Fixin several errors after testing live the modules

vreguibar · Jun 30, 2022 · 4b45b3e · 4b45b3e
1 parent d15f666
commit 4b45b3e
Show file tree

Hide file tree

Showing 5 changed files with 91 additions and 46 deletions.
diff --git a/Public/Grant-NTFSPermission.ps1 b/Public/Grant-NTFSPermission.ps1
@@ -5,11 +5,13 @@ function Grant-NTFSPermission {
         .DESCRIPTION
             Function to Add NTFS permissions to a folder
         .EXAMPLE
-            Grant-NTFSPermissions path object permission
-        .INPUTS
-            Param1 path:......... The path to the folder
-            Param2 object:....... the identity which will get the permissions
-            Param3 permission:... the permissions to be modified
+            Grant-NTFSPermission -Path 'C:\Shares' -Object 'TheGood' -Permissions 'FullControl'
+        .PARAMETER path
+            Absolute path to the object
+        .PARAMETER object
+            Name of the Identity getting the permission.
+        .PARAMETER permission
+            Permission of the object
         .NOTES
             Version:         1.1
             DateModified:    03/Oct/2016
@@ -31,7 +33,7 @@ function Grant-NTFSPermission {
 
         # Param2 object or SecurityPrincipal
         [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, ValueFromRemainingArguments = $false,
-            HelpMessage = 'Name of the object',
+            HelpMessage = 'Name of the Identity getting the permission.',
         Position = 1)]
         [ValidateNotNull()]
         [ValidateNotNullOrEmpty()]

diff --git a/Public/New-CentralItOU.ps1 b/Public/New-CentralItOU.ps1
@@ -215,6 +215,7 @@
         Import-Module -name ServerManager        -Verbose:$false
         Import-Module -name ActiveDirectory      -Verbose:$false
         Import-Module -name GroupPolicy          -Verbose:$false
+        Import-Module -name EguibarIT            -Verbose:$false
         Import-Module -name EguibarIT.Delegation -Verbose:$false
 
         ################################################################################
@@ -1065,12 +1066,13 @@
             }
 
             New-ADFineGrainedPasswordPolicy @parameters
-
+            Start-Sleep -Seconds 5
             $PSOexists = Get-ADFineGrainedPasswordPolicy -Filter { name -eq $PsoName }
         } # End If PSO exists
 
 
         Write-Verbose -Message ('Apply the {0} PSO to the corresponding accounts and groups.' -f $PsoName)
+        Start-Sleep -Seconds 5
         # Apply the PSO to the corresponding accounts and groups
         $parameters = @( $AdminName,
                          $newAdminName,
@@ -1143,11 +1145,13 @@
               ReversibleEncryptionEnabled = [System.Boolean]$confXML.n.Admin.PSOs.ServiceAccountsPSO.ReversibleEncryptionEnabled
             }
             New-ADFineGrainedPasswordPolicy @parameters
-            #$PSOexists = Get-ADFineGrainedPasswordPolicy -Filter { cn -eq $PsoName }
-            $PSOexists = Get-ADFineGrainedPasswordPolicy -Identity $PsoName
+            Start-Sleep -Seconds 5
+            $PSOexists = Get-ADFineGrainedPasswordPolicy -Filter { cn -eq $PsoName }
+            #$PSOexists = Get-ADFineGrainedPasswordPolicy -Identity $PsoName
         }
 
         Write-Verbose -Message ('Apply the {0} PSO to the corresponding accounts and groups.' -f $PsoName)
+        Start-Sleep -Seconds 5
         # Apply the PSO to all Tier Service Accounts
         $parameters = @( $SG_Tier0ServiceAccount,
                          $SG_Tier1ServiceAccount,
@@ -1709,7 +1713,15 @@
         # Admin Area
         New-DelegateAdGpo -gpoDescription 'ItAdmin-Baseline' -gpoScope 'C' -gpoLinkPath $ItAdminOuDn -GpoAdmin  $sl_GpoAdminRight.SamAccountName
         New-DelegateAdGpo -gpoDescription 'ItAdmin-Baseline' -gpoScope 'U' -gpoLinkPath $ItAdminOuDn -GpoAdmin  $sl_GpoAdminRight.SamAccountName
-        New-DelegateAdGpo -gpoDescription ('{0}-Baseline' -f $confXML.n.Admin.OUs.ItAdminOU.Name) -gpoScope U -gpoLinkPath $ItAdminAccountsOuDn -GpoAdmin  $sl_GpoAdminRight.SamAccountName -gpoBackupId $confXML.n.Admin.GPOs.AdminUserbaseline.backupID -gpoBackupPath (Join-Path $DMscripts SecTmpl)
+        $parameters = @{
+            gpoDescription = '{0}-Baseline' -f $confXML.n.Admin.OUs.ItAdminAccountsOU.Name
+            gpoScope       = 'U'
+            gpoLinkPath    = $ItAdminAccountsOuDn
+            GpoAdmin       = $sl_GpoAdminRight.SamAccountName
+            gpoBackupId    = $confXML.n.Admin.GPOs.AdminUserbaseline.backupID
+            gpoBackupPath  = Join-Path $DMscripts SecTmpl
+        }
+        New-DelegateAdGpo @parameters
 
