Closed paveldokov closed 4 years ago
X-Guardian
commented
4 years ago Hi @paveldokov, can you give an example of the DSC configuration you are using?
The ADGroup resource has three membership properties Members, MembersToInclude and MembersToExclude. It sounds to me like you are using the Members property rather than the MembersToInclude property. See the ADGroup Wiki Page for further details.
paveldokov
commented
4 years ago Hello,
I do not specify any of these properties - as I said the members are managed outside the DSC module. We use Ansible for triggering the DSC configuration. Here is a snippet of my code:
- name: Add AD groups
win_dsc:
PsDscRunAsCredential_username: "{{ user }}"
PsDscRunAsCredential_password: "{{ pass }}"
resource_name: ADGroup
GroupName: "{{ groupName }}"
GroupScope: "DomainLocal"
Ensure: "Present"
Path: "{{ OU }}"When members are added post group creation, via the current change management process, that includes another automated process, a subsequent rerun of the Ansible playbooks results into an error, that indicates Members mismatch.
X-Guardian
commented
4 years ago OK, @paveldokov, that Ansible code is of no use to me to reproduce the issue. Please can you provide vanilla DSC configuration and the verbose DSC output when this is applied, showing the issue.
paveldokov
commented
4 years ago I will come back to you. Thanks!
Description
We use this module to create groups in AD. Nonetheless, Group membership is managed via a separate automation process. When we update the group membership via the separate process, the subsequent run of the ADGroup module will fail, because there is members mismatch. I guess, similar issues might occur when property 'ManagedBy' is specified and the group manager adds users manually.
Proposed properties
Enable Group membership to be managed outside of the DSC module, by including a flag variable that will skip Members check for match.
Special considerations or limitations