search

dsccommunity / ActiveDirectoryDsc

This module contains DSC resources for deployment and configuration of Active Directory Domain Services.
MIT License
345 stars 142 forks source link

AdUser: ProxyAddresses errors indexing null array #690

Closed albvar closed 2 years ago

albvar commented 2 years ago

Problem description

I am passing in ProxyAddresses, I copied this from the MOF itself. The value is not null and seems to be treating the value as a string[]. The AD user is created but it does not populate ProxyAddresses. If I omit ProxyAddresses I no longer see the issue. ProxyAddresses = { "SMTP:myuser.last@email.com" };

Verbose logs

VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer MY-SERVER with user sid S-1-5-21-110307331-22835244-1898845797-7684.
VERBOSE: [MY-SERVER]: LCM:  [ Start  Set      ]
VERBOSE: [MY-SERVER]: LCM:  [ Start  Resource ]  [[ADUser]MYDOMAIN\simone.niccol]
VERBOSE: [MY-SERVER]: LCM:  [ Start  Test     ]  [[ADUser]MYDOMAIN\simone.niccol]
VERBOSE: [MY-SERVER]:                            [[ADUser]MYDOMAIN\simone.niccol] Retrieving 'simone.niccol' from domain 'MYDOMAIN.local'. (ADU0004)
VERBOSE: [MY-SERVER]:                            [[ADUser]MYDOMAIN\simone.niccol] 'simone.niccol' is not present in domain 'MYDOMAIN.local'. (ADU0008)
VERBOSE: [MY-SERVER]:                            [[ADUser]MYDOMAIN\simone.niccol] 'simone.niccol' is absent but should be present. (ADU0012)
VERBOSE: [MY-SERVER]: LCM:  [ End    Test     ]  [[ADUser]MYDOMAIN\simone.niccol]  in 2.3010 seconds.
VERBOSE: [MY-SERVER]: LCM:  [ Start  Set      ]  [[ADUser]MYDOMAIN\simone.niccol]
VERBOSE: [MY-SERVER]:                            [[ADUser]MYDOMAIN\simone.niccol] Retrieving 'simone.niccol' from domain 'MYDOMAIN.local'. (ADU0004)
VERBOSE: [MY-SERVER]:                            [[ADUser]MYDOMAIN\simone.niccol] 'simone.niccol' is not present in domain 'MYDOMAIN.local'. (ADU0008)
Index operation failed; the array index evaluated to null.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : NullArrayIndex
    + PSComputerName        : MY-SERVER

VERBOSE: [MY-SERVER]:                            [[ADUser]MYDOMAIN\simone.niccol] Adding 'simone.niccol to domain 'MYDOMAIN.local'. (ADU0014)
DEBUG: [MY-SERVER]:                            [[ADUser]MYDOMAIN\simone.niccol] New-ADUser Parameters:
Name                           Value                                                                                    
----                           -----                                                                                    
OtherAttributes                {Description, Manager, sn, EmployeeID...}                                                
Path                           OU=Users,OU=MYDOMAIN,DC=MYDOMAIN,DC=local                                                
Name                           simone.niccol                                                                            
AccountPassword                System.Security.SecureString                                                             
Enabled                        True
VERBOSE: [MY-SERVER]: LCM:  [ End    Set      ]  [[ADUser]MYDOMAIN\simone.niccol]  in 0.9910 seconds.
The PowerShell DSC resource '[ADUser]MYDOMAIN\simone.niccol' with SourceInfo '::2::2::ADUser' threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called 
Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : MY-SERVER

VERBOSE: [MY-SERVER]: LCM:  [ End    Set      ]
The SendConfigurationApply function did not succeed.
    + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 1
    + PSComputerName        : MY-SERVER

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 5.174 seconds

DSC configuration

/*
@TargetNode='FABRIKAM-SERVER-SERVER'
@GeneratedBy=myadmin-admin
@GenerationDate=05/22/2022 11:57:00
@GenerationHost=FABRIKAM-SERVER-SERVER
*/

instance of MSFT_Credential as $MSFT_Credential1ref
{
Password = "MYPassword";
 UserName = "simone.niccol";

};

instance of MSFT_Credential as $MSFT_Credential2ref
{
Password = "MyPassword!";
 UserName = "FABRIKAM-SERVER\\myadmin-admin";

};

instance of MSFT_ADUser as $MSFT_ADUser1ref
{
Description = "EMPLOYEE";
 UserPrincipalName = "simone.niccol@mydomain.com";
 DisplayName = "Simone Niccol";
 ResourceID = "[ADUser]FABRIKAM-SERVER\\simone.niccol";
 UserName = "simone.niccol";
 Password = $MSFT_Credential1ref;
 GivenName = "Simone";
 EmailAddress = "simone.niccol@mydomain.com";
 PsDscRunAsCredential = $MSFT_Credential2ref;
 MobilePhone = "(111) 222-3333";
 Department = "COMMERCIAL";
 Ensure = "Present";
 ProxyAddresses = {
    "SMTP:simone.niccol@mydomain.com"
};
 SourceInfo = "::2::2::ADUser";
 JobTitle = "Feet Manager";
 EmployeeID = "007";
 Surname = "Niccol";
 ModuleVersion = "6.0.1";
 ModuleName = "ActiveDirectoryDsc";
 CommonName = "Simone Niccol";
 City = "FIELD";
 Path = "OU=Users,OU=FABRIKAM-SERVER,DC=FABRIKAM-SERVER,DC=local";
 DomainName = "FABRIKAM-SERVER.local";
 PasswordNeverResets = True;
 Enabled = True;
 Manager = "CN=Bobby Peterskins,OU=Users,OU=FABRIKAM-SERVER,DC=FABRIKAM-SERVER,DC=local";

