search

dsccommunity / ActiveDirectoryDsc

This module contains DSC resources for deployment and configuration of Active Directory Domain Services.
MIT License
341 stars 141 forks source link

ADGroup: Resources Failing and Non-idempotent #639

Closed eebuta closed 3 years ago

eebuta commented 3 years ago

Details of the scenario you tried and the problem that is occurring

Hi All, I am using the MSFT_ADGroup resource in activedirectorydsc (https://forge.puppet.com/modules/dsc/activedirectorydsc) module to create a new group in AD. The module runs successfully on the first try, then throws errors on the sequential runs. I think this happens because the AD group is configured as required, however the activedirectorydsc module might not be in a position to handle errors regarding the existing objects. What’s the best way to resolve the following issue?

Verbose logs showing the problem

image

Suggested solution to the issue

Introduce logic to handle error for existing AD groups

The DSC configuration that is used to reproduce the issue (as detailed as possible)

# A description of what this class does
#
# @example
#   include profile::baseline::common::domainjoin
class profile::baseline::common::domainjoin (
  String $machine_ou,
  String $joinuser,
  String $joinpassword,
  String $machine_group_ou,
  String $joindomain ',
  Array $arrcertname  = split($trusted['certname'], '[.]'),
  Array $groups,
  Array $localgroup,
) {
  $_domain_join_check = 'C:\\Windows\\Temp\\domainjoined.txt'
  $_file_exists = find_file($_domain_join_check)
  case $facts['osfamily'] {
    default: {}
    'windows': {
        dsc_adgroup { 'ServerAdmin-Group':
          dsc_description => 'Create AD Group for Host/Machine',
          dsc_groupname   => "UKR-ALL-ITS-ServerAdmin-${facts['hostnme']}",
          dsc_category    => 'Security',
          dsc_path        => $machine_group_ou,
          dsc_ensure      => 'Present',
          dsc_displayname => "UKR-ALL-ITS-ServerAdmin-${facts['hostnme']}",
          dsc_members     => $groups,
          dsc_credential  => {
            'user'     => $joinuser,
            'password' => Sensitive($joinpassword),
          }
        }
      }
    }
  }
}

The operating system the target node is running

OsName : Microsoft Windows Server 2016 Datacenter OsOperatingSystemSKU : DatacenterServerEdition OsArchitecture : 64-bit WindowsBuildLabEx : 14393.3471.amd64fre.rs1_release_1.191218-1729 OsLanguage : en-US OsMuiLanguages : {en-US}

Version and build of PowerShell the target node is running

Version of the DSC module that was used

https://forge.puppet.com/modules/dsc/activedirectorydsc - 6.0.1-0-1

X-Guardian commented 3 years ago

@eebuta, this is Puppet configuration and Puppet logs which we do not support here. Please reproduce the issue with native DSC Configuration and post the DSC verbose logs if you want this to be investigated further.

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had activity from the community in the last 30 days. It will be closed if no further activity occurs within 10 days. If the issue is labelled with any of the work labels (e.g bug, enhancement, documentation, or tests) then the issue will not auto-close.

stale[bot] commented 3 years ago

This issue has been automatically closed because it is has not had activity from the community in the last 40 days.