DomainManagement

1.7.145

functions/gpowner/Register-DMGPOwner.ps1

                                function Register-DMGPOwner {

    <#

    .SYNOPSIS

        Define the desired state for group policy ownership.

    .DESCRIPTION

        Define the desired state for group policy ownership.

        Afterwards use Test-DMGPOwner to determine, whether reality matches desire.

        Or Invoke-DMGPOwner to bring reality into the desired state.

        You can define ownership in three ways:

        - Explicitly to a specific group policy object

        - By filter, using the same filter syntax as used for GP Permissions

        - Global, a default setting for when the other two do not apply

        In Case multiple rules apply to a GPO, this precedence will be adhered to:

        Explicit > Filter > Global

        In case multiple filters apply, the one with the lowest Weight value applies.

    .PARAMETER GpoName

        The name of the GPO this rule applies to.

        This parameter uses name resolution.

    .PARAMETER Filter

        The filter by which to determine which GPO this rule applies to.

        Examples:

        - "IsManaged -and Tier0"

        - "-not (IsManaged) -or (Tier1 -and UserScope)"

        Each condition (e.g. "IsManaged" or "Tier0") needs to be defined as a condition separately.

        Conditions are documented here:

        - https://admf.one/documentation/components/domain/gppermissionfilters.html

        Examples on how to use them can be found in the "Filter" parameter description here:

        - https://admf.one/documentation/components/domain/gppermissions.html

    .PARAMETER Weight

        The precedence order when multiple filter conditions apply.

        The lower the number, the higher the priority.

    .PARAMETER All

        Define a global default rule.

        There can always only be one global default value.

    .PARAMETER Identity

        The identity that should be the owner of the affected GPO(s).

        Can be a sid or an NT identity reference.

        This parameter supports name resolution.

    .PARAMETER ContextName

        The name of the context defining the setting.

        This allows determining the configuration set that provided this setting.

        Used by the ADMF, available to any other configuration management solution.

    .EXAMPLE

        PS C:\> Get-Content .\gpoowners.json | ConvertFrom-Json | Write-Output | Register-DMGPOwner

        Reads all settings from the provided json file and registers them.

    .NOTES

    General notes

    #>

    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSReviewUnusedParameter', '')]

    [CmdletBinding()]

    Param (

        [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'Explicit')]

        [string]

        $GpoName,

        [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'Filter')]

        [PsfValidateScript('DomainManagement.Validate.GPPermissionFilter', ErrorString = 'DomainManagement.Validate.GPPermissionFilter')]

        [string]

        $Filter,

        [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'Filter')]

        [int]

        $Weight = 50,

        [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'All')]

        [switch]

        $All,

        [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'Explicit')]

        [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'Filter')]

        [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'All')]

        [PsfValidateScript('DomainManagement.Validate.Identity', ErrorString = 'DomainManagement.Validate.Identity')]

        [string]

        $Identity,

        [string]

        $ContextName = '<Undefined>'

    )

    process {

        switch ($PSCmdlet.ParameterSetName) {

            'Explicit' {

                $permIdentity = 'Explicit|{0}' -f $GpoName

                $script:groupPolicyOwners[$permIdentity] = [PSCustomObject]@{

                    PSTypeName    = 'DomainManagement.Configuration.GPOwner'

                    EntryIdentity = $permIdentity

                    Type          = $PSCmdlet.ParameterSetName

                    GpoName       = $GpoName

                    Identity      = $Identity

                    ContextName   = $ContextName

                }

            }

            'Filter' {

                $permIdentity = 'Filter|{0}' -f $Filter

                $script:groupPolicyOwners[$permIdentity] = [PSCustomObject]@{

                    PSTypeName       = 'DomainManagement.Configuration.GPOwner'

                    EntryIdentity    = $permIdentity

                    Type             = $PSCmdlet.ParameterSetName

                    Filter           = $Filter

                    FilterConditions = ConvertTo-FilterName -Filter $Filter

                    Weight           = $Weight

                    Identity         = $Identity

                    ContextName      = $ContextName

                }

            }

            'All' {

                $script:groupPolicyOwners['All'] = [PSCustomObject]@{

                    PSTypeName    = 'DomainManagement.Configuration.GPOwner'

                    EntryIdentity = 'All'

                    Type          = $PSCmdlet.ParameterSetName

                    All           = $true

                    Identity      = $Identity

                    ContextName   = $ContextName

                }

            }

        }

    }

}