to be a production deployment, but more a development or testing server. +The specifics of what you put in to this configuration are largely up to what you want this server +to be running, but you will always include _[SPFarm](SPFarm)_ to create the farm, and +_[SPDistributedCacheService](SPDistributedCacheService)_ to enable the distributed cache service +in the farm. +The rest can be as little or as detailed as you need it to be in order to achieve your desired +configuration. + +## Expanding the model out to multiple servers + +When we begin to explore scenarios that include more than one server, the implementation of our +configuration changes significantly. +There can no longer be a single configuration that applies to all servers, you need to start +looking at what "roles" a server will fulfill within your farm. +Common roles would include "application server", or "front end server", perhaps in a large +deployment you might have a "distributed cache server" or a "search server". +The individual roles you have within your architecture will dictate the number of unique +configurations that you need to create. + +For example, consider a farm that has the following architecture: + +- 2x Web Front End Servers +- 2x Application Servers + +This is a typical "small" SharePoint deployment, as it separates out the services to the two layers to +handle the different workloads, and still provides redundancy through having at least 2 servers in +each "role". +In this case, I would need to have two configurations, one for the front ends and one for the +application servers. +Each configuration would describe what a server in that role would look like, since I would expect +all of my front end servers to have the same services and configuration applied, and again for the +application servers. +Then if I decide I need to scale out to accommodate more load and add a new front end server, I would +just apply the same configuration to it based on its role. + +## Understanding the need for a "farm server" configuration + +Continuing with the above example of a small server farm, we have two configurations for each role. +There is a need for a third configuration though, and this is referred to as a "farm" configuration. +This configuration is planned to be applied to one server only (and typically this will be a back end +application server, so its configuration will be very similar to the other application server). +There are some differences though, the farm configuration will: + +- Be responsible for creating the farm +- Also be responsible for provisioning and configuring logical components in the farm + +It is important to understand the difference between a logical component and a physical component in +our configurations. +For example, a SharePoint web application is a logical component in a SharePoint farm - you create it +on one server, configure it from one server, but all the other servers in the farm know about it. +The physical component for a web application is the IIS website, which exists on specific servers and +can be configured per server (such as making changes to bindings). +So I would use my "farm server" configuration to provision logical components like web applications and +service applications, and my individual role configurations to validate the components that apply to a +server specifically as opposed to something that exists logically within the farm. + +The other factor here is around how the DSC is going to be run from every server - if I have a SharePoint +web application that exists in a large server from (let's assume 10 servers), I don't need all 10 servers +checking for it every 30 minutes. +Even if it was just a handful of front end servers, it is still unnecessary for them all to be managing +this when it does not map directly to a physical thing that has to happen on each server. +This means that the farm server configuration will likely be much larger than any other role +configuration, but it also provides more flexibility in the implementation as all logical components are +in one spot on one server. + +## Examples + +In the module is an examples directory which demonstrates both a single server deployment, as well as the +three configurations needed for the above mentioned multi-server example (so one "farm" configuration, +then an app server and a front end server). +These examples demonstrate the concepts discussed here and can be used as as starting point for your own +configurations. diff --git a/SharePointDsc/WikiSource/Creating-an-Azure-development-environment.md b/SharePointDsc/WikiSource/Creating-an-Azure-development-environment.md new file mode 100644 index 000000000..cefb17183 --- /dev/null +++ b/SharePointDsc/WikiSource/Creating-an-Azure-development-environment.md @@ -0,0 +1,87 @@ +To help speed up development with SharePointDsc, a set of scripts has been created that will deploy an environment that is ready to use for development purposes in to your own Azure subscription. This page outlines the requirements for using this script. + +## Step One - Get an Azure subscription + +If you do not currently have an Azure subscription, you can sign up for a free trial at [https://azure.microsoft.com/free](https://azure.microsoft.com/free) + +## Step Two - Install the Azure PowerShell cmdlets + +You can install the required Azure management PowerShell cmdlets by running the following script + + Install-Module Azure + Install-Module AzureRm + +## Step Three - Install required DSC modules + +The script requires several PowerShell DSC modules to be installed on your local machine, which are published to the Azure Blob Storage together with the DSC scripts. + +Module Name | Version +------------ | ------------- +xActiveDirectory | 2.16.0.0 +xCredSSP | 1.0.1 +xDnsServer |1.7.0.0 +xComputerManagement | 1.9.0.0 +xNetworking | 3.2.0.0 +SQLServerDsc | 10.0.0.0 +xWebAdministration | +SharePointDsc | + +To install the modules: + +```PowerShell +Install-Module -Name xActiveDirectory -RequiredVersion 2.16.0.0 -SkipPublisherCheck -Force +Install-Module -Name xCredSSP -RequiredVersion 1.0.1 -SkipPublisherCheck -Force +Install-Module -Name xDnsServer -RequiredVersion 1.7.0.0 -SkipPublisherCheck -Force +Install-Module -Name xComputerManagement -RequiredVersion 1.9.0.0 -SkipPublisherCheck -Force +Install-Module -Name xNetworking -RequiredVersion 3.2.0.0 -SkipPublisherCheck -Force +Install-Module -Name SQLServerDsc -RequiredVersion 10.0.0.0 -SkipPublisherCheck -Force +Install-Module -Name xWebAdministration -SkipPublisherCheck -Force +Install-Module -Name SharePointDsc -SkipPublisherCheck -Force +``` +## Step Four- Create a storage account that contains the binaries for SharePoint + +You will need a storage account that will contain the installer for SharePoint so you can have the dev environments download them when needed. See "[Creating a storage account](https://docs.microsoft.com/en-us/azure/storage/storage-create-storage-account#create-a-storage-account)" for instructions on how to create a new storage account. + +Once you have created the account you will need to create a container in it, and then copy the files for SharePoint in to this. This can be done through the portal (under the "blobs" or "containers" section), or via the [New-AzureStorageContainer](https://docs.microsoft.com/en-us/powershell/module/azure.storage/New-AzureStorageContainer?view=azurermps-4.2.0) PowerShell cmdlet. + +There are a number of ways of copying files in to Azure storage - see "[moving data to and from Azure storage](https://docs.microsoft.com/en-us/azure/storage/storage-moving-data)" for specific methods. You will need to take the entire contents of the SharePoint 2013, 2016 or 2019 ISO and copy them in to the container you created above. You can also slipstream updates in to the "Updates" folder at this point to install SharePoint to a specific CU level. + +## Step Five - Create a new dev environment + +To create your development environment, run the following PowerShell commands (see the list below of changes to make to this before running) + + Import-Module C:\repos\SharePointDsc\Tests\Integration\Azure\AzureEnvironmentBuilder.psm1 + Login-AzureRmAccount + New-SPDscAzureLab -ResourceGroupName "SPDSCTestLab" ` + -Location southeastasia ` + -StorageAccountName "spdsctestlab1" ` + -SoftwareStorageAccountName "spdscsoftware1" ` + -SoftwareStorageAccountContainer "sharepoint2016" ` + -SharePointProductKey "AAAAA-AAAAA-AAAAA-AAAAA-AAAAA" ` + -PublicDNSLabel "spdsctestlab1" ` + -AdminCredential (Get-Credential -Message "Enter admin credential") + +In this script you will need to set the following values + +1. The Import-Module cmdlet needs to point to where ever you have a copy of the SharePointDsc source code to import the module from +2. Change the resource group name parameter, this can be anything to help you identify the development environment in your Azure subscription +3. Set the location to the Azure location you wish to deploy to +4. The SoftwareStorageAccountName parameter should be the name of the storage account you created earlier to upload SharePoint in to +5. The SoftwareStorageAccountContainer parameter should be the name of your container that was created earlier +6. The SharePointProductKey parameter should be your valid SharePoint product key +7. The PublicDNSLabel property is used to establish a DNS name for your server once it is created. This will be viewable in the Azure portal when the provisioning is complete + +After these changes have been made you can run the script and you will be prompted first to sign in to Azure, and after that you will be prompted for the admin credentials for your environment (username and password - do not prefix a domain name on to the username). + +# What is in the development environment + +You will see a Domain controller server, a SQL server and a SharePoint server. The AD and SQL servers are both fully configured and ready to use. The SharePoint server will have the following software installed: + +* SharePoint (version will be based on what you uploaded to blob storage) +* Git for Windows +* Visual Studio Code +* Nodejs +* Git Credential Helper for Windows +* PoshGit + +This should be seen as a minimum to begin development with SharePointDsc - you can however install any other software on the servers you need as you have full control of them after they are provisioned from the template. diff --git a/SharePointDsc/WikiSource/Error-Exceeded-the-configured-MaxEnvelopeSize-quota.md b/SharePointDsc/WikiSource/Error-Exceeded-the-configured-MaxEnvelopeSize-quota.md new file mode 100644 index 000000000..bccffae11 --- /dev/null +++ b/SharePointDsc/WikiSource/Error-Exceeded-the-configured-MaxEnvelopeSize-quota.md @@ -0,0 +1,27 @@ +When deploying DSC configurations, you may run into the following issue when executing Start-DscConfiguration: + + VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'. + The WinRM client sent a request to the remote WS-Management service and was notified that the request size exceeded the configured MaxEnvelopeSize quota. + + CategoryInfo : LimitsExceeded: [root/Microsoft/...gurationManager:String] [], CimException + + FullyQualifiedErrorId : HRESULT 0x80338111 + + PSComputerName : [servername] + VERBOSE: Operation 'Invoke CimMethod' complete. + VERBOSE: Time taken for configuration job to complete is 0.648 seconds + +## Solution +The solution for this issue is to increase the maximum envelope size, by running the following command in an elevated PowerShell session: + + Set-Item -Path WSMan:\localhost\MaxEnvelopeSizeKb -Value 2048 + +**Note:** The default value is MaxEnvelopeSizeKB is 500 + +**Note 2:** When your computer is configured to use the Public network profile, the Set-Item cmdlet might throw the following error: + + Set-Item : WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Change the network connection type to either Domain or Private and try again. + +Change the network profile to Domain or Private in order to change the setting. + +## More information +More information about the MaxEnvelopeSize can be found at: +* https://msdn.microsoft.com/en-us/library/cc251449.aspx +* https://msdn.microsoft.com/en-us/library/aa384372%28VS.85%29.aspx diff --git a/SharePointDsc/WikiSource/Export-Diagnostic-Data.md b/SharePointDsc/WikiSource/Export-Diagnostic-Data.md new file mode 100644 index 000000000..229b99e73 --- /dev/null +++ b/SharePointDsc/WikiSource/Export-Diagnostic-Data.md @@ -0,0 +1,47 @@ +If you want to troubleshoot an issue, having some logging or troubleshooting +information available is very useful. Especially when you ask someone else for +assistance. That is why SharePointDsc has a cmdlet available that is able to +export several pieces of information: + +- DSC Verbose logs +- SPDSC Event log +- PowerShell version +- Operating System version +- LCM configuration + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **ExportFilePath** | Mandatory | String | Path where to export the diagnostic data to | | +| **NumberOfDays** | Optional | UInt | The number of days to export the data of (Default = 7) | | +| **Anonymize** | Optional | Switch | Specify to anonymize the exported data | | +| **Server** | Mandatory | String | Specifies the server name to replace during anonimization | | +| **Domain** | Mandatory | Switch | Specifies the domain name to replace during anonimization | | +| **Url** | Mandatory | Switch | Specifies the url to replace during anonimization | | + +## Examples + +### Example 1 + +Export diagnostic info to C:\Output + +```PowerShell +Export-SPDscDiagnosticData -ExportFilePath 'C:\Output' +``` + +### Example 2 + +Export diagnostic info of the last 14 days to C:\Output + +```PowerShell +Export-SPDscDiagnosticData -ExportFilePath 'C:\Output' -NumberOfDays 14 +``` + +### Example 3 + +Export anonymized diagnostic info to C:\Output + +```PowerShell +Export-SPDscDiagnosticData -ExportFilePath 'C:\Output' -Anonymize -Server 'server1' -Domain 'contoso.com' -Url 'https://sharepoint.contoso.com' +``` diff --git a/SharePointDsc/WikiSource/Export-SharePoint-Configuration.md b/SharePointDsc/WikiSource/Export-SharePoint-Configuration.md new file mode 100644 index 000000000..6de2da5de --- /dev/null +++ b/SharePointDsc/WikiSource/Export-SharePoint-Configuration.md @@ -0,0 +1,75 @@ +SharePoint Farms have multiple components on every server which contain configuration. +At a very high level this could be: + +- Web Applications +- Databases +- Servers +- Services +- Service Applications + +PowerShell Desired State Configuration has the ability to make sure these components are compliant +with a desired state. Unfortunately it is not possible to create a desired state configuration +based off an existing server/farm. + +That is why Nik Charlebois created [ReverseDsc](https://www.powershellgallery.com/packages/ReverseDSC). +This module offers generic functionalities to generate DSC configurations and requires a technology +specific orchestrator script to export the data. + +> For a _[Full list](Understanding-Resources)_ of what can be extracted have a look at our Included Resources section. + +Since SharePointDsc v4.5, this orchestrator script (and therefore ReverseDsc support) has been +natively integrated into SharePointDsc. + +>**NOTE:** Running an export does require the module "ReverseDsc" to be installed. Do this by running the following cmdlet: +> +> ```PowerShell +> Install-Module ReverseDsc +> ``` + +To run an export you have to use the `Export-SPConfiguration` cmdlet. When running an export, you +need to specify which resources you want to export. If you don't specify any parameters, the cmdlet +shows a GUI in which you can select the resources you want to export and specify the credentials. + +![Export GUI](media/ExportGUI.png) + +For more information and examples, check the info below. + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **ComponentsToExtract** | Optional | String[] | Names of the resources to export | | +| **Credentials** | Optional | PSCredential | The credentials to connect to SharePoint with | | +| **Mode** | Optional | String | Predefined sets of exported resources | Lite, Default, Full | +| **OutputPath** | Optional | String | Specifies the file name to which to export the exported configuration | | +| **SkipSitesAndWebs** | Optional | Switch | Include Sites and Webs in the output (Default = True) | | +| **Standalone** | Optional | Switch | Create export as if the farm is using a single server | | +| **Quiet** | Optional | Switch | (Deprecated) Run the export without showing the GUI | | + +## Examples + +### Example 1 + +Run an export by using the GUI + +```PowerShell +Export-SPConfiguration +``` + +### Example 2 + +Run an unattended export by specifying the resources + +```PowerShell +$credential = Get-Credential domain\farmadministrator +Export-SPConfiguration -ComponentsToExport "SPInstall", "SPFarm", "SPManagedAccount" -Credentials $credential -OutputPath 'C:\DscExport' +``` + +### Example 3 + +Run a full export by specifying the export mode + +```PowerShell +$credential = Get-Credential domain\farmadministrator +Export-SPConfiguration -Mode 'Full' -Credentials $credential -OutputPath 'C:\DscExport' +``` diff --git a/SharePointDsc/WikiSource/Getting-Started.md b/SharePointDsc/WikiSource/Getting-Started.md new file mode 100644 index 000000000..7a5483887 --- /dev/null +++ b/SharePointDsc/WikiSource/Getting-Started.md @@ -0,0 +1,21 @@ +# Introduction + +SharePointDSC is an add-on to PowerShell Desired State Configuration (DSC). +The high level concept is that you can take a specific piece of configuration and deploy how this should act as code. + +You can then take the generated configuration file (.MOF) and Target this configuration to an environment / single server(node). + +This is useful in various scenarios, but can become complex depending how broad the scope is of the configuration and sub components and when aligning this with best practices for SharePoint or specific SharePoint Operating procedures i.e. Extending a Web Application instead of renaming. + +## Scenarios + +|Scenario|Description|Complexity| Estimated Effort| +| ----------- | ----------- |----------- |----------- | +|Deploying a new SharePoint Version| Creating an environment from scratch or using an example template for 2016 / 2019 / Subscription Edition for automation and guaranteed repeatability.|Medium|8-16 Hrs| +|Extracting an old farms Configuration|Taking a backup / extract of the entire configuration or piece/s of configuration.Has many additional use cases once extracted.|Low|2 Hrs| +|Comparison of configuration|Comparing the configuration between a last update , change or between environment i.e. Dev / Prod|High| 6 Hrs +|Restoring configuration from Prod-->Dev|This depends on the scope of configuration(More Scope = More Lines of PowerShell) and the intended action i.e. Change / Update / Add / Remove and aligning to Best Practices|Extremely High| Unknown| + +It's entirely possible that DSC is the right fit for you , and that there is a learning / discipline requirement. Or a Gap in your knowledge/ experience this Getting Started section is designed to help you. + +More information on PowerShell Desired State Configuration in general, can be found [here](https://docs.microsoft.com/en-us/powershell/scripting/dsc/overview/overview). diff --git a/SharePointDsc/WikiSource/Home.md b/SharePointDsc/WikiSource/Home.md new file mode 100644 index 000000000..ac8864aab --- /dev/null +++ b/SharePointDsc/WikiSource/Home.md @@ -0,0 +1,58 @@ +# Welcome to the SharePointDsc wiki + +SharePointDsc v#.#.# + +Here you will find all the information you need to make use of the SharePoint DSC resources, including details of the resources that are available, current capabilities and known issues, and information to help plan a DSC based implementation of SharePoint. + +Please leave comments, feature requests, and bug reports in the [issues section](https://github.com/dsccommunity/SharePointDsc/issues) for this module. + +## Quick start + +To get started, download SharePointDsc from the [PowerShell Gallery](http://www.powershellgallery.com/packages/SharePointDsc/) and then unzip it to one of your PowerShell modules folders (such as $env:ProgramFiles\WindowsPowerShell\Modules). +To install from the PowerShell gallery using PowerShellGet (in PowerShell 5.0), run the following command: + + Find-Module -Name SharePointDsc -Repository PSGallery | Install-Module + +To confirm installation, run the below command and ensure you see the SharePoint DSC resources available: + + Get-DscResource -Module SharePointDsc + +To view a more detailed explanation, view our _[Getting Started](Getting-Started)_ page. + + +## Supported SharePoint versions + +SharePointDsc currently supports: + +- SharePoint Server 2013 with Service Pack 1 (or a higher update level) installed, running on Windows Server 2008 R2, Windows Server 2012 or Windows Server 2012 R2. +- SharePoint Server 2016 RTM (or higher) running on either Windows Server 2012 R2 or Windows Server 2019. +- SharePoint Server 2019 RTM (or higher) running on either Windows Server 2016 or Windows Server 2019. +- SharePoint Server Subscription Edition RTM (or higher) running on either Windows Server 2019 or Windows Server 2022. + + > For SharePoint 2013 to ensure correct provisioning of the User Profile Service and the User Profile Sync Service, the [February 2015 Cumulative Update](https://support.microsoft.com/en-us/kb/2920804) is also required. If you are installing SharePoint via the DSC resources, you can [slipstream it in to the update directory](http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=403) so it is applied during the initial installation. + +> SharePoint Foundation is not supported. + +## Known Issues +There are some known issues (and their solutions/workarounds) with SharePointDsc or PowerShell: + +_[Error Exceeded the configured MaxEnvelopeSize quota](Error-Exceeded-the-configured-MaxEnvelopeSize-quota)_ + +_[Setting up Central Administration on HTTPS](Setting-up-Central-Administration-on-HTTPS)_ + +_[Using CredSSP on a domain controller / single server farm](Using-CredSSP-on-a-Domain-Controller)_ + +## Multilingual support + +Where possible, resources in SharePointDsc have been written in a way that they should support working with multiple language packs for multilingual deployments. However due to constraints in how we set up and install the product, only English ISOs are supported for installing SharePoint. + +## Resource Structure + +Resources inside the SharePointDSC module are categorized into 4 main groups. + +- Common Resources +- Specific Resources +- Distributed Resources +- Utility Resources + +To understand how to use these resources in your Configuration to avoid Syntax and undesired results go to our _[Understanding Resources](Understanding-Resources)_ section. diff --git a/SharePointDsc/WikiSource/Installing-the-module.md b/SharePointDsc/WikiSource/Installing-the-module.md new file mode 100644 index 000000000..e8de7872c --- /dev/null +++ b/SharePointDsc/WikiSource/Installing-the-module.md @@ -0,0 +1,34 @@ +When working on Windows Server 2012R2 or any server without PowerShell 5.0. It's recommended to first upgrade PowerShell to v5.1. + +> [Download Windows Management Framework 5.1](https://www.microsoft.com/en-us/download/details.aspx?id=54616) + +If PowerShell is not regularly used or not connected to the internet like in many secure environments or servers you may need to switch PowerShell from using TLS 1.0 to TLS 1.2, so it can download the modules. +More information is published by the PowerShell Product Group in this [TLS1.2 and PowerShell](https://devblogs.microsoft.com/powershell/powershell-gallery-tls-support/) support article. +Line 16 shows how to install a new version of Powershell Get. + +> To mitigate this chance we have released a minor update to PowerShellGet which will allow you to continue to interact with the PowerShell Gallery. + +To install SharePointDsc, run the following commands: + +1. Open PowerShell as Administrator +1. Run `[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12` +1. Run `Register-PSRepository -Default` +1. Run `Install-Module -Name SharePointDSC` +1. Run `Install-Module ReverseDsc` (only if you want to export configurations) + +## Installing in a secure environment + +>If you followed steps above and received no errors you now have SharePoint DSC installed on your Machine and you can skip the next 2 steps. + +1. If your server is not connected to the internet you should have received an error in the previous steps. +2. Run `Save-Module -Name SharePointDSC,ReverseDsc -Path C:\Temp` on the machine connected to the Internet. This will download the modules to the specified folder. +3. Alternatively you can also install the module on the local machine, but this is not necessary: `Install-Module -Name SharePointDSC,ReverseDsc` on the machine connected to the Internet. Type `[A]` for All. +4. Manually copy the SharePointDsc and ReverseDsc folders from `C:\Temp` (from step 2) or `C:\Program Files\WindowsPowerShell\Modules` (from step 3) folders. You can optionally zip the folders. +5. Copy / Unzip the folders to the target machine into the Modules folder at `C:\Program Files\WindowsPowerShell` + +## Testing if the module is Installed + +You can use the Verb `Get-InstalledModule` to see All modules you have installed. +You can also use this block specifically. + + Get-InstalledModule SharePointDSC ,ReverseDSC diff --git a/SharePointDsc/WikiSource/Known-issues-with-remote-sessions.md b/SharePointDsc/WikiSource/Known-issues-with-remote-sessions.md new file mode 100644 index 000000000..ab5cdca6f --- /dev/null +++ b/SharePointDsc/WikiSource/Known-issues-with-remote-sessions.md @@ -0,0 +1,5 @@ +Due to the way that SharePointDsc uses a "remote" session to the local computer to impersonate a user for PowerShell 4 support (documented at "[Remote sessions and the InstallAccount variable](Remote-sessions-and-the-InstallAccount-variable)") there are a couple of known scenarios that do not work with this approach. The known scenarios are: + +## Updating SharePoint Designer settings in SPDesignerSettings + +The work around to this is to remove the InstallAccount property and instead us PsDscRunAsCredential (documented in the same link as above). This approach does require PowerShell 5 to work however, so if it is not possible to install PowerShell 5 then the above scenarios will not work and can not be used. diff --git a/SharePointDsc/WikiSource/Other-useful-modules-for-SharePoint-DSC-configurations.md b/SharePointDsc/WikiSource/Other-useful-modules-for-SharePoint-DSC-configurations.md new file mode 100644 index 000000000..73ae997ac --- /dev/null +++ b/SharePointDsc/WikiSource/Other-useful-modules-for-SharePoint-DSC-configurations.md @@ -0,0 +1,40 @@ +When working with SharePoint servers with PowerShell DSC, there are a number of other DSC modules which contain useful resources which can further assist with the automation of your environments. + +## xWebAdministration + +Available at: [https://www.powershellgallery.com/packages/xWebAdministration](https://www.powershellgallery.com/packages/xWebAdministration) + +This module contains resources which are responsible for managing IIS, which obviously play a key role in the front end server role of a SharePoint farm. +These resources can manage site configuring for tasks such as bindings, or remove the default IIS sites and app pools to reduce clutter. + + xWebAppPool RemoveDotNet2Pool { Name = ".NET v2.0"; Ensure = "Absent"; } + xWebAppPool RemoveDotNet2ClassicPool { Name = ".NET v2.0 Classic"; Ensure = "Absent"; } + xWebAppPool RemoveDotNet45Pool { Name = ".NET v4.5"; Ensure = "Absent"; } + xWebAppPool RemoveDotNet45ClassicPool { Name = ".NET v4.5 Classic"; Ensure = "Absent"; } + xWebAppPool RemoveClassicDotNetPool { Name = "Classic .NET AppPool"; Ensure = "Absent"; } + xWebAppPool RemoveDefaultAppPool { Name = "DefaultAppPool"; Ensure = "Absent"; } + xWebSite RemoveDefaultWebSite { Name = "Default Web Site"; Ensure = "Absent"; PhysicalPath = "C:\inetpub\wwwroot"; } + +## xCredSSP + +Available at [https://www.powershellgallery.com/packages/xCredSSP](https://www.powershellgallery.com/packages/xCredSSP) + +The xCredSSP module is a simple way to automate CredSSP configuration. See _[Remote sessions and the InstallAccount variable](Remote-sessions-and-the-InstallAccount-variable)_ for more information on this. + +## SChannelDsc + +Available at [https://www.powershellgallery.com/packages/SchannelDsc](https://www.powershellgallery.com/packages/SchannelDsc) + +This module can be used to configure Secure Channel (SSL/TLS) settings in Windows, like disabling SSLv3 and enabling TLSv1.2. + +## OfficeOnlineServerDsc + +Available at [https://www.powershellgallery.com/packages/OfficeOnlineServerDsc](https://www.powershellgallery.com/packages/OfficeOnlineServerDsc) + +This module can be used to install and manage [Office Online Server](https://docs.microsoft.com/en-us/officeonlineserver/office-online-server). + +## WorkflowManagerDsc + +Available at [https://www.powershellgallery.com/packages/WorkflowManagerDsc](https://www.powershellgallery.com/packages/WorkflowManagerDsc) + +This module can be used to install and manage [Workflow Manager](https://docs.microsoft.com/en-us/sharepoint/governance/install-and-configure-workflow-for-sharepoint-server#install-workflow-manager). diff --git a/SharePointDsc/WikiSource/Prerequisites.md b/SharePointDsc/WikiSource/Prerequisites.md new file mode 100644 index 000000000..a20879a70 --- /dev/null +++ b/SharePointDsc/WikiSource/Prerequisites.md @@ -0,0 +1,10 @@ +To run PowerShell DSC, you need to have PowerShell 4.0 or higher (which is included in Windows Management Framework 4.0 or higher). +This version of PowerShell is shipped with Windows Server 2012 R2, and Windows 8.1 or higher. + +To use DSC on earlier versions of Windows, install the Windows Management Framework 4.0. + +However it is strongly recommended that PowerShell 5.0 (or above) is used, as it adds support for the PsDscRunAsCredential parameter and has overall better performance and troubleshooting capabilities. + +The logic behind this is explained on the page _[Remote sessions and the InstallAccount variable](Remote-sessions-and-the-InstallAccount-variable)_ page. + +[PowerShell 5.1](https://www.microsoft.com/en-us/download/details.aspx?id=54616) includes significant improvements in Desired State Configuration and PowerShell Script Debugging. diff --git a/SharePointDsc/WikiSource/Remote-sessions-and-the-InstallAccount-variable.md b/SharePointDsc/WikiSource/Remote-sessions-and-the-InstallAccount-variable.md new file mode 100644 index 000000000..02d0da40c --- /dev/null +++ b/SharePointDsc/WikiSource/Remote-sessions-and-the-InstallAccount-variable.md @@ -0,0 +1,49 @@ +# PowerShell 4 + +In PowerShell 4, by default the normal behavior of the [local configuration manager](https://technet.microsoft.com/en-us/library/dn249922.aspx) in DSC is to execute configuration elements in the context of the local system account. +This presents an issue in a SharePoint environment as all access to SharePoint databases and resources is managed by allowing the appropriate service accounts permission to do so, and these service accounts are domain accounts, not local machine accounts. + +To get around this for the resources that manipulate SharePoint content, we need to impersonate another account to execute the commands. +This is achieved through the use of the parameter "InstallAccount", which is present in almost all of the resources in the SharePointDsc module. +The InstallAccount parameter represents the account that is responsible for the creation and management of all SharePoint resources in the farm. +It is likely to be a highly privileged account (which may include local administrator rights - so do not use an account that is also used to run services or components anywhere in SharePoint, use a dedicated account instead). + +The impersonation is managed through the use of the Invoke-Command cmdlet in PowerShell, in conjunction with creating an appropriate "remote" session through New-PSSession. +Each session that is created this way will always target "localhost" as opposed to a genuinely remote computer, but it gives us the opportunity to control the authentication for that session. +In the SharePointDsc module, we authenticate as the InstallAccount, and we specify that CredSSP is used as the authentication mechanism. + +To enable CredSSP, there is some configuration that needs to take place first, and there are two methods of doing this. + +## Option 1: Manually configure CredSSP + +You can manually configure CredSSP through the use of some PowerShell cmdlet's (and potentially group policy to configure the allowed delegate computers). Some basic instructions can be found at [https://technet.microsoft.com/en-us/magazine/ff700227.aspx](https://technet.microsoft.com/en-us/magazine/ff700227.aspx). + +### Option 2: Configure CredSSP through a DSC resource + +It is possible to use a DSC resource to configure your CredSSP settings on a server, and include this in all of your SharePoint server configurations. +This is done through the use of the [xCredSSP](https://github.com/PowerShell/xCredSSP) resource. The below example shows how this can be used. + + xCredSSP CredSSPServer { Ensure = "Present"; Role = "Server" } + xCredSSP CredSSPClient { Ensure = "Present"; Role = "Client"; DelegateComputers = $CredSSPDelegates } + +In the above example, $CredSSPDelegates can be a wildcard name (such as "*.contoso.com" to allow all servers in the contoso.com domain), or a list of specific servers (such as "server1", "server 2" to allow only specific servers). + +## PowerShell 5 + +PowerShell 5 offers a different approach to how impersonation is done. With WMF 5 installed, all DSC resources (not just those in SharePointDsc) can add a parameter called PsDscRunAsCredential. +This property tells the LCM to run that specific resource with the credential that is supplied instead of the local system account. +This removes the need to have InstallAccount on SharePointDsc resources. However, instead of removing it, logic was added that would allow you to use either InstallAccount or PsDscRunAsCredential. +The SharePointDsc resources will detect if they are running as the local system account or not and will only use a "remote" session as described above where it is needed. + +Also note that some resources in SharePointDsc still use the above described remote session technique to simulate other others regardless of whether or not PsDscRunAsCredential is used. +An example of this is _[SPUserProfileSyncService](SPUserProfileSyncService)_ which uses this approach to run as the farm account value. + +An example of how to use this property in PowerShell 5 is shown below: + + SPCacheAccounts SetCacheAccounts + { + WebAppUrl = "http://sharepoint.contoso.com" + SuperUserAlias = "DEMO\svcSPSuperUser" + SuperReaderAlias = "DEMO\svcSPReader" + PsDscRunAsCredential = $InstallAccount + } diff --git a/SharePointDsc/WikiSource/Setting-up-Central-Administration-on-HTTPS.md b/SharePointDsc/WikiSource/Setting-up-Central-Administration-on-HTTPS.md new file mode 100644 index 000000000..0280dadf5 --- /dev/null +++ b/SharePointDsc/WikiSource/Setting-up-Central-Administration-on-HTTPS.md @@ -0,0 +1,24 @@ +Setting up Central Administration on HTTPS is still not a straight forward process. Here, we describe one way to accomplish this using DSC with a choice of a couple of workarounds to ensure it stays configured properly. Starting in SharePoint 2016, the PowerShell cmdlet New-SPCentralAdministration added support for a -SecureSocketsLayer argument to initialize CA with HTTPS. This cmdlet still does not, however, support specifying a hostname to use with SNI to avoid conflicts with creating web applications on the same IP/port in IIS. So we're going to use DSC to create our farm with CA on HTTP using a high port like 9999 and then later (after creating our web apps) update the IIS binding to HTTPS with a hostname using SNI and update the AAM in SharePoint. + +For the code, please see the [SharePoint.SSL.ps1](https://github.com/PowerShell/SharePointDsc/blob/dev/Modules/SharePointDsc/Examples/Small-Farm/SharePoint.SSL.ps1) example in the Examples/Small Farm folder. + +## Workarounds + +When running the SharePoint Products Configuration Wizard (psconfigUI.exe) on the Central Administration server, it will try to reconfigure the Central Administration web application as part of the process. In most cases, it will not recognize the hostname as part of the binding and may reset the IIS HTTPS binding and add an HTTP binding and corresponding Alternate Access Mapping (AAM). + +To avoid this problem, you can use psconfig.exe from the SharePoint Management Shell instead: + +``` +PSConfig.exe -cmd upgrade -inplace b2b -wait -cmd applicationcontent -install -cmd installfeatures -cmd secureresources -cmd services -install +``` + +An alternative workaround involves removing and recreating the Central Administration web application after the farm has been provisioned. Use the following PowerShell commands in an elevated SharePoint Management Shell: + +```powershell +Remove-SPWebApplication -Identity https://admin.contoso.com -Zone Default -DeleteIISSite + +New-SPWebApplicationExtension -Identity https://admin.contoso.com -Name "SharePoint Central Administration v4" -Zone Default -HostHeader admin.contoso.com -Port 443 -SecureSocketsLayer +``` + +This method stores the IIS binding information in SharePoint so that the configuration wizard will not wipe out the existing IIS bindings when running psconfigUI.exe. + diff --git a/SharePointDsc/WikiSource/Understanding-Resources.md b/SharePointDsc/WikiSource/Understanding-Resources.md new file mode 100644 index 000000000..ca1ea656c --- /dev/null +++ b/SharePointDsc/WikiSource/Understanding-Resources.md @@ -0,0 +1,159 @@ +# Resource Types + +## Common Resources + +These resources need to be defined within every node in the farm. The parameters specify for the resources associated with Common Resources should be the same for each server (e.g. the same language packs need to be installed on all servers in the farm). As an example, the SPInstall resource, which installs the SharePoint binaries on a server, needs to be present within every node in the farm. It is not enough to have only one server with the binaries installed on in a multi-server farm. Common Resources are identified in the list below with the mention **Common**. + +## Specific Resources + +Just like the Common Resources, the Specific Resources need to be included within every node in the farm. Their only difference, compare to Common Resources, is that the resources' parameters may differ from one node to another in the farm. As an example, the SPServiceInstance resource, which allows us to enable specific services on a SharePoint Server, will be specified for each server in the farm, but with different "Ensure" value to allow certain services to be started on specific servers, but not on others. Specific Resources are identified in the list below with the mention **Specific**. + +## Distributed Resources + +This category covers the major part of the resources. Distributed Resources should ONLY be defined within ONE node in the farm. As the name states it, those are distributed which means that resources of this type are normally stored in a central database. Specifying these resources on more than one node in the farm may introduce unexpected behaviors (race condition, performance issues, etc.). For example, if you wanted to create a new Web Application using the traditional PowerShell approach, you would pick one server and run the New-SPWebApplication cmdlet on it, you would not run it on each of the servers in the farm. To define these resources, identify one server in your configuration (e.g. the first server to create/join the farm), and define all the Distributed Resources within it. Distributed Resources are identified in the list below with the mention **Distributed**. + +## Utility Resources + +Utility Resources are resources that do not generate an artefact per say. Their sole purpose is to help you initiate a check or apply a patch. As an example, the SPMinRoleCompliance resource simply returns true or false (in its Test-TargetResource function) if the services running on a server correspond to the services that are associated with its assigned MinRole. It does not enable, disable or even create any service instances. Utility Resources are identified in the list below with the mention **Utility** . + +# Available resources + +The SharePointDsc module includes the following DSC resources + +|Resource|Type|Requires CredSSP| +|--|--|--| +|_[SPAccessServiceApp](SPAccessServiceApp)_ | Distributed | - | +|_[SPAccessServices2010](SPAccessServices2010)_ | Distributed | - | +|_[SPAlternateUrl](SPAlternateUrl)_ | Distributed | - | +|_[SPAntivirusSettings](SPAntivirusSettings)_ | Distributed | - | +|_[SPAppCatalog](SPAppCatalog)_ | Distributed | Yes | +|_[SPAppDomain](SPAppDomain)_ | Distributed | - | +|_[SPAppManagementServiceApp](SPAppManagementServiceApp)_ | Distributed | - | +|_[SPAppStoreSettings](SPAppStoreSettings)_ | Distributed | - | +|_[SPAuthenticationRealm](SPAuthenticationRealm)_ | Distributed | - | +|_[SPAzureAccessControlServiceAppProxy](SPAzureAccessControlServiceAppProxy)_ | Distributed | - | +|_[SPBCSServiceApp](SPBCSServiceApp)_ | Distributed | - | +|_[SPBlobCacheSettings](SPBlobCacheSettings)_ | Specific | - | +|_[SPCacheAccounts](SPCacheAccounts)_ | Distributed | - | +|_[SPCertificate](SPCertificate)_ | Distributed | - | +|_[SPCertificateSettings](SPCertificate)_ | Distributed | - | +|_[SPConfigWizard](SPConfigWizard)_ | Utility | - | +|_[SPContentDatabase](SPContentDatabase)_ | Distributed | - | +|_[SPDatabaseAAG](SPDatabaseAAG)_ | Distributed | - | +|_[SPDesignerSettings](SPDesignerSettings)_ | Distributed | - | +|_[SPDiagnosticLoggingSettings](SPDiagnosticLoggingSettings)_ | Distributed | - | +|_[SPDiagnosticsProvider](SPDiagnosticsProvider)_ | Distributed | - | +|_[SPDistributedCacheClientSettings](SPDistributedCacheClientSettings)_ | Distributed | - | +|_[SPDistributedCacheService](SPDistributedCacheService)_ | Specific | - | +|_[SPDocIcon](SPDocIcon)_ | Common | - | +|_[SPExcelServiceApp](SPExcelServiceApp)_ | Distributed | - | +|_[SPFarm](SPFarm)_ | Specific | - | +|_[SPFarmAdministrators](SPFarmAdministrators)_ | Distributed | - | +|_[SPFarmPropertyBag](SPFarmPropertyBag)_ | Distributed | - | +|_[SPFarmSolution](SPFarmSolution)_ | Distributed | - | +|_[SPFeature](SPFeature)_ | Distributed | - | +|_[SPHealthAnalyzerRuleState](SPHealthAnalyzerRuleState)_ | Distributed | - | +|_[SPIncomingEmailSettings](SPIncomingEmailSettings)_ | Distributed | - | +|_[SPInfoPathFormsServiceConfig](SPInfoPathFormsServiceConfig)_ | Distributed | - | +|_[SPInstall](SPInstall)_ | Common | - | +|_[SPInstallLanguagePack](SPInstallLanguagePack)_ | Common | - | +|_[SPInstallPrereqs](SPInstallPrereqs)_ | Common | - | +|_[SPIrmSettings](SPIrmSettings)_ | Distributed | - | +|_[SPLogLevel](SPLogLevel)_ | Distributed | - | +|_[SPMachineTranslationServiceApp](SPMachineTranslationServiceApp)_ | Distributed | - | +|_[SPManagedAccount](SPManagedAccount)_ | Distributed | - | +|_[SPManagedMetaDataServiceApp](SPManagedMetaDataServiceApp)_ | Distributed | - | +|_[SPManagedMetaDataServiceAppDefault](SPManagedMetaDataServiceAppDefault)_ | Distributed | - | +|_[SPManagedPath](SPManagedPath)_ | Distributed | - | +|_[SPMinRoleCompliance](SPMinRoleCompliance)_ | Utility | - | +|_[SPOAppPrincipalMgmtServiceAppProxy](SPOAppPrincipalMgmtServiceAppProxy)_ | Distributed | - | +|_[SPOfficeOnlineServerBinding](SPOfficeOnlineServerBinding)_ | Distributed | - | +|_[SPOfficeOnlineServerSupressionSettings](SPOfficeOnlineServerSupressionSettings)_ | Distributed | - | +|_[SPOutgoingEmailSettings](SPOutgoingEmailSettings)_ | Distributed | - | +|_[SPPasswordChangeSettings](SPPasswordChangeSettings)_ | Distributed | - | +|_[SPPerformancePointServiceApp](SPPerformancePointServiceApp)_ | Distributed | - | +|_[SPPowerPointAutomationServiceApp](SPPowerPointAutomationServiceApp)_ | Distributed | - | +|_[SPProductUpdate](SPProductUpdate)_ | Common | - | +|_[SPProjectServerAdditionalSettings](SPProjectServerAdditionalSettings)_ | Distributed | - | +|_[SPProjectServerADResourcePoolSync](SPProjectServerADResourcePoolSync)_ | Distributed | - | +|_[SPProjectServerGlobalPermissions](SPProjectServerGlobalPermissions)_ | Distributed | - | +|_[SPProjectServerGroup](SPProjectServerGroup)_ | Distributed | - | +|_[SPProjectServerLicense](SPProjectServerLicense)_ | Distributed | - | +|_[SPProjectServerPermissionMode](SPProjectServerPermissionMode)_ | Distributed | - | +|_[SPProjectServerServiceApp](SPProjectServerServiceApp)_ | Distributed | - | +|_[SPProjectServerTimeSheetSettings](SPProjectServerTimeSheetSettings)_ | Distributed | - | +|_[SPProjectServerUserSyncSettings](SPProjectServerUserSyncSettings)_ | Distributed | - | +|_[SPProjectServerWssSettings](SPProjectServerWssSettings)_ | Distributed | - | +|_[SPPublishServiceApplication](SPPublishServiceApplication)_ | Distributed | - | +|_[SPQuotaTemplate](SPQuotaTemplate)_ | Distributed | - | +|_[SPRemoteFarmTrust](SPRemoteFarmTrust)_ | Distributed | - | +|_[SPSearchAuthoritivePage](SPSearchAuthoritivePage)_ | Distributed | - | +|_[SPSearchContentSource](SPSearchContentSource)_ | Distributed | - | +|_[SPSearchCrawlerImpactRule](SPSearchCrawlerImpactRule)_ | Distributed | - | +|_[SPSearchCrawlMapping](SPSearchCrawlMapping)_ | Distributed | - | +|_[SPSearchCrawlRule](SPSearchCrawlRule)_ | Distributed | - | +|_[SPSearchFileType](SPSearchFileType)_ | Distributed | - | +|_[SPSearchIndexPartition](SPSearchIndexPartition)_ | Distributed | - | +|_[SPSearchManagedProperty](SPSearchManagedProperty)_ | Distributed | - | +|_[SPSearchMetadataCategory](SPSearchMetadataCategory)_ | Distributed | - | +|_[SPSearchResultSource](SPSearchResultSource)_ | Distributed | - | +|_[SPSearchServiceApp](SPSearchServiceApp)_ | Distributed | - | +|_[SPSearchServiceSettings](SPSearchServiceSettings)_ | Distributed | - | +|_[SPSearchTopology](SPSearchTopology)_ | Distributed | - | +|_[SPSecureStoreServiceApp](SPSecureStoreServiceApp)_ | Distributed | - | +|_[SPSecurityTokenServiceConfig](SPSecurityTokenServiceConfig)_ | Distributed | - | +|_[SPSelfServiceSiteCreation](SPSelfServiceSiteCreation)_ | Distributed | - | +|_[SPService](SPService)_ | Distributed | - | +|_[SPServiceAppPool](SPServiceAppPool)_ | Distributed | - | +|_[SPServiceAppProxyGroup](SPServiceAppProxyGroup)_ | Distributed | - | +|_[SPServiceAppSecurity](SPServiceAppSecurity)_ | Distributed | - | +|_[SPServiceIdentity](SPServiceIdentity)_ | Distributed | - | +|_[SPServiceInstance](SPServiceInstance)_ | Specific | - | +|_[SPSessionStateService](SPSessionStateService)_ | Distributed | - | +|_[SPShellAdmins](SPShellAdmins)_ | Distributed | - | +|_[SPSite](SPSite)_ | Distributed | - | +|_[SPSitePropertyBag](SPSitePropertyBag)_ | Distributed | - | +|_[SPSiteUrl](SPSiteUrl)_ | Distributed | - | +|_[SPStateServiceApp](SPStateServiceApp)_ | Distributed | - | +|_[SPSubscriptionSettingsServiceApp](SPSubscriptionSettingsServiceApp)_ | Distributed | - | +|_[SPTimerJobState](SPTimerJobState)_ | Distributed | - | +|_[SPTrustedIdentityTokenIssuer](SPTrustedIdentityTokenIssuer)_ | Distributed | - | +|_[SPTrustedIdentityTokenIssuerProviderRealms](SPTrustedIdentityTokenIssuerProviderRealms)_ | Distributed | - | +|_[SPTrustedRootAuthority](SPTrustedRootAuthority)_ | Distributed | - | +|_[SPTrustedSecurityTokenIssuer](SPTrustedSecurityTokenIssuer)_ | Distributed | - | +|_[SPUsageApplication](SPUsageApplication)_ | Distributed | - | +|_[SPUsageDefinition](SPUsageDefinition)_ | Distributed | - | +|_[SPUserProfileProperty](SPUserProfileProperty)_ | Distributed | - | +|_[SPUserProfileSection](SPUserProfileSection)_ | Distributed | - | +|_[SPUserProfileServiceApp](SPUserProfileServiceApp)_ | Distributed | - | Yes | +|_[SPUserProfileServiceAppPermissions](SPUserProfileServiceAppPermissions)_ | Distributed | - | +|_[SPUserProfileSyncConnection](SPUserProfileSyncConnection)_ | Distributed | - | +|_[SPUserProfileSyncService](SPUserProfileSyncService)_ | Specific | Yes | +|_[SPVisioServiceApp](SPVisioServiceApp)_ | Distributed | - | +|_[SPWeb](SPWeb)_ | Distributed | - | +|_[SPWebAppAuthentication](SPWebAppAuthentication)_ | Distributed | - | +|_[SPWebAppBlockedFileTypes](SPWebAppBlockedFileTypes)_ | Distributed | - | +|_[SPWebAppClientCallableSettings](SPWebAppClientCallableSettings)_ | Distributed | - | +|_[SPWebAppGeneralSettings](SPWebAppGeneralSettings)_ | Distributed | - | +|_[SPWebAppHttpThrottlingMonitor](SPWebAppHttpThrottlingMonitor)_ | Distributed | - | +|_[SPWebApplication](SPWebApplication)_ | Distributed | - | +|_[SPWebApplicationAppDomain](SPWebApplicationAppDomain)_ | Distributed | - | +|_[SPWebApplicationExtension](SPWebApplicationExtension)_ | Distributed | - | +|_[SPWebAppPeoplePickerSettings](SPWebAppPeoplePickerSettings)_ | Distributed | - | +|_[SPWebAppPermissions](SPWebAppPermissions)_ | Distributed | - | +|_[SPWebAppPolicy](SPWebAppPolicy)_ | Distributed | - | +|_[SPWebAppPropertyBag](SPWebAppPropertyBag)_ | Distributed | - | +|_[SPWebAppProxyGroup](SPWebAppProxyGroup)_ | Distributed | - | +|_[SPWebAppSiteUseAndDeletion](SPWebAppSiteUseAndDeletion)_ | Distributed | - | +|_[SPWebAppSuiteBar](SPWebAppSuiteBar)_ | Distributed | - | +|_[SPWebAppThrottlingSettings](SPWebAppThrottlingSettings)_ | Distributed | - | +|_[SPWebAppWorkflowSettings](SPWebAppWorkflowSettings)_ | Distributed | - | +|_[SPWordAutomationServiceApp](SPWordAutomationServiceApp)_ | Distributed | - | +|_[SPWorkflowService](SPWorkflowService)_ | Distributed | - | +|_[SPWorkManagementServiceApp](SPWorkManagementServiceApp)_ | Distributed | - | + +## Using the Script resource in configurations with SharePointDsc + +Check-out this [article](Using-the-Script-resource-in-configurations-that-use-SharePointDsc) if you want to use the Script resource to implement custom functionality that is not included in SharePointDsc. + +> Of course you can also create an issue in the issue list to request the functionality to be added. Sharing code that you already have will greatly speed up the development effort. diff --git a/SharePointDsc/WikiSource/Using-CredSSP-on-a-Domain-Controller.md b/SharePointDsc/WikiSource/Using-CredSSP-on-a-Domain-Controller.md new file mode 100644 index 000000000..44635e555 --- /dev/null +++ b/SharePointDsc/WikiSource/Using-CredSSP-on-a-Domain-Controller.md @@ -0,0 +1,25 @@ +When you are trying to use the resources that require CredSSP, you can run into issues when deploying to a single server which is also a domain controller. + +> **NOTE:** Installing SharePoint on a domain controller should not be done in Production scenarios! + +Even though you configured CredSSP as required, you can run into the following error message: +``` +Test-WSMan : The WinRM client cannot process the request. A computer policy does not allow the delegation of the user credentials to the target computer because the computer is not trusted. The identity of the t +arget computer can be verified if you configure the WSMAN service to use a valid certificate using the following command: winrm set winrm/config/service @{CertificateThumbprint="<thumbprint>"} Or you can check the Event Viewer for an event that specifies that the following SPN could not be created: WSMAN/<computerFQDN>. If you find + this event, you can manually create the SPN using setspn.exe . If the SPN exists, but CredSSP cannot use Kerberos to validate the identity of the target computer and you still want to allow the delegation of the user credentials to the target computer, use gpedit.msc and look at the following policy: Computer Configuration -> Administrativ +e Templates -> System -> Credentials Delegation -> Allow Fresh Credentials with NTLM-only Server Authentication. Verify that it is enabled and configured with an SPN appropriate for the target computer. For example, for a target computer name "myserver.domain.com", the SPN can be one of the following: WSMAN/myserver.domain.com or WSMA +N/*.domain.com. Try the request again after these changes. +At line:1 char:1 ++ Test-WSMan -Authentication Credssp -ComputerName Server1 -Credential ... ++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + CategoryInfo : InvalidOperation: (Server1:String) [Test-WSMan], InvalidOperationException + + FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.TestWSManCommand +``` + +You can resolve this issue by configuring Service Principal Names in Active Directory for the server: +``` +setspn -S wsman/server1.domain.com server1 +setspn -S wsman/server1 server1 +``` + +After configuring these SPNs, CredSSP will run as expected again! diff --git a/SharePointDsc/WikiSource/Using-the-Script-resource-in-configurations-that-use-SharePointDsc.md b/SharePointDsc/WikiSource/Using-the-Script-resource-in-configurations-that-use-SharePointDsc.md new file mode 100644 index 000000000..82d2606d3 --- /dev/null +++ b/SharePointDsc/WikiSource/Using-the-Script-resource-in-configurations-that-use-SharePointDsc.md @@ -0,0 +1,19 @@ +In some circumstances you may find yourself needing to use a [Script resource](https://msdn.microsoft.com/en-us/powershell/dsc/scriptresource) to be able to perform a function that is not included in SharePointDsc. If your script resource needs to add the SharePoint snap-in you may find that this will cause issues with other resources provided by SharePointDsc (as discussed in in [this issue](https://github.com/PowerShell/SharePointDsc/issues/566)). To work around this, it is recommended that instead of loading the snap-in yourself you use the Invoke-SPDscCommand helper to achieve this. This helper method will load the snap-in for you in the same way that the native resources of SharePointDsc do, and will avoid conflicts with it being loaded multiple times. + +An example of this in a script resources is shown