         # Service Accounts
         $parameters = @{
@@ -1726,10 +1738,10 @@
             gpoScope = 'C'
             GpoAdmin = $sl_GpoAdminRight.SamAccountName
         }
-        New-DelegateAdGpo @parameters -gpoDescription ('{0}-Baseline' -f $confXML.n.Admin.OUs.ItPawOU.Name)   -gpoLinkPath $ItPawOuDn -gpoBackupId $confXML.n.Admin.GPOs.PAWbaseline.backupID -gpoBackupPath (Join-Path $DMscripts SecTmpl)
-        New-DelegateAdGpo @parameters -gpoDescription ('{0}-Baseline' -f $confXML.n.Admin.OUs.ItPawT0OU.Name) -gpoLinkPath ('OU={0},{1}' -f $confXML.n.Admin.OUs.ItPawT0OU.Name, $ItPawOuDn)
-        New-DelegateAdGpo @parameters -gpoDescription ('{0}-Baseline' -f $confXML.n.Admin.OUs.ItPawT1OU.Name) -gpoLinkPath ('OU={0},{1}' -f $confXML.n.Admin.OUs.ItPawT1OU.Name, $ItPawOuDn)
-        New-DelegateAdGpo @parameters -gpoDescription ('{0}-Baseline' -f $confXML.n.Admin.OUs.ItPawT2OU.Name) -gpoLinkPath ('OU={0},{1}' -f $confXML.n.Admin.OUs.ItPawT2OU.Name, $ItPawOuDn)
+        New-DelegateAdGpo @parameters -gpoDescription ('{0}-Baseline' -f $confXML.n.Admin.OUs.ItPawOU.Name)        -gpoLinkPath $ItPawOuDn -gpoBackupId $confXML.n.Admin.GPOs.PAWbaseline.backupID -gpoBackupPath (Join-Path $DMscripts SecTmpl)
+        New-DelegateAdGpo @parameters -gpoDescription ('{0}-Baseline' -f $confXML.n.Admin.OUs.ItPawT0OU.Name)      -gpoLinkPath ('OU={0},{1}' -f $confXML.n.Admin.OUs.ItPawT0OU.Name, $ItPawOuDn)
+        New-DelegateAdGpo @parameters -gpoDescription ('{0}-Baseline' -f $confXML.n.Admin.OUs.ItPawT1OU.Name)      -gpoLinkPath ('OU={0},{1}' -f $confXML.n.Admin.OUs.ItPawT1OU.Name, $ItPawOuDn)
+        New-DelegateAdGpo @parameters -gpoDescription ('{0}-Baseline' -f $confXML.n.Admin.OUs.ItPawT2OU.Name)      -gpoLinkPath ('OU={0},{1}' -f $confXML.n.Admin.OUs.ItPawT2OU.Name, $ItPawOuDn)
         New-DelegateAdGpo @parameters -gpoDescription ('{0}-Baseline' -f $confXML.n.Admin.OUs.ItPawStagingOU.Name) -gpoLinkPath ('OU={0},{1}' -f $confXML.n.Admin.OUs.ItPawStagingOU.Name, $ItPawOuDn)
 
