search

microsoft / DSCParser

Allows the conversion of DSC scripts into PSObject for analysis purposes
MIT License
29 stars 20 forks source link

ConvertTo-DscObject is missing to define CIMInstance in nested properties #32

Closed ricmestre closed 1 year ago

ricmestre commented 1 year ago

On resources with deeply nested properties such as IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 some of them miss the CIMInstance property and therefore cannot be identified of which type they belong to. See below the values of the resource after ConvertTo-DscObject, at the bottom you may find the whole blueprint.

PS C:\> $Resource

Name                           Value                                                                                                                                                                        
----                           -----                                                                                                                                                                        
Ensure                         Present                                                                                                                                                                      
Description                                                                                                                                                                                                 
Id                             REDACTED                                                                                                                                         
ResourceName                   IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10                                                                                                               
Assignments                    {System.Collections.Specialized.OrderedDictionary, System.Collections.Specialized.OrderedDictionary}                                                                         
ResourceInstanceName           IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10-REDACTED                                                         
PolicyConfigurationIngestio... unknown                                                                                                                                                                      
DefinitionValues               {System.Collections.Specialized.OrderedDictionary, System.Collections.Specialized.OrderedDictionary, System.Collections.Specialized.OrderedDictionary, System.Collections....
DisplayName                    REDACTED

PS C:\> $Resource.DefinitionValues[0]

Name                           Value                                                                                                                                                                        
----                           -----                                                                                                                                                                        
CIMInstance                    MSFT_IntuneGroupPolicyDefinitionValue                                                                                                                                        
ConfigurationType              policy                                                                                                                                                                       
Id                             REDACTED                                                                                                                                         
Definition                     {Id, DisplayName, CategoryPath, PolicyType...}                                                                                                                               
Enabled                        True

PS C:\> $Resource.DefinitionValues[0].Definition

Name                           Value                                                                                                                                                                        
----                           -----                                                                                                                                                                        
Id                             REDACTED                                                                                                                                         
DisplayName                    Silently sign in users to the OneDrive sync app with their Windows credentials                                                                                               
CategoryPath                   \OneDrive                                                                                                                                                                    
PolicyType                     admxIngested                                                                                                                                                                 
SupportedOn                    At least Windows Server 2008 R2 or Windows 7                                                                                                                                 
ClassType                      machine

The last object is missing a CIMInstance property with value "MSFT_IntuneGroupPolicyDefinitionValueDefinition" like this:

PS C:\> $Resource.DefinitionValues[0].Definition

Name                           Value
----                           -----
CIMInstance                    MSFT_IntuneGroupPolicyDefinitionValueDefinition
Id                             REDACTED                                                                                                                                         
DisplayName                    Silently sign in users to the OneDrive sync app with their Windows credentials                                                                                               
CategoryPath                   \OneDrive                                                                                                                                                                    
PolicyType                     admxIngested                                                                                                                                                                 
SupportedOn                    At least Windows Server 2008 R2 or Windows 7                                                                                                                                 
ClassType                      machine
param (
    [parameter()]
    [System.Management.Automation.PSCredential]
    $Credential
)

Configuration ConfigureMicrosoft365
{
    param (
        [parameter()]
        [System.Management.Automation.PSCredential]
        $Credential
    )

    if ($null -eq $Credential)
    {
        <# Credentials #>
        $Credscredential = Get-Credential -Message "Credentials"

    }
    else
    {
        $CredsCredential = $Credential
    }

    $OrganizationName = $CredsCredential.UserName.Split('@')[1]

    Import-DscResource -ModuleName 'Microsoft365DSC'

    Node localhost
    {
        IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 "IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10-REDACTED"
        {
            ApplicationId                    = $ConfigurationData.NonNodeData.ApplicationId;
            Assignments                      = @(
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    dataType = '#microsoft.graph.exclusionGroupAssignmentTarget'
                    groupId = 'REDACTED'
                }
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    dataType = '#microsoft.graph.groupAssignmentTarget'
                    groupId = 'REDACTED'
                }
            );
            CertificateThumbprint            = $ConfigurationData.NonNodeData.CertificateThumbprint;
            DefinitionValues                 = @(
                MSFT_IntuneGroupPolicyDefinitionValue{
                    ConfigurationType = 'policy'
                    Id = 'REDACTED'
                    Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition{
                        Id = 'REDACTED'
                        DisplayName = 'Silently sign in users to the OneDrive sync app with their Windows credentials'
                        CategoryPath = '\OneDrive'
                        PolicyType = 'admxIngested'
                        SupportedOn = 'At least Windows Server 2008 R2 or Windows 7'
                        ClassType = 'machine'
                    }
                    Enabled = $True
                }
                MSFT_IntuneGroupPolicyDefinitionValue{
                    ConfigurationType = 'policy'
                    Id = 'REDACTED'
                    Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition{
                        Id = 'REDACTED'
                        DisplayName = 'Prevent users from syncing libraries and folders shared from other organizations'
                        CategoryPath = '\OneDrive'
                        PolicyType = 'admxIngested'
                        SupportedOn = 'At least Windows Server 2008 R2 or Windows 7'
                        ClassType = 'machine'
                    }
                    Enabled = $True
                }
                MSFT_IntuneGroupPolicyDefinitionValue{
                    ConfigurationType = 'policy'
                    Id = 'REDACTED'
                    Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition{
                        Id = 'REDACTED'
                        DisplayName = 'Require users to confirm large delete operations'
                        CategoryPath = '\OneDrive'
                        PolicyType = 'admxIngested'
                        SupportedOn = 'At least Windows Server 2008 R2 or Windows 7'
                        ClassType = 'machine'
                    }
                    Enabled = $True
                }
                MSFT_IntuneGroupPolicyDefinitionValue{
                    ConfigurationType = 'policy'
                    Id = 'REDACTED'
                    Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition{
                        Id = 'REDACTED'
                        DisplayName = 'Use OneDrive Files On-Demand'
                        CategoryPath = '\OneDrive'
                        PolicyType = 'admxIngested'
                        SupportedOn = 'At least Windows Server 2016, Windows 10 Version 1709'
                        ClassType = 'machine'
                    }
                    Enabled = $True
                }
            );
            Description                      = "";
            DisplayName                      = "REDACTED";
            Ensure                           = "Present";
            Id                               = "REDACTED";
            PolicyConfigurationIngestionType = "unknown";
            TenantId                         = $OrganizationName;
        }
    }
}
ricmestre commented 1 year ago

@NikCharlebois Are you aware of this issue? Like I mentioned it looks pretty much the same issue I reported on #31.

ricmestre commented 1 year ago

This was solved by #33