 ConfigurationName = "CreateUserAndManagePassword";

};
instance of MSFT_Credential as $MSFT_Credential3ref
{
Password = "MyPassword!";
 UserName = "FABRIKAM-SERVER\\myadmin-admin";

};

instance of MSFT_ADGROUP as $MSFT_ADGROUP1ref
{
ResourceID = "[ADGROUP]APP-GROUP Users";
 PsDscRunAsCredential = $MSFT_Credential3ref;
 MembersToInclude = {
    "simone.niccol"
};
 Ensure = "Present";
 GROUPName = "APP-GROUP Users";
 SourceInfo = "E:\\ActiveDirectoryDsc\\ON-PowerShell\\Source\\Public\\CreateUserAndManagePassword.ps1::164::21::ADGROUP";
 ModuleName = "ActiveDirectoryDsc";
 ModuleVersion = "6.0.1";

DependsOn = {

    "[ADUser]FABRIKAM-SERVER\\simone.niccol"};

 ConfigurationName = "CreateUserAndManagePassword";

};
instance of MSFT_Credential as $MSFT_Credential4ref
{
Password = "MyPassword!";
 UserName = "FABRIKAM-SERVER\\myadmin-admin";

};

instance of MSFT_ADGROUP as $MSFT_ADGROUP2ref
{
ResourceID = "[ADGROUP]App-GROUP Prod";
 PsDscRunAsCredential = $MSFT_Credential4ref;
 MembersToInclude = {
    "simone.niccol"
};
 Ensure = "Present";
 GROUPName = "App-GROUP Prod";
 SourceInfo = "E:\\ActiveDirectoryDsc\\ON-PowerShell\\Source\\Public\\CreateUserAndManagePassword.ps1::164::21::ADGROUP";
 ModuleName = "ActiveDirectoryDsc";
 ModuleVersion = "6.0.1";

DependsOn = {

    "[ADUser]FABRIKAM-SERVER\\simone.niccol"};

 ConfigurationName = "CreateUserAndManagePassword";

};
instance of MSFT_Credential as $MSFT_Credential5ref
{
Password = "MyPassword!";
 UserName = "FABRIKAM-SERVER\\myadmin-admin";

};

instance of MSFT_ADGROUP as $MSFT_ADGROUP3ref
{
ResourceID = "[ADGROUP]APP-GROUP3";
 PsDscRunAsCredential = $MSFT_Credential5ref;
 MembersToInclude = {
    "simone.niccol"
};
 Ensure = "Present";
 GROUPName = "APP-GROUP3";
 SourceInfo = "E:\\ActiveDirectoryDsc\\ON-PowerShell\\Source\\Public\\CreateUserAndManagePassword.ps1::164::21::ADGROUP";
 ModuleName = "ActiveDirectoryDsc";
 ModuleVersion = "6.0.1";

DependsOn = {

    "[ADUser]FABRIKAM-SERVER\\simone.niccol"};

 ConfigurationName = "CreateUserAndManagePassword";

};
instance of MSFT_Credential as $MSFT_Credential6ref
{
Password = "MyPassword!";
 UserName = "FABRIKAM-SERVER\\myadmin-admin";

};

instance of MSFT_ADGROUP as $MSFT_ADGROUP3ref
{
ResourceID = "[ADGROUP]APP-GROUP2 Users";
 PsDscRunAsCredential = $MSFT_Credential6ref;
 MembersToInclude = {
    "simone.niccol"
};
 Ensure = "Present";
 GROUPName = "APP-GROUP2 Users";
 SourceInfo = "E:\\ActiveDirectoryDsc\\ON-PowerShell\\Source\\Public\\CreateUserAndManagePassword.ps1::164::21::ADGROUP";
 ModuleName = "ActiveDirectoryDsc";
 ModuleVersion = "6.0.1";

DependsOn = {

    "[ADUser]FABRIKAM-SERVER\\simone.niccol"};

 ConfigurationName = "CreateUserAndManagePassword";

};
instance of MSFT_Credential as $MSFT_Credential7ref
{
Password = "MyPassword!";
 UserName = "FABRIKAM-SERVER\\myadmin-admin";

};

instance of MSFT_ADGROUP as $MSFT_ADGROUP5ref
{
ResourceID = "[ADGROUP]ADP Users";
 PsDscRunAsCredential = $MSFT_Credential7ref;
 MembersToInclude = {
    "simone.niccol"
};
 Ensure = "Present";
 GROUPName = "ADP Users";
 SourceInfo = "E:\\ActiveDirectoryDsc\\ON-PowerShell\\Source\\Public\\CreateUserAndManagePassword.ps1::164::21::ADGROUP";
 ModuleName = "ActiveDirectoryDsc";
 ModuleVersion = "6.0.1";

DependsOn = {

    "[ADUser]FABRIKAM-SERVER\\simone.niccol"};

 ConfigurationName = "CreateUserAndManagePassword";

};
instance of MSFT_Credential as $MSFT_Credential8ref
{
Password = "MyPassword!";
 UserName = "FABRIKAM-SERVER\\myadmin-admin";

};

instance of MSFT_ADGROUP as $MSFT_ADGROUP6ref
{
ResourceID = "[ADGROUP]APP-GROUP4";
 PsDscRunAsCredential = $MSFT_Credential8ref;
 MembersToInclude = {
    "simone.niccol"
};
 Ensure = "Present";
 GROUPName = "APP-GROUP4";
 SourceInfo = "E:\\ActiveDirectoryDsc\\ON-PowerShell\\Source\\Public\\CreateUserAndManagePassword.ps1::164::21::ADGROUP";
 ModuleName = "ActiveDirectoryDsc";
 ModuleVersion = "6.0.1";

DependsOn = {

    "[ADUser]FABRIKAM-SERVