DSCResources/MSFT_SPServiceIdentity/MSFT_SPServiceIdentity.psm1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
function Get-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Collections.Hashtable])]
    param
    (
        [parameter(Mandatory = $true)]  
        [System.String]
        $Name,

        [parameter(Mandatory = $false)]
        [System.Management.Automation.PSCredential] 
        $InstallAccount,

        [parameter(Mandatory = $true)] 
        [System.String] 
        $ManagedAccount
    )

    Write-Verbose -Message "Getting identity for service instance '$Name'"

    $result = Invoke-SPDSCCommand -Credential $InstallAccount -Arguments $PSBoundParameters -ScriptBlock {
        $params = $args[0]
        

        $serviceInstance = Get-SPServiceInstance -Server $env:computername | Where-Object { $_.TypeName -eq $params.Name }
        
        if ($null -eq $serviceInstance.service.processidentity) 
        {
            Write-Verbose "WARNING: Service $($params.name) does not support setting the process identity"
        }
        
        $ManagedAccount = $serviceInstance.service.processidentity.username
        
        return @{
            Name = $params.Name
            ManagedAccount = $ManagedAccount
        }     
        
    }
    
    return $result
    
}

function Set-TargetResource
{
    [CmdletBinding()]
    param
    (
        [parameter(Mandatory = $true)]  
        [System.String] 
        $Name,

        [parameter(Mandatory = $false)] 
        [System.Management.Automation.PSCredential] 
        $InstallAccount,

        [parameter(Mandatory = $true)] 
        [System.String] 
        $ManagedAccount
    )

    Write-Verbose -Message "Setting service instance '$Name' to '$ManagedAccount'"

    Invoke-SPDSCCommand -Credential $InstallAccount -Arguments $PSBoundParameters -ScriptBlock {
        $params = $args[0]
        

        $serviceInstance = Get-SPServiceInstance -Server $env:COMPUTERNAME| Where-Object { $_.TypeName -eq $params.Name }
        $managedAccount = Get-SPManagedAccount $params.ManagedAccount
        if ($null -eq $serviceInstance) 
        {
            throw [System.Exception] "Unable to locate service $($params.Name)"
        }
        if ($null -eq $managedAccount) 
        {
            throw [System.Exception] "Unable to locate Managed Account $($params.ManagedAccount)"
        }
        
       if ($null -eq $serviceInstance.service.processidentity) 
       {
           throw [System.Exception] "Service $($params.name) does not support setting the process identity"
       }
       
       $serviceInstance.service.processIdentity.CurrentIdentityType = [Microsoft.SharePoint.Administration.IdentityType]::SpecificUser 
       $serviceInstance.service.processIdentity.ManagedAccount = $managedAccount
       $serviceInstance.service.processIdentity.update()
       $serviceInstance.service.processIdentity.deploy() 
        
 }
    
    
}


function Test-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Boolean])]
    param
    (
        [parameter(Mandatory = $true)]  
        [System.String]
        $Name,

        [parameter(Mandatory = $false)] 
        [System.Management.Automation.PSCredential] 
        $InstallAccount,

        [parameter(Mandatory = $true)] 
        [System.String] 
        $ManagedAccount
    )

  $CurrentValues = Get-TargetResource @PSBoundParameters
  Write-Verbose -Message "Testing service instance '$Name' Process Identity"
  
  return ($CurrentValues.ManagedAccount -eq $ManagedAccount)
  
    
}