         # Infrastructure Servers
@@ -1738,9 +1750,9 @@
             GpoAdmin = $sl_GpoAdminRight.SamAccountName
         }
         New-DelegateAdGpo @parameters -gpoDescription ('{0}-Baseline' -f $confXML.n.Admin.OUs.ItInfraOU.Name) -gpoLinkPath $ItInfraOuDn -gpoBackupId $confXML.n.Admin.GPOs.INFRAbaseline.backupID -gpoBackupPath (Join-Path $DMscripts SecTmpl)
-        New-DelegateAdGpo @parameters -gpoDescription ('{0}-Baseline' -f $confXML.n.Admin.OUs.ItInfraT0.Name) -gpoLinkPath ('OU={0},{1}' -f $confXML.n.Admin.OUs.ItInfraT0.Name, $ItInfraOuDn)
-        New-DelegateAdGpo @parameters -gpoDescription ('{0}-Baseline' -f $confXML.n.Admin.OUs.ItInfraT1.Name) -gpoLinkPath ('OU={0},{1}' -f $confXML.n.Admin.OUs.ItInfraT1.Name, $ItInfraOuDn)
-        New-DelegateAdGpo @parameters -gpoDescription ('{0}-Baseline' -f $confXML.n.Admin.OUs.ItInfraT2.Name) -gpoLinkPath ('OU={0},{1}' -f $confXML.n.Admin.OUs.ItInfraT2.Name, $ItInfraOuDn)
+        New-DelegateAdGpo @parameters -gpoDescription ('{0}-Baseline' -f $confXML.n.Admin.OUs.ItInfraT0Ou.Name) -gpoLinkPath ('OU={0},{1}' -f $confXML.n.Admin.OUs.ItInfraT0Ou.Name, $ItInfraOuDn)
+        New-DelegateAdGpo @parameters -gpoDescription ('{0}-Baseline' -f $confXML.n.Admin.OUs.ItInfraT1Ou.Name) -gpoLinkPath ('OU={0},{1}' -f $confXML.n.Admin.OUs.ItInfraT1Ou.Name, $ItInfraOuDn)
+        New-DelegateAdGpo @parameters -gpoDescription ('{0}-Baseline' -f $confXML.n.Admin.OUs.ItInfraT2Ou.Name) -gpoLinkPath ('OU={0},{1}' -f $confXML.n.Admin.OUs.ItInfraT2Ou.Name, $ItInfraOuDn)
         New-DelegateAdGpo @parameters -gpoDescription ('{0}-Baseline' -f $confXML.n.Admin.OUs.ItInfraStagingOU.Name) -gpoLinkPath ('OU={0},{1}' -f $confXML.n.Admin.OUs.ItInfraStagingOU.Name, $ItInfraOuDn)
 
         # redirected containers (X-Computers & X-Users)
@@ -2058,13 +2070,13 @@
 
         # Create basic GPO for Users and Computers
         $Splat = @{
-            gpoDescription = ('{0}-Baseline' -f $SitesOu)
+            gpoDescription = '{0}-Baseline' -f $SitesOu
             gpoLinkPath    = $SitesOuDn
             GpoAdmin       = $sl_GpoAdminRight.SamAccountName
-            gpoBackupPath  = (Join-Path $DMscripts SecTmpl)
+            gpoBackupPath  = Join-Path $DMscripts SecTmpl
         }
         New-DelegateAdGpo @Splat -gpoScope 'C' -gpoBackupID $confXML.n.Sites.OUs.OuSiteComputer.backupID
-        New-DelegateAdGpo @Splat -gpoScope 'U' -gpoBackupID $confXML.n.Sites.OUs.SitesOU.backupID
+        New-DelegateAdGpo @Splat -gpoScope 'U' -gpoBackupID $confXML.n.Sites.OUs.OuSiteUser.backupID
 
 
 

diff --git a/Public/New-DelegateSiteOU.ps1 b/Public/New-DelegateSiteOU.ps1
@@ -23,6 +23,8 @@
             [switch] If present It will create all needed Exchange objects and containers.
         .PARAMETER CreateLAPS
             [switch] If present It will create all needed LAPS objects, containers and delegations.
+        .PARAMETER GpoBackupPath
+            [string] Full path to theGPO backup files
         .PARAMETER ConfigXMLFile
             [String] Full path to the configuration.xml file
         .NOTES
@@ -203,9 +205,16 @@
         $CreateLAPS,
 
         # PARAM10 full path to the configuration.xml file
+        [Parameter(Mandatory = $false, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True, ValueFromRemainingArguments = $false,
+            HelpMessage='Full path to theGPO backup files',
+            Position=9)]
+        [string]
+        $GpoBackupPath,
+
+        # PARAM11 full path to the configuration.xml file
         [Parameter(Mandatory = $true, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True, ValueFromRemainingArguments = $false,
             HelpMessage='Full path to the configuration.xml file',
-            Position=9)]
+            Position=10)]
         [string]
         $ConfigXMLFile
 
