Add module AccountManagement #9926
Conversation
|
is the syntax the same as the windows PowerShell cmdlet? |
|
@TravisEz13 No, as mentioned in the PR description the used API is another and it impossible to keep full backward compatibility. The new design is closer to ActiveDirectory module. It make more sense because scripts can works (manage accounts) without the need to install AdminTools everyware. |
|
Last days CI Macos frequently time out. |
7d2f588 to
bfc2136
Compare
|
@SteveL-MSFT Can your team review so that we can move on and add more cmdlets in follow PRs? |
|
IMO this should be externalised, released to the Gallery and pulled into the output build of PowerShell (like PowerShellGet) instead of being added to the codebase |
|
I agree with @kilasuit. This should ideally go to PSGallery and be pulled down. |
|
We have a base account management in Windows PowerShell many years. If plan is to replace Windows PowerShell with PowerShell 7.0 we need to get back most of common modules and features that we lost in porting time.
|
|
I don't think there's any necessary need to force these to be a completely separate module. Maybe have a tracking issue or issues for such modules that we want to eventually have out of box? Separating them to a separately shipped module and/or pulling them into the PS build cycle isn't a huge undertaking in and of itself. I don't see why we need reject this as it is at the present; we can always move to separate it to a separate module when someone willing to maintain and develop it further steps up, whether from the PS team or the community. |
|
I think we would want to include this as part of the PS7 package, but also think it should be a separate module that is published to PSGallery and have its own repo. Eventually, I want to split up and move Utility and Management modules out of this repo (see #9960). Since the code is all self contained in a single folder, I think it's ok to just keep it in this repo for now and we can move it out when we do so for the others. By that time, hopefully we'll have templatized how to create the repos, contributing docs/etc.., enable CI, etc... |
| Author="PowerShell" | ||
| CompanyName="Microsoft Corporation" | ||
| Copyright="Copyright (c) Microsoft Corporation. All rights reserved." | ||
| ModuleVersion="6.1.0.0" |
There was a problem hiding this comment.
I don't think we need to have module versions match the PowerShell version. This should really be 1.0.0
| Copyright="Copyright (c) Microsoft Corporation. All rights reserved." | ||
| ModuleVersion="6.1.0.0" | ||
| CompatiblePSEditions = @("Core") | ||
| PowerShellVersion="3.0" |
There was a problem hiding this comment.
This should be the minimum version that this works with which is probably 6.0. If it works with older than 6.0, then CompatiblePSEditions needs to include Desktop.
| /// Gets or sets a DateTime that specifies the date and time that the account expires. | ||
| /// </summary> | ||
| [Parameter(ValueFromPipelineByPropertyName = true)] | ||
| [AllowNull] |
There was a problem hiding this comment.
Null here means never expires? But you have -AccountNeverExpires below?
There was a problem hiding this comment.
It doesn't work. Will remove.
| { | ||
| get; | ||
| set; | ||
| } = ContextType.Domain; |
There was a problem hiding this comment.
Does it make sense to be Domain by default? Does this work on non-Windows?
There was a problem hiding this comment.
It is only Windows API. Although it is based on "providers" and we could get support Unix PAM or something like in future.
I choose the default as enterprise user to be close to New-ADUser cmdlet from ActiveDirectory module.
ec60a8a to
6199946
Compare
6199946 to
48005be
Compare
87e5837 to
36018bc
Compare
50b8e23 to
776b13c
Compare
| @@ -1964,6 +1964,11 @@ | |||
| <File Id="fil6B026F6D5210498B99E5F14386F4F90B" KeyPath="yes" Source="$(env.ProductSourcePath)\Modules\ThreadJob\Microsoft.PowerShell.ThreadJob.dll" /> | |||
There was a problem hiding this comment.
@iSazonov, your last commit had 7 failures in PowerShell-CI-windows
(These are 5 of the failures)
Validate AccountManagement user cmdlets.Validate New-User.Can create New-User with only name
Expected exactly 'TestUserNew', but got $null.
at <ScriptBlock>, D:\a\1\s\test\powershell\Modules\Microsoft.PowerShell.AccountManagement\AccountManagement.User.Tests.ps1: line 27
27: $result.Name | Should -BeExactly TestUserNewValidate AccountManagement user cmdlets.Validate New-User.Can create New-User with password
Expected exactly 'TestUserNew', but got $null.
at <ScriptBlock>, D:\a\1\s\test\powershell\Modules\Microsoft.PowerShell.AccountManagement\AccountManagement.User.Tests.ps1: line 38
38: $result.Name | Should -BeExactly TestUserNewValidate AccountManagement user cmdlets.Validate New-User.Can create New-User with explicit properties in local machine
Expected exactly 'samq2', but got $null.
at <ScriptBlock>, D:\a\1\s\test\powershell\Modules\Microsoft.PowerShell.AccountManagement\AccountManagement.User.Tests.ps1: line 54
54: $result.Name | Should -BeExactly "samq2"Validate AccountManagement user cmdlets.Validate Remove-User.Can remove user account with pipeline
Expected an exception, with FullyQualifiedErrorId 'UserAlreadyRemoved,Microsoft.PowerShell.Commands.RemoveUserCommand' to be thrown, but no exception was thrown.
at <ScriptBlock>, D:\a\1\s\test\powershell\Modules\Microsoft.PowerShell.AccountManagement\AccountManagement.User.Tests.ps1: line 137
137: { $userIdentity | Remove-User -ErrorAction Stop } | Should -Throw -ErrorId "UserAlreadyRemoved,Microsoft.PowerShell.Commands.RemoveUserCommand"Validate AccountManagement user cmdlets.Validate Remove-User.Can remove user account with parameter
Expected no exception to be thrown, but an exception "Cannot bind argument to parameter 'Identity' because it is null." was thrown from D:\a\1\s\test\powershell\Modules\Microsoft.PowerShell.AccountManagement\AccountManagement.User.Tests.ps1:141 char:41
+ { Remove-User -Identity $userIdentity -ErrorAction St ?
+ ~~~~~~~~~~~~~.
at <ScriptBlock>, D:\a\1\s\test\powershell\Modules\Microsoft.PowerShell.AccountManagement\AccountManagement.User.Tests.ps1: line 141
141: { Remove-User -Identity $userIdentity -ErrorAction Stop } | Should -Not -Throw776b13c to
4384f8b
Compare
56a4fd8 to
4384f8b
Compare
| @@ -1964,6 +1964,11 @@ | |||
| <File Id="fil6B026F6D5210498B99E5F14386F4F90B" KeyPath="yes" Source="$(env.ProductSourcePath)\Modules\ThreadJob\Microsoft.PowerShell.ThreadJob.dll" /> | |||
There was a problem hiding this comment.
@iSazonov, your last commit had 7 failures in PowerShell-CI-windows
(These are 5 of the failures)
Validate AccountManagement user cmdlets.Validate New-User.Can create New-User with only name
Expected exactly 'TestUserNew', but got $null.
at <ScriptBlock>, D:\a\1\s\test\powershell\Modules\Microsoft.PowerShell.AccountManagement\AccountManagement.User.Tests.ps1: line 27
27: $result.Name | Should -BeExactly TestUserNewValidate AccountManagement user cmdlets.Validate New-User.Can create New-User with password
Expected exactly 'TestUserNew', but got $null.
at <ScriptBlock>, D:\a\1\s\test\powershell\Modules\Microsoft.PowerShell.AccountManagement\AccountManagement.User.Tests.ps1: line 38
38: $result.Name | Should -BeExactly TestUserNewValidate AccountManagement user cmdlets.Validate New-User.Can create New-User with explicit properties in local machine
Expected exactly 'samq2', but got $null.
at <ScriptBlock>, D:\a\1\s\test\powershell\Modules\Microsoft.PowerShell.AccountManagement\AccountManagement.User.Tests.ps1: line 54
54: $result.Name | Should -BeExactly "samq2"Validate AccountManagement user cmdlets.Validate Remove-User.Can remove user account with pipeline
Expected no exception to be thrown, but an exception "Cannot access a disposed object.
Object name: 'PrincipalContext'." was thrown from D:\a\1\s\test\powershell\Modules\Microsoft.PowerShell.AccountManagement\AccountManagement.User.Tests.ps1:134 char:35
+ ? { $userIdentity | Remove-User -ErrorAction Stop } | Sho ?
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.
at <ScriptBlock>, D:\a\1\s\test\powershell\Modules\Microsoft.PowerShell.AccountManagement\AccountManagement.User.Tests.ps1: line 134
134: { $userIdentity | Remove-User -ErrorAction Stop } | Should -Not -ThrowValidate AccountManagement user cmdlets.Validate Remove-User.Can remove user account with parameter
Expected no exception to be thrown, but an exception "Cannot bind argument to parameter 'Identity' because it is null." was thrown from D:\a\1\s\test\powershell\Modules\Microsoft.PowerShell.AccountManagement\AccountManagement.User.Tests.ps1:141 char:41
+ { Remove-User -Identity $userIdentity -ErrorAction St ?
+ ~~~~~~~~~~~~~.
at <ScriptBlock>, D:\a\1\s\test\powershell\Modules\Microsoft.PowerShell.AccountManagement\AccountManagement.User.Tests.ps1: line 141
141: { Remove-User -Identity $userIdentity -ErrorAction Stop } | Should -Not -Throw|
This pull request has been automatically marked as Review Needed because it has been there has not been any activity for 7 days. |
|
Closed with #12242 (comment) |
PR Summary
Add new module Microsoft.PowerShell.AccountManagement
There is only single cmdlet New-User to keep the PR as small as possible.
Later we will add other cmdlets.
PR Context
Related #2996
Module Microsoft.PowerShell.LocalAccounts was removed from PowerShell Core because of using non-public APIs.
Microsoft.PowerShell.AccountManagement uses only public APIs and based on System.DirectoryServices.AccountManagement.
It is impossible to get full backward compatibility with Microsoft.PowerShell.LocalAccounts module due to differences of the underlying API.
So the main model was chosen Microsoft ActiveDirectory module.
It will be easier for users to migrate from Microsoft.PowerShell.LocalAccounts to a more functional Microsoft.PowerShell.LocalAccounts module if necessary.
PR Checklist
.h,.cpp,.cs,.ps1and.psm1files have the correct copyright headerWIP:or[ WIP ]to the beginning of the title (theWIPbot will keep its status check atPendingwhile the prefix is present) and remove the prefix when the PR is ready.