Skip to content

1.13.108 #65

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
FriedrichWeinmann merged 5 commits into from
May 28, 2025
Merged

1.13.108 #65

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ddb7a61
Merge pull request #63 from ActiveDirectoryManagementFramework/master
FriedrichWeinmann May 2, 2025
bda4f2f
default permissins update
FriedrichWeinmann May 2, 2025
ddadd99
updates & reorder
FriedrichWeinmann May 28, 2025
e004050
fixing strings test
FriedrichWeinmann May 28, 2025
9bc9415
Merge pull request #64 from ActiveDirectoryManagementFramework/may25
FriedrichWeinmann May 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions ADMF/ADMF.psd1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
RootModule = 'ADMF.psm1'

# Version number of this module.
ModuleVersion = '1.13.103'
ModuleVersion = '1.13.108'

# ID used to uniquely identify this module
GUID = '43f2a890-942f-4dd7-bad0-b774b44ea849'
Expand All @@ -28,13 +28,13 @@
RequiredModules = @(
@{ ModuleName = 'PSFramework'; ModuleVersion = '1.12.346' }
@{ ModuleName = 'ADSec'; ModuleVersion = '1.0.1' }
@{ ModuleName = 'string'; ModuleVersion = '1.1.3' }
@{ ModuleName = 'string'; ModuleVersion = '1.1.5' }
@{ ModuleName = 'ResolveString'; ModuleVersion = '1.0.0' }
@{ ModuleName = 'Principal'; ModuleVersion = '1.0.0' }
@{ ModuleName = 'ADMF.Core'; ModuleVersion = '1.1.9' }
@{ ModuleName = 'DCManagement'; ModuleVersion = '1.2.25' }
@{ ModuleName = 'DomainManagement'; ModuleVersion = '1.9.210' }
@{ ModuleName = 'ForestManagement'; ModuleVersion = '1.5.78' }
@{ ModuleName = 'DomainManagement'; ModuleVersion = '1.9.218' }
@{ ModuleName = 'ForestManagement'; ModuleVersion = '1.5.79' }
)

# Assemblies that must be loaded prior to importing this module
Expand Down
8 changes: 8 additions & 0 deletions ADMF/changelog.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,13 @@
# Changelog

## 1.13.108 (2025-05-28)

- New: DefaultGroupMemberships - Added default groupmemberships as a Component
- Upd: DefaultExchangeSplitPermission - Updated Exchange Split Permission default permissions, to match Exchange 2019 CU 15
- Upd: DefaultAccessRules - Added default rules for contents of the system container, removing the need to exempt it from the domain content mode.
- Upd: DefaultAccessRules - Made domain root "everyone deny delete children" undefined, making it tolerated if present but no longer creating it.
- Fix: Invoke-AdmfItem - Broken WhatIf & Confirm message

## 1.13.103 (2024-12-13)

- Upd: New-AdmfContext - added `-Components` parameter for adding extra content to newly created Contexts.
Expand Down
2 changes: 1 addition & 1 deletion ADMF/functions/Invoke-AdmfItem.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@
#region Execute Test Results
try {
foreach ($resultItem in $resultGroup.Group) {
if (-not (Test-PSFShouldProcess -Target $resultItem -ActionString 'Invoke-AdmfItem.Processing.ShouldProcess' -ActionStringValues $resultItem.Server, $resultItem.ObjectType, $resultItem.Type, $resultItem.Identity -PSCmdlet $PSCmdlet)) {
if (-not (Test-PSFShouldProcess -Target $resultItem -ActionString 'ADMF.Invoke-AdmfItem.Processing.ShouldProcess' -ActionStringValues $resultItem.Server, $resultItem.ObjectType, $resultItem.Type, $resultItem.Identity -PSCmdlet $PSCmdlet)) {
continue
}
Write-PSFMessage -Level Host -String 'Invoke-AdmfItem.Processing' -Target $resultItem -StringValues $resultItem.Server, $resultItem.ObjectType, $resultItem.Type, $resultItem.Identity -PSCmdlet $PSCmdlet
Expand Down
43 changes: 12 additions & 31 deletions ADMF/functions/New-AdmfContext.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,14 +121,10 @@
[string[]]
$MutuallyExclusive = @(),