@@ -575,7 +584,7 @@
             $splat = @{
                 BackupId   = $confXML.n.Sites.OUs.OuSiteUser.backupID
                 TargetName = '{0}-{1}-{2}' -f $confXML.n.Sites.OUs.OuSiteUser.Scope, $ouName, $confXML.n.Sites.OUs.OuSiteUser.Name
-                path       = Join-Path -Path $DMscripts -ChildPath SecTmpl
+                path       = $GpoBackupPath
             }
             Import-GPO @splat
         }
@@ -590,7 +599,7 @@
             $splat = @{
                 BackupId   = $confXML.n.Sites.OUs.OuSiteComputer.backupID
                 TargetName = '{0}-{1}-{2}' -f $confXML.n.Sites.OUs.OuSiteComputer.Scope, $PSBoundParameters['ouName'], $confXML.n.Sites.OUs.OuSiteComputer.Name
-                path       = Join-Path -Path $DMscripts -ChildPath SecTmpl
+                path       = $GpoBackupPath
             }
             Import-GPO @splat
         }
@@ -649,7 +658,7 @@
             $splat = @{
                 BackupId   = $confXML.n.Sites.OUs.OuSiteLaptop.backupID
                 TargetName = '{0}-{1}-{2}' -f $confXML.n.Sites.OUs.OuSiteLaptop.Scope, $PSBoundParameters['ouName'], $confXML.n.Sites.OUs.OuSiteLaptop.Name
-                path       = Join-Path -Path $DMscripts -ChildPath SecTmpl
+                path       = $GpoBackupPath
             }
             Import-GPO @splat
         }

diff --git a/Public/New-LapsObjects.ps1 b/Public/New-LapsObjects.ps1
@@ -56,6 +56,7 @@ Function New-LAPSobjects {
         ################################################################################
         # Initialisations
         Import-Module ActiveDirectory      -Verbose:$false
+        Import-Module EguibarIT            -Verbose:$false
         Import-Module EguibarIT.Delegation -Verbose:$false
         Import-Module AdmPwd.PS            -Verbose:$false
 
@@ -79,24 +80,37 @@ Function New-LAPSobjects {
         }
         catch { Get-CurrentErrorToDisplay -CurrentError $error[0] }
 
-        # Naming conventions hashtable
-        $NC = @{'sl'    = $confXML.n.NC.LocalDomainGroupPreffix;
-                'sg'    = $confXML.n.NC.GlobalGroupPreffix;
-                'su'    = $confXML.n.NC.UniversalGroupPreffix;
-                'Delim' = $confXML.n.NC.Delimiter;
-                'T0'    = $confXML.n.NC.AdminAccSufix0;
-                'T1'    = $confXML.n.NC.AdminAccSufix1;
-                'T2'    = $confXML.n.NC.AdminAccSufix2
+        If(-Not (Test-Path -Path variable:NC)) {
+            # Naming conventions hashtable
+            $NC = @{'sl'    = $confXML.n.NC.LocalDomainGroupPreffix;
+                    'sg'    = $confXML.n.NC.GlobalGroupPreffix;
+                    'su'    = $confXML.n.NC.UniversalGroupPreffix;
+                    'Delim' = $confXML.n.NC.Delimiter;
+                    'T0'    = $confXML.n.NC.AdminAccSufix0;
+                    'T1'    = $confXML.n.NC.AdminAccSufix1;
+                    'T2'    = $confXML.n.NC.AdminAccSufix2
+            }
         }
-
         #('{0}{1}{2}{1}{3}' -f $NC['sg'], $NC['Delim'], $confXML.n.Admin.lg.PAWM, $NC['T0'])
         # SG_PAWM_T0
 
-        $SL_InfraRight  = Get-ADGroup -Identity ('{0}{1}{2}' -f $NC['sl'], $NC['Delim'], $confXML.n.Admin.LG.InfraRight.Name)
-        $SL_PISM        = Get-ADGroup -Identity ('{0}{1}{2}' -f $NC['sl'], $NC['Delim'], $confXML.n.Admin.LG.PISM.Name)
-        $SL_PAWM        = Get-ADGroup -Identity ('{0}{1}{2}' -f $NC['sl'], $NC['Delim'], $confXML.n.Admin.LG.PAWM.Name)
+        If(-Not (Test-Path -Path variable:SL_InfraRight)) {
+            $SL_InfraRight  = Get-ADGroup -Identity ('{0}{1}{2}' -f $NC['sl'], $NC['Delim'], $confXML.n.Admin.LG.InfraRight.Name)
+        }
+
+        If(-Not (Test-Path -Path variable:SL_PISM)) {
+            $SL_PISM        = Get-ADGroup -Identity ('{0}{1}{2}' -f $NC['sl'], $NC['Delim'], $confXML.n.Admin.LG.PISM.Name)
+        }
+
+        If(-Not (Test-Path -Path variable:SL_PAWM)) {
+            $SL_PAWM        = Get-ADGroup -Identity ('{0}{1}{2}' -f $NC['sl'], $NC['Delim'], $confXML.n.Admin.LG.PAWM.Name)
+        }
+
         # $SL_AdRight    = Get-ADGroup -Identity ('{0}{1}{2}' -f $NC['sl'], $NC['Delim'], $confXML.n.Admin.LG.AdRight.Name)
-        $SL_SvrAdmRight = Get-ADGroup -Identity ('{0}{1}{2}' -f $NC['sl'], $NC['Delim'], $confXML.n.Servers.LG.SvrAdmRight.Name)
+
+        If(-Not (Test-Path -Path variable:SL_SvrAdmRight)) {
+            $SL_SvrAdmRight = Get-ADGroup -Identity ('{0}{1}{2}' -f $NC['sl'], $NC['Delim'], $confXML.n.Servers.LG.SvrAdmRight.Name)
+        }
 
