Functions/Import-DryADGPO.ps1
|
Using Namespace System.Management.Automation.Runspaces # DryActiveDirectory is an AD config module for use with DryDeploy, or by itself. # # Copyright (C) 2021 Bjørn Henrik Formo (bjornhenrikformo@gmail.com) # LICENSE: https://raw.githubusercontent.com/bjoernf73/DryActiveDirectory/main/LICENSE # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Function Import-DryADGPO { [CmdletBinding(DefaultParameterSetName='Local')] Param ( [Parameter(Mandatory)] [PSObject] $GPO, [Parameter(Mandatory)] [String] $GPOsPath, [Parameter()] [ValidateSet('domain','site','computer')] [String] $Scope = 'domain', [Parameter(Mandatory,ParameterSetName='Remote')] [PSSession]$PSSession, [Parameter(Mandatory,ParameterSetName='Local', HelpMessage="For 'Local' sessions, specify the Domain Controller to use")] [String] $DomainController, [Parameter()] [HashTable] $ReplacementHash, [Parameter(HelpMessage="Renames existing GPO, and removes all it's links")] [Switch] $Force ) If ($PSCmdlet.ParameterSetName -eq 'Remote') { $Server = 'localhost' ol v @('Session Type','Remote') ol v @('Remoting to Domain Controller',"$($PSSession.ComputerName)") } Else { $Server = $DomainController ol v @('Session Type','Local') ol v @('Using Domain Controller',"$Server") } ol v @('GPO Name',"'$($GPO.TargetName)'") ol v @('GPO Type',"'$($GPO.Type)'") Switch ($GPO.type) { 'backup' { $BackupGPOPath = Join-Path -Path $GPOsPath -ChildPath $GPO.Name ol v @('GPO Folder Path',"'$BackupGPOPath'") $GPOImportArgumentList = @( [String] $GPO.Name, [String] $GPO.TargetName, [String] $BackupGPOPath, [HashTable]$ReplacementHash [String] $Server, [Bool] $Force ) $InvokeCommandParams = @{ ScriptBlock = $DryAD_SB_BackupGPO_Import ArgumentList = $GPOImportArgumentList ErrorAction = 'Continue' } If ($PSCmdlet.ParameterSetName -eq 'Remote') { $InvokeCommandParams += @{ Session = $PSSession } } $GPOImportResult = $Null $GPOImportResult = Invoke-Command @InvokeCommandParams # Log all remote messages to Out-DryLog regardless of result Foreach ($ResultMessage in $GPOImportResult[2]) { ol d "[BACKUPGPO] $ResultMessage" } If ($GPOImportResult[0] -eq $True) { ol v @('Successful import of backup GPO',"'$($GPO.Name)'") } Else { ol e "Failed to import backup GPO $($GPO.Name): $($GPOImportResults[1].ToString())" Throw "Failed to import backup GPO $($GPO.Name): $($GPOImportResults[1].ToString())" } } 'json' { # GPO in json-format, exported with GPOManagement module $JsonGPOFilePath = Join-Path -Path $GPOsPath -ChildPath "$($GPO.Name).json" ol v @('GPO File Path',"'$JsonGPOFilePath'") # Unless the json-gpo specifies a (bool) value for defaultpermissions, it is set to true, meaning # meaning that permissions in the json-GPO is ignored, and the default security descriptor of the # groupPolicyContainer schema class is used. If ($Null -eq $GPO.defaultpermissions) { [Bool]$GPODefaultPermissions = $True } Else { [Bool]$GPODefaultPermissions = $GPO.defaultpermissions } $GPOImportArgumentList = @( [String] $GPO.TargetName, [String] $JsonGPOFilePath, [String] $Server, [Bool] $Force, [Bool] $GPODefaultPermissions, [HashTable] $ReplacementHash ) $InvokeCommandParams = @{ ScriptBlock = $DryAD_SB_JsonGPO_Import ArgumentList = $GPOImportArgumentList ErrorAction = 'Continue' } If ($PSCmdlet.ParameterSetName -eq 'Remote') { $InvokeCommandParams += @{ Session = $PSSession } } $GPOImportResult = $Null $GPOImportResult = Invoke-Command @InvokeCommandParams Switch ($GPOImportResult[0]) { $True { ol s "$($GPOImportResult[2])" } Default { ol f "$($GPOImportResult[2])" Throw $GPOImportResult[1].ToString() } } } Default { Throw "Unknown GPO type: $($GPO.Type)" } } } |