-
Notifications
You must be signed in to change notification settings - Fork 141
Expand file tree
/
Copy path1-ADObjectPermissionEntry_DelegateFullControl_Config.ps1
More file actions
42 lines (39 loc) · 1.57 KB
/
1-ADObjectPermissionEntry_DelegateFullControl_Config.ps1
File metadata and controls
42 lines (39 loc) · 1.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
<#PSScriptInfo
.VERSION 1.0.1
.GUID c096de91-61ee-41e9-917a-069c62b34d50
.AUTHOR DSC Community
.COMPANYNAME DSC Community
.COPYRIGHT DSC Community contributors. All rights reserved.
.TAGS DSCConfiguration
.LICENSEURI https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/LICENSE
.PROJECTURI https://github.com/dsccommunity/ActiveDirectoryDsc
.ICONURI https://dsccommunity.org/images/DSC_Logo_300p.png
.RELEASENOTES
Updated author, copyright notice, and URLs.
#>
#Requires -Module ActiveDirectoryDsc
<#
.DESCRIPTION
This configuration will add full control (GenericAll) permissions to
the virtual computer object (VCO) ROLE01 for a cluster name object (CNO)
CONTOSO\CLUSTER01$. This is used so that the Windows Failover Cluster
can control the roles AD objects.
#>
Configuration ADObjectPermissionEntry_DelegateFullControl_Config
{
Import-DscResource -Module ActiveDirectoryDsc
Node localhost
{
ADObjectPermissionEntry 'ADObjectPermissionEntry'
{
Ensure = 'Present'
Path = 'CN=ROLE01,CN=Computers,DC=contoso,DC=com'
IdentityReference = 'CONTOSO\CLUSTER01$'
ActiveDirectoryRights = 'GenericAll'
AccessControlType = 'Allow'
ObjectType = '00000000-0000-0000-0000-000000000000'
ActiveDirectorySecurityInheritance = 'None'
InheritedObjectType = '00000000-0000-0000-0000-000000000000'
}
}
}