         $guidmap = $null
         $guidmap = @{}
@@ -107,14 +121,22 @@ Function New-LAPSobjects {
         # Organizational Units Distinguished Names
 
         # IT Admin OU
-        $ItAdminOu = $confXML.n.Admin.OUs.ItAdminOU.name
+        If(-Not (Test-Path -Path variable:ItAdminOu)) {
+            $ItAdminOu = $confXML.n.Admin.OUs.ItAdminOU.name
+        }
         # IT Admin OU Distinguished Name
-        $ItAdminOuDn = 'OU={0},{1}' -f $ItAdminOu, $AdDn
+        If(-Not (Test-Path -Path variable:ItAdminOuDn)) {
+            New-Variable -Name 'ItAdminOuDn' -Value ('OU={0},{1}' -f $ItAdminOu, $AdDn) -Option ReadOnly -Force
+        }
 
         # Servers OU
-        $ServersOu = $confXML.n.Servers.OUs.ServersOU.name
+        If(-Not (Test-Path -Path variable:ServersOu)) {
+            $ServersOu = $confXML.n.Servers.OUs.ServersOU.name
+        }
         # Servers OU Distinguished Name
-        $ServersOuDn = 'OU={0},{1}' -f $ServersOu, $AdDn
+        If(-Not (Test-Path -Path variable:ServersOuDn)) {
+            $ServersOuDn = 'OU={0},{1}' -f $ServersOu, $AdDn
+        }
 
         # It InfraServers OU
         $ItInfraServersOu = $confXML.n.Admin.OUs.ItInfraOU.name

diff --git a/Public/Set-AdAclLaps.ps1 b/Public/Set-AdAclLaps.ps1
@@ -80,7 +80,7 @@ function Set-AdAclLaps
         [string]$pb = ($PSBoundParameters | Format-Table -AutoSize | Out-String).TrimEnd()
         Write-Verbose -Message "Parameters used by the function... $NL$($pb.split($NL).Foreach({"$($HTab*4)$_"}) | Out-String) $NL"
 
-        Import-Module -Name 'AdmPwd.PS' -Force -Verbose
+        Import-Module -Name 'AdmPwd.PS' -Force -Verbose:$false
 
         $guidmap = $null
         $guidmap = @{}
@@ -90,11 +90,11 @@ function Set-AdAclLaps
         if(-not($null -eq $guidmap["ms-Mcs-AdmPwdExpirationTime"])) {
             Write-Verbose -Message "LAPS is supported on this environment. We can proceed to configure it."
 
-            Set-AdmPwdComputerSelfPermission -Identity $PSBoundParameters['LDAPpath']
+            Set-AdmPwdComputerSelfPermission -Identity $LDAPpath
 
-            Set-AdmPwdReadPasswordPermission -AllowedPrincipals $PSBoundParameters['ReadGroup'] -Identity $PSBoundParameters['LDAPpath']
+            Set-AdmPwdReadPasswordPermission -AllowedPrincipals $ReadGroup -Identity $LDAPpath
 
-            Set-AdmPwdResetPasswordPermission -AllowedPrincipals $PSBoundParameters['ResetGroup'] -Identity $PSBoundParameters['LDAPpath']
+            Set-AdmPwdResetPasswordPermission -AllowedPrincipals $ResetGroup -Identity $LDAPpath
         } else {
             Write-Error -Message "Not Implemented. Schema does not contains the requiered attributes."
         }
@@ -105,4 +105,4 @@ function Set-AdAclLaps
         Write-Verbose -Message '-------------------------------------------------------------------------------'
         Write-Verbose -Message ''
     }
-}
+}