DryActiveDirectory

1.1.1

ScriptBlocks/DryAD_SB_JsonGPO_Import.ps1

                                # DryActiveDirectory is an AD config module for use with DryDeploy, or by itself.

#

# Copyright (C) 2021  Bjørn Henrik Formo (bjornhenrikformo@gmail.com)

# LICENSE: https://raw.githubusercontent.com/bjoernf73/DryActiveDirectory/main/LICENSE

# 

# This program is free software; you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation; either version 2 of the License, or

# (at your option) any later version.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License along

# with this program; if not, write to the Free Software Foundation, Inc.,

# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

[ScriptBlock]$DryAD_SB_JsonGPO_Import = {

    [CmdLetBinding()] 

    Param (

        [String]

        $Name,

        [String]

        $FileName,

        [String]

        $DomainController,

        [Bool]

        $Force,

        [Bool]

        $DefaultPermissions,

        [HashTable]

        $Replacements

    )

    $Result = @($False,$Null,'')

    Try {

        # To import json-gpos, you must have access to the GPOManagement module

        Import-Module -Name 'GPOManagement' -Force -ErrorAction 'Stop' | Out-Null

        $GPOExistsAlreadyParams = @{

            Name             = $Name

            DomainController = $DomainController

        }

        [Bool]$GPOExistsAlready = Test-GroupPolicyExistenceInAD @GPOExistsAlreadyParams

        If ($GPOExistsAlready -and (-not $Force)) {

            $Result[2] = 'GPO exists already and you didn''t -force (no change)'

            $Result[0] = $True

        }

        Else {

            $ImportGroupPolicyToADParams = @{

                Name                    = $Name

                FileName                = $FileName

                OverwriteExistingPolicy = $Force

                DefaultPermissions      = $DefaultPermissions

                Replacements            = $Replacements

                PerformBackup           = $Force # If we overwrite, we also perform a backup of the existing GPO

                RemoveLinks             = $True

                DoNotLinkGPO            = $True

            }

            Import-GroupPolicyToAD @ImportGroupPolicyToADParams

            $Result[0] = $True

            If ($GPOExistsAlready -and $Force) {

                $Result[2] = 'An existing GPO was replaced (original renamed)'

            }

            Else {

                $Result[2] = 'The GPO was imported'

            }

        }

        Return $Result

    }

    Catch {

        $Result[0] = $False

        $Result[1] = $_

        $Result[2] = 'The GPO import failed'

        # If import fails, an empty GPO may have been created - remove it

        $RemoveGroupPolicyFromADParams = @{

            Name             = $Name

            DomainController = $DomainController

        }

        Remove-GroupPolicyFromAD @RemoveGroupPolicyFromADParams

        Return $Result

    }

    Finally {

        @('GPOExistsAlreadyParams',

            'ImportGroupPolicyToADParams',

            'ImportGroupPolicyToADParams',

            'RemoveGroupPolicyFromADParams'

        ).ForEach({

            Remove-Variable -Name $_ -ErrorAction Ignore | Out-Null

        })

    }

}