functions/system/Set-DMContentMode.ps1
function Set-DMContentMode { <# .SYNOPSIS Configures the way the module handles domain level objects not defined in configuration. .DESCRIPTION Configures the way the module handles domain level objects not defined in configuration. Depending on the desired domain configuration, dealing with undesired objects may be desirable. This module handles the following configurations: Mode Additive: In this mode, all configured content is considered in addition to what is already there. Objects not in scope of the configuration are ignored. Mode Constrained: In this mode, objects not configured are handled based on OU rules: - Include: If Include OUs are configured, only objects in the specified OUs are under management. Only objects in these OUs will be considered for deletion if not configured. - Exclude: If Exclude OUs are configured, objects in the excluded OUs are ignored, all objects outside of these OUs will be considered for deletion if not configured. If both Include and Exclude OUs are configured, they are merged without applying the implied top-level Include of an Exclude-only configuration. In this scenario, if a top-level Include is desired, it needs to be explicitly set. When specifying Include and Exclude OUs, specify the full DN, inserting '%DomainDN%' (without the quotes) for the domain root. .PARAMETER Mode The mode to operate under. In Additive mode, objects not configured are being ignored. In Constrained mode, objects not configured may still be under maanagement, depending on Include and Exclude rules. .PARAMETER Include OUs in which to look for objects under management. Use this to explicitly list which OUs should be inspected for objects to delete. Only applied in Constrained mode. Specify the full DN, inserting '%DomainDN%' (without the quotes) for the domain root. .PARAMETER Exclude OUs in which to NOT look for objects under management. All other OUs are subject to management and having undesired objects deleted. Only applied in Constrained mode. Specify the full DN, inserting '%DomainDN%' (without the quotes) for the domain root. .PARAMETER UserExcludePattern Regex expressions that are applied to the name property of user objects found in AD. By default, in Constrained mode, all users found in paths resolved to be under management (through -Include and -Exclude specified in this command) that are not configured will be flagged for deletion. Using this parameter, it becomes possible to exempt specific accounts or accounts according to a specific pattern from this. .EXAMPLE PS C:\> Set-DMContentMode -Mode 'Constrained' -Include 'OU=Administration,%DomainDN%' Enables Constrained mode and configures the top-level OU "Administration" as an OU under management. #> [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseShouldProcessForStateChangingFunctions", "")] [CmdletBinding()] Param ( [ValidateSet('Additive', 'Constrained')] [string] $Mode, [AllowEmptyCollection()] [string[]] $Include, [AllowEmptyCollection()] [string[]] $Exclude, [AllowEmptyCollection()] [string[]] $UserExcludePattern ) process { if ($Mode) { $script:contentMode.Mode = $Mode } if (Test-PSFParameterBinding -ParameterName Include) { $script:contentMode.Include = $Include } if (Test-PSFParameterBinding -ParameterName Exclude) { $script:contentMode.Exclude = $Exclude } if (Test-PSFParameterBinding -ParameterName UserExcludePattern) { $script:contentMode.UserExcludePattern = $UserExcludePattern } } } |