[ValidateSet(
'DefaultAccessRules',
'DefaultSchemaAttributes',
'ExchangeDefaultAccessRules',
'ExchangeSplitPermissionAccessRules'
)]
[PSFArgumentCompleter('ADMF.Components')]
[PsfValidateSet(TabCompletion = 'ADMF.Components')]
[string[]]
$Components,
$Components = @(),

[switch]
$DefaultAccessRules,
Expand Down Expand Up @@ -169,6 +165,11 @@
}
$resolvedPath = Resolve-PSFPath -Provider FileSystem -Path $storeObject.Path -SingleItem
}

if ($DefaultAccessRules) { $Components += 'DefaultAccessRules' }
if ($ExchangeAccessRules -eq 'Default') { $Components += 'ExchangeDefaults' }
if ($ExchangeAccessRules -eq 'SplitPermission') { $Components += 'ExchangeSPDefaults' }
$Components = $Components | Remove-PSFNull -Enumerate | Sort-Object -Unique
}
process
{
Expand All @@ -180,32 +181,12 @@
$contextFolder = New-Item -Path $resolvedPath -Name $Name -ItemType Directory
$contextVersionFolder = New-Item -Path $contextFolder.FullName -Name '1.0.0' -ItemType Directory
Copy-Item -Path "$script:ModuleRoot\internal\data\context\*" -Destination "$($contextVersionFolder.FullName)\" -Recurse

#region Default Access Rules
if ($DefaultAccessRules -or $Components -contains 'DefaultAccessRules'){
Copy-Item -Path "$script:ModuleRoot\internal\data\domainDefaults\accessRules\*.json" -Destination "$($contextVersionFolder.FullName)\domain\accessrules\"
Copy-Item -Path "$script:ModuleRoot\internal\data\domainDefaults\objectCategories\*.psd1" -Destination "$($contextVersionFolder.FullName)\domain\objectcategories\"
Copy-Item -Path "$script:ModuleRoot\internal\data\domainDefaults\gppermissions\*.json" -Destination "$($contextVersionFolder.FullName)\domain\gppermissions\"
Copy-Item -Path "$script:ModuleRoot\internal\data\domainDefaults\gppermissionfilters\*.json" -Destination "$($contextVersionFolder.FullName)\domain\gppermissionfilters\"

Copy-Item -Path "$script:ModuleRoot\internal\data\forestDefaults\schemaDefaultPermissions\*.json" -Destination "$($contextVersionFolder.FullName)\forest\schemaDefaultPermissions\"
}
#endregion Default Access Rules

#region Default Schema Attributes
if ($Components -contains 'DefaultSchemaAttributes') {
Copy-Item -Path "$script:ModuleRoot\internal\data\forestDefaults\schema\*.json" -Destination "$($contextVersionFolder.FullName)\forest\schema\"
}
#endregion Default Schema Attributes

#region Exchange Access Rules
if ($ExchangeAccessRules -eq 'SplitPermission' -or $Components -contains 'ExchangeSplitPermissionAccessRules') {
Copy-Item -Path "$script:ModuleRoot\internal\data\exchangeSPDefaults\accessRules\*.json" -Destination "$($contextVersionFolder.FullName)\domain\accessrules\"
}
elseif ($ExchangeAccessRules -eq 'Default' -or $Components -contains 'ExchangeDefaultAccessRules') {
Copy-Item -Path "$script:ModuleRoot\internal\data\exchangeDefaults\accessRules\*.json" -Destination "$($contextVersionFolder.FullName)\domain\accessrules\"
#region Process Components
foreach ($component in $Components) {
Copy-Item -Path "$script:ModuleRoot\internal\components\$component\*" -Destination "$($contextVersionFolder.FullName)" -Recurse -Force
}
#endregion Exchange Access Rules
#endregion Process Components