below: + +```PowerShell +Script SPDscExample +{ + GetScript = { + Invoke-SPDscCommand -ScriptBlock { + # your code goes here + $params = $args[0] + Write-Verbose $params.Foo + } -Arguments @{ Foo = "Bar" } -Credentials (Get-Credentials) + } + ... +} +``` + +If you need to pass a credential or additional arguments, you can use the -Credential and -Arguments parameters for these purposes also. diff --git a/SharePointDsc/WikiSource/_Footer.md b/SharePointDsc/WikiSource/_Footer.md new file mode 100644 index 000000000..825189b8f --- /dev/null +++ b/SharePointDsc/WikiSource/_Footer.md @@ -0,0 +1 @@ +![SharePointDSC](media/footer.png "SharePointDsc") diff --git a/SharePointDsc/WikiSource/_Sidebar.md b/SharePointDsc/WikiSource/_Sidebar.md new file mode 100644 index 000000000..de65a4118 --- /dev/null +++ b/SharePointDsc/WikiSource/_Sidebar.md @@ -0,0 +1,14 @@ +# SharePointDsc Module + +- _[Home](Home)_ +- _[Getting Started](Getting-Started)_ +- _[Pre-requisites](Prerequisites)_ +- _[Installing the module](Installing-the-module)_ +- _[Exporting SharePoint Configuration](Export-SharePoint-Configuration)_ +- _[Creating Configuration Files](Creating-Configuration-Files)_ +- _[Pre-created Examples](https://github.com/dsccommunity/SharePointDsc/tree/master/SharePointDsc/Examples)_ +- _[Creating an Azure development environment](Creating-an-Azure-development-environment)_ +- _[Understanding Resources & Syntax](Understanding-Resources)_ +- _[Remote PowerShell Authentication](Remote-sessions-and-the-InstallAccount-variable)_ +- _[Contributing to SharePointDsc](Contributing-to-SharePointDsc)_ +- _[Other useful modules for SharePoint DSC configurations](Other-useful-modules-for-SharePoint-DSC-configurations)_ diff --git a/SharePointDsc/WikiSource/media/ExportGUI.png b/SharePointDsc/WikiSource/media/ExportGUI.png new file mode 100644 index 000000000..0df2c9153 Binary files /dev/null and b/SharePointDsc/WikiSource/media/ExportGUI.png differ diff --git a/SharePointDsc/WikiSource/media/footer.png b/SharePointDsc/WikiSource/media/footer.png new file mode 100644 index 000000000..7d3e0e198 Binary files /dev/null and b/SharePointDsc/WikiSource/media/footer.png differ diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 458b5c194..afc0c992e 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -72,7 +72,7 @@ stages: inputs: buildType: 'current' artifactName: $(buildArtifactName) - targetPath: '$(Build.SourcesDirectory)/$(buildArtifactName)' + targetPath: '$(Build.SourcesDirectory)/$(buildFolderName)' - task: PowerShell@2 name: test @@ -101,7 +101,7 @@ stages: inputs: buildType: 'current' artifactName: $(buildArtifactName) - targetPath: '$(Build.SourcesDirectory)/$(buildArtifactName)' + targetPath: '$(Build.SourcesDirectory)/$(buildFolderName)' - task: PowerShell@2 name: test displayName: 'Run Unit Test for SP2013' @@ -136,7 +136,7 @@ stages: inputs: buildType: 'current' artifactName: $(buildArtifactName) - targetPath: '$(Build.SourcesDirectory)/$(buildArtifactName)' + targetPath: '$(Build.SourcesDirectory)/$(buildFolderName)' - task: PowerShell@2 name: test @@ -172,7 +172,7 @@ stages: inputs: buildType: 'current' artifactName: $(buildArtifactName) - targetPath: '$(Build.SourcesDirectory)/$(buildArtifactName)' + targetPath: '$(Build.SourcesDirectory)/$(buildFolderName)' - task: PowerShell@2 name: test displayName: 'Run Unit Test for SP2019' @@ -207,7 +207,7 @@ stages: inputs: buildType: 'current' artifactName: $(buildArtifactName) - targetPath: '$(Build.SourcesDirectory)/$(buildArtifactName)' + targetPath: '$(Build.SourcesDirectory)/$(buildFolderName)' - task: PowerShell@2 name: test displayName: 'Run Unit Test for SPSE' @@ -254,7 +254,7 @@ stages: inputs: buildType: 'current' artifactName: $(buildArtifactName) - targetPath: '$(Build.SourcesDirectory)/$(buildArtifactName)' + targetPath: '$(Build.SourcesDirectory)/$(buildFolderName)' - task: DownloadPipelineArtifact@2 displayName: 'Download Test Artifact SP2013' diff --git a/build.ps1 b/build.ps1 index 360d1c784..19da5e425 100644 --- a/build.ps1 +++ b/build.ps1 @@ -27,7 +27,10 @@ 'output/RequiredModules'. .PARAMETER PesterScript - Not yet written. + One or more paths that will override the Pester configuration in build + configuration file when running the build task Invoke_Pester_Tests. + + If running Pester 5 test, use the alias PesterPath to be future-proof. .PARAMETER PesterTag Filter which tags to run when invoking Pester tests. This is used in the @@ -85,6 +88,8 @@ param $RequiredModulesDirectory = $(Join-Path 'output' 'RequiredModules'), [Parameter()] + # This alias is to prepare for the rename of this parameter to PesterPath when Pester 4 support is removed + [Alias('PesterPath')] [System.Object[]] $PesterScript, @@ -219,6 +224,38 @@ process Set-BuildHeader -Script ([scriptblock]::Create($BuildInfo.TaskHeader)) } + <# + Add BuildModuleOutput to PSModule Path environment variable. + Moved here (not in begin block) because build file can contains BuiltSubModuleDirectory value. + #> + if ($BuiltModuleSubdirectory) + { + if (-not (Split-Path -IsAbsolute -Path $BuiltModuleSubdirectory)) + { + $BuildModuleOutput = Join-Path -Path $OutputDirectory -ChildPath $BuiltModuleSubdirectory + } + else + { + $BuildModuleOutput = $BuiltModuleSubdirectory + } + } # test if BuiltModuleSubDirectory set in build config file + elseif ($BuildInfo.ContainsKey('BuiltModuleSubDirectory')) + { + $BuildModuleOutput = Join-Path -Path $OutputDirectory -ChildPath $BuildInfo['BuiltModuleSubdirectory'] + } + else + { + $BuildModuleOutput = $OutputDirectory + } + + # Pre-pending $BuildModuleOutput folder to PSModulePath to resolve built module from this folder. + if ($powerShellModulePaths -notcontains $BuildModuleOutput) + { + Write-Host -Object "[build] Pre-pending '$BuildModuleOutput' folder to PSModulePath" -ForegroundColor Green + + $env:PSModulePath = $BuildModuleOutput + [System.IO.Path]::PathSeparator + $env:PSModulePath + } + <# Import Tasks from modules via their exported aliases when defined in Build Manifest. https://github.com/nightroman/Invoke-Build/tree/master/Tasks/Import#example-2-import-from-a-module-with-tasks @@ -403,30 +440,6 @@ Begin } } - if ($BuiltModuleSubdirectory) - { - if (-not (Split-Path -IsAbsolute -Path $BuiltModuleSubdirectory)) - { - $BuildModuleOutput = Join-Path -Path $OutputDirectory -ChildPath $BuiltModuleSubdirectory - } - else - { - $BuildModuleOutput = $BuiltModuleSubdirectory - } - } - else - { - $BuildModuleOutput = $OutputDirectory - } - - # Pre-pending $BuildModuleOutput folder to PSModulePath to resolve built module from this folder. - if ($powerShellModulePaths -notcontains $BuildModuleOutput) - { - Write-Host -Object "[pre-build] Pre-pending '$BuildModuleOutput' folder to PSModulePath" -ForegroundColor Green - - $env:PSModulePath = $BuildModuleOutput + [System.IO.Path]::PathSeparator + $env:PSModulePath - } - <# The variable $PSDependTarget will be used below when building the splatting variable before calling Resolve-Dependency.ps1, unless overridden in the diff --git a/build.yaml b/build.yaml index f70c953b5..b5c8db7bb 100644 --- a/build.yaml +++ b/build.yaml @@ -52,13 +52,13 @@ BuildWorkflow: # code coverage files and needs to get merged into one file. #- Merge_CodeCoverage_Files - merge: - Merge_CodeCoverage_Files publish: - Publish_Release_To_GitHub - Publish_Module_To_Gallery + - Publish_GitHub_Wiki_Content #################################################### # PESTER Configuration # diff --git a/tests/Unit/SharePointDsc/SharePointDsc.SPLogLevel.Tests.ps1 b/tests/Unit/SharePointDsc/SharePointDsc.SPLogLevel.Tests.ps1 index ac896144f..c5fe85f9a 100644 --- a/tests/Unit/SharePointDsc/SharePointDsc.SPLogLevel.Tests.ps1 +++ b/tests/Unit/SharePointDsc/SharePointDsc.SPLogLevel.Tests.ps1 @@ -49,7 +49,7 @@ try InModuleScope -ModuleName $script:DSCResourceFullName -ScriptBlock { Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { BeforeAll { - Invoke-Command -ScriptBlock $Global:SPDscHelper.InitializeScript -NoNewScope + Invoke-Command -Scriptblock $Global:SPDscHelper.InitializeScript -NoNewScope # Mocks for all contexts Mock -CommandName Set-SPLogLevel -MockWith { } @@ -966,7 +966,7 @@ try Name = "Export"; PsDscRunAsCredential = $Credsspfarm; SPLogLevelSetting = @( - MSFT_SPLogLevelItem {TraceLevel="Default"; Name="Administration"; EventLevel="Default"; Area="Access Services"}, + MSFT_SPLogLevelItem {TraceLevel="Default"; Name="Administration"; EventLevel="Default"; Area="Access Services"} MSFT_SPLogLevelItem {TraceLevel="Default"; Name="General"; EventLevel="Default"; Area="SharePoint Server"} ); } diff --git a/tests/Unit/SharePointDsc/SharePointDsc.SPWebAppPeoplePickerSettings.Tests.ps1 b/tests/Unit/SharePointDsc/SharePointDsc.SPWebAppPeoplePickerSettings.Tests.ps1 index f10ece39a..c45ea920d 100644 --- a/tests/Unit/SharePointDsc/SharePointDsc.SPWebAppPeoplePickerSettings.Tests.ps1 +++ b/tests/Unit/SharePointDsc/SharePointDsc.SPWebAppPeoplePickerSettings.Tests.ps1 @@ -49,7 +49,7 @@ try InModuleScope -ModuleName $script:DSCResourceFullName -ScriptBlock { Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { BeforeAll { - Invoke-Command -ScriptBlock $Global:SPDscHelper.InitializeScript -NoNewScope + Invoke-Command -Scriptblock $Global:SPDscHelper.InitializeScript -NoNewScope # Initialize tests $mockPassword = ConvertTo-SecureString -String "password" -AsPlainText -Force @@ -57,7 +57,8 @@ try -ArgumentList @("username", $mockPassword) try - { [Microsoft.SharePoint.Administration.SPPeoplePickerSearchActiveDirectoryDomain] + { + [Microsoft.SharePoint.Administration.SPPeoplePickerSearchActiveDirectoryDomain] } catch { @@ -135,42 +136,43 @@ try WebAppUrl = "http://sharepoint.contoso.com" SearchActiveDirectoryDomains = @( (New-CimInstance -ClassName MSFT_SPWebAppPPSearchDomain -Property @{ - FQDN = "contoso.intra" - IsForest = $false - AccessAccount = (New-CimInstance -ClassName MSFT_Credential ` - -Property @{ - Username = [string]$mockAccount.UserName; - Password = [string]$mockAccount.Password; - } ` - -Namespace root/microsoft/windows/desiredstateconfiguration ` - -ClientOnly) - } -ClientOnly) + FQDN = "contoso.intra" + IsForest = $false + AccessAccount = (New-CimInstance -ClassName MSFT_Credential ` + -Property @{ + Username = [string]$mockAccount.UserName; + Password = [string]$mockAccount.Password; + } ` + -Namespace root/microsoft/windows/desiredstateconfiguration ` + -ClientOnly) + } -ClientOnly) ) } Mock -CommandName Get-SPWebApplication -MockWith { $searchADdom = New-Object -TypeName "System.Collections.Generic.List[System.Object]" $searchDom1 = New-Object -TypeName "Object" | ` - Add-Member -MemberType NoteProperty ` - -Name DomainName ` - -Value ( "contosonew.intra" ) -PassThru | ` - Add-Member -MemberType NoteProperty ` - -Name IsForest ` - -Value ( $false ) -PassThru | ` - Add-Member -MemberType NoteProperty ` - -Name LoginName ` - -Value ( $mockAccount.UserName ) -PassThru + Add-Member -MemberType NoteProperty ` + -Name DomainName ` + -Value ( "contosonew.intra" ) -PassThru | ` + Add-Member -MemberType NoteProperty ` + -Name IsForest ` + -Value ( $false ) -PassThru | ` + Add-Member -MemberType NoteProperty ` + -Name LoginName ` + -Value ( $mockAccount.UserName ) -PassThru $searchADdom.Add($searchDom1) $returnval = @{ PeoplePickerSettings = @{ - ActiveDirectoryCustomFilter = "()" - ActiveDirectoryCustomQuery = "()" - ActiveDirectorySearchTimeout = @{ + ActiveDirectoryCustomFilter = "()" + ActiveDirectoryCustomQuery = "()" + ActiveDirectorySearchTimeout = @{ TotalSeconds = 10 } - OnlySearchWithinSiteCollection = $true - SearchActiveDirectoryDomains = $searchADdom + OnlySearchWithinSiteCollection = $true + PeopleEditorOnlyResolveWithinSiteCollection = $true + SearchActiveDirectoryDomains = $searchADdom } } $returnval = $returnval | Add-Member -MemberType ScriptMethod -Name Update -Value { @@ -199,36 +201,38 @@ try Context -Name "Settings do not match actual values" -Fixture { BeforeAll { $testParams = @{ - WebAppUrl = "http://sharepoint.contoso.com" - ActiveDirectoryCustomFilter = $null - ActiveDirectoryCustomQuery = $null - ActiveDirectorySearchTimeout = 30 - OnlySearchWithinSiteCollection = $false + WebAppUrl = "http://sharepoint.contoso.com" + ActiveDirectoryCustomFilter = $null + ActiveDirectoryCustomQuery = $null + ActiveDirectorySearchTimeout = 30 + OnlySearchWithinSiteCollection = $false + PeopleEditorOnlyResolveWithinSiteCollection = $false } Mock -CommandName Get-SPWebApplication -MockWith { $searchADdom = New-Object -TypeName "System.Collections.Generic.List[System.Object]" $searchDom1 = New-Object -TypeName "Object" | ` - Add-Member -MemberType NoteProperty ` - -Name DomainName ` - -Value ( "contoso.intra" ) -PassThru | ` - Add-Member -MemberType NoteProperty ` - -Name IsForest ` - -Value ( $false ) -PassThru | ` - Add-Member -MemberType NoteProperty ` - -Name LoginName ` - -Value ( $mockAccount.UserName ) -PassThru + Add-Member -MemberType NoteProperty ` + -Name DomainName ` + -Value ( "contoso.intra" ) -PassThru | ` + Add-Member -MemberType NoteProperty ` + -Name IsForest ` + -Value ( $false ) -PassThru | ` + Add-Member -MemberType NoteProperty ` + -Name LoginName ` + -Value ( $mockAccount.UserName ) -PassThru $searchADdom.Add($searchDom1) $returnval = @{ PeoplePickerSettings = @{ - ActiveDirectoryCustomFilter = "()" - ActiveDirectoryCustomQuery = "()" - ActiveDirectorySearchTimeout = @{ + ActiveDirectoryCustomFilter = "()" + ActiveDirectoryCustomQuery = "()" + ActiveDirectorySearchTimeout = @{ TotalSeconds = 10 } - OnlySearchWithinSiteCollection = $true - SearchActiveDirectoryDomains = $searchADdom + OnlySearchWithinSiteCollection = $true + PeopleEditorOnlyResolveWithinSiteCollection = $true + SearchActiveDirectoryDomains = $searchADdom } } $returnval = $returnval | Add-Member -MemberType ScriptMethod -Name Update -Value { @@ -260,42 +264,43 @@ try WebAppUrl = "http://sharepoint.contoso.com" SearchActiveDirectoryDomains = @( (New-CimInstance -ClassName MSFT_SPWebAppPPSearchDomain -Property @{ - FQDN = "contoso.intra" - IsForest = $false - AccessAccount = (New-CimInstance -ClassName MSFT_Credential ` - -Property @{ - Username = [string]$mockAccount.UserName; - Password = [string]$mockAccount.Password; - } ` - -Namespace root/microsoft/windows/desiredstateconfiguration ` - -ClientOnly) - } -ClientOnly) + FQDN = "contoso.intra" + IsForest = $false + AccessAccount = (New-CimInstance -ClassName MSFT_Credential ` + -Property @{ + Username = [string]$mockAccount.UserName; + Password = [string]$mockAccount.Password; + } ` + -Namespace root/microsoft/windows/desiredstateconfiguration ` + -ClientOnly) + } -ClientOnly) ) } Mock -CommandName Get-SPWebApplication -MockWith { $searchADdom = New-Object -TypeName "System.Collections.Generic.List[System.Object]" $searchDom1 = New-Object -TypeName "Object" | ` - Add-Member -MemberType NoteProperty ` - -Name DomainName ` - -Value ( "contoso.intra" ) -PassThru | ` - Add-Member -MemberType NoteProperty ` - -Name IsForest ` - -Value ( $false ) -PassThru | ` - Add-Member -MemberType NoteProperty ` - -Name LoginName ` - -Value ( $mockAccount.UserName ) -PassThru + Add-Member -MemberType NoteProperty ` + -Name DomainName ` + -Value ( "contoso.intra" ) -PassThru | ` + Add-Member -MemberType NoteProperty ` + -Name IsForest ` + -Value ( $false ) -PassThru | ` + Add-Member -MemberType NoteProperty ` + -Name LoginName ` + -Value ( $mockAccount.UserName ) -PassThru $searchADdom.Add($searchDom1) $returnval = @{ PeoplePickerSettings = @{ - ActiveDirectoryCustomFilter = "()" - ActiveDirectoryCustomQuery = "()" - ActiveDirectorySearchTimeout = @{ + ActiveDirectoryCustomFilter = "()" + ActiveDirectoryCustomQuery = "()" + ActiveDirectorySearchTimeout = @{ TotalSeconds = 10 } - OnlySearchWithinSiteCollection = $true - SearchActiveDirectoryDomains = $searchADdom + OnlySearchWithinSiteCollection = $true + PeopleEditorOnlyResolveWithinSiteCollection = $true + SearchActiveDirectoryDomains = $searchADdom } } $returnval = $returnval | Add-Member -MemberType ScriptMethod -Name Update -Value { @@ -329,13 +334,14 @@ try Mock -CommandName Get-SPWebApplication -MockWith { $returnval = @{ PeoplePickerSettings = @{ - ActiveDirectoryCustomFilter = $null - ActiveDirectoryCustomQuery = $null - ActiveDirectorySearchTimeout = @{ + ActiveDirectoryCustomFilter = $null + ActiveDirectoryCustomQuery = $null + ActiveDirectorySearchTimeout = @{ TotalSeconds = 30 } - OnlySearchWithinSiteCollection = $false - SearchActiveDirectoryDomains = @() + OnlySearchWithinSiteCollection = $false + PeopleEditorOnlyResolveWithinSiteCollection = $true + SearchActiveDirectoryDomains = @() } } $returnval = $returnval | Add-Member -MemberType ScriptMethod -Name Update -Value { diff --git a/tests/Unit/SharePointDsc/SharePointDsc.SPWebAppPolicy.Tests.ps1 b/tests/Unit/SharePointDsc/SharePointDsc.SPWebAppPolicy.Tests.ps1 index 4694c6b99..1a3bafb30 100644 --- a/tests/Unit/SharePointDsc/SharePointDsc.SPWebAppPolicy.Tests.ps1 +++ b/tests/Unit/SharePointDsc/SharePointDsc.SPWebAppPolicy.Tests.ps1 @@ -1768,7 +1768,7 @@ try Username = 'contoso\\user1' PermissionLevel = 'Full Control' ActAsSystemAccount = \$True - }, + } MSFT_SPWebPolicyPermissions { Username = 'contoso\\Group 1' PermissionLevel = 'Full Read' diff --git a/tests/Unit/SharePointDsc/SharePointDsc.SPWebApplication.Tests.ps1 b/tests/Unit/SharePointDsc/SharePointDsc.SPWebApplication.Tests.ps1 index 71abe6c99..e6fc32b0e 100644 --- a/tests/Unit/SharePointDsc/SharePointDsc.SPWebApplication.Tests.ps1 +++ b/tests/Unit/SharePointDsc/SharePointDsc.SPWebApplication.Tests.ps1 @@ -50,7 +50,7 @@ try InModuleScope -ModuleName $script:DSCResourceFullName -ScriptBlock { Describe -Name $Global:SPDscHelper.DescribeHeader -Fixture { BeforeAll { - Invoke-Command -ScriptBlock $Global:SPDscHelper.InitializeScript -NoNewScope + Invoke-Command -Scriptblock $Global:SPDscHelper.InitializeScript -NoNewScope # Initialize tests try @@ -1949,7 +1949,7 @@ try MSFT_SPWebAppSiteDataServers { Zone = 'Default' Uri = 'http://spbackend' - }, + } MSFT_SPWebAppSiteDataServers { Zone = 'Intranet' Uri = 'http://spbackend2'