$contextJson = [pscustomobject]@{
Version = '1.0.0'
Expand Down
201 changes: 201 additions & 0 deletions ADMF/internal/components/DefaultAccessRules/domain/accessRules/addefault_adminSDHolder.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,201 @@
[
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "CreateChild, DeleteChild, Self, WriteProperty, ExtendedRight, Delete, GenericRead, WriteDacl, WriteOwner",
"InheritanceType": "None",
"ObjectType": "<All>",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "S-1-5-32-544"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "CreateChild, DeleteChild, Self, WriteProperty, ExtendedRight, GenericRead, WriteDacl, WriteOwner",
"InheritanceType": "None",
"ObjectType": "<All>",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "%DomainSID%-512"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "GenericAll",
"InheritanceType": "None",
"ObjectType": "<All>",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "%DomainSID%-512",
"Present": "false"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "CreateChild, DeleteChild, Self, WriteProperty, ExtendedRight, GenericRead, WriteDacl, WriteOwner",
"InheritanceType": "None",
"ObjectType": "<All>",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "%RootDomainSID%-519"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "ExtendedRight",
"InheritanceType": "None",
"ObjectType": "ab721a53-1e2f-11d0-9819-00aa0040529b",
"InheritedObjectType": "00000000-0000-0000-0000-000000000000",
"AccessControlType": "Allow",
"Identity": "S-1-1-0"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "ReadProperty, WriteProperty, ExtendedRight",
"InheritanceType": "All",
"ObjectType": "Private-Information",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "S-1-5-10"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "ExtendedRight",
"InheritanceType": "None",
"ObjectType": "User-Change-Password",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "S-1-5-10"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "ReadProperty",
"InheritanceType": "None",
"ObjectType": "RAS-Information",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "S-1-5-32-554"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "ReadProperty",
"InheritanceType": "None",
"ObjectType": "RAS-Information",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "S-1-5-32-554"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "ReadProperty",
"InheritanceType": "None",
"ObjectType": "User-Account-Restrictions",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "S-1-5-32-554"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "ReadProperty",
"InheritanceType": "None",
"ObjectType": "General-Information",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "S-1-5-32-554"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "ReadProperty",
"InheritanceType": "None",
"ObjectType": "Membership",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "S-1-5-32-554"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "ReadProperty",
"InheritanceType": "None",
"ObjectType": "Membership",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "S-1-5-32-554"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "GenericRead",
"InheritanceType": "None",
"ObjectType": "<All>",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "S-1-5-32-554"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "GenericRead",
"InheritanceType": "None",
"ObjectType": "<All>",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "S-1-5-32-554"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "ReadProperty",
"InheritanceType": "None",
"ObjectType": "General-Information",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "S-1-5-32-554"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "ReadProperty",
"InheritanceType": "None",
"ObjectType": "User-Logon",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "S-1-5-32-554"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "ReadProperty",
"InheritanceType": "None",
"ObjectType": "User-Account-Restrictions",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "S-1-5-32-554"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "ReadProperty",
"InheritanceType": "None",
"ObjectType": "Token-Groups-Global-And-Universal",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "S-1-5-32-560"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "ReadProperty, WriteProperty",
"InheritanceType": "None",
"ObjectType": "Terminal-Server",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "S-1-5-32-561"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "ReadProperty, WriteProperty",
"InheritanceType": "None",
"ObjectType": "Terminal-Server-License-Server",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "S-1-5-32-561"
},
{
"Path": "CN=AdminSDHolder,CN=System,%DomainDN%",
"ActiveDirectoryRights": "ReadProperty, WriteProperty",
"InheritanceType": "None",
"ObjectType": "X509-Cert",
"InheritedObjectType": "<All>",
"AccessControlType": "Allow",
"Identity": "%DomainSID%-517"
}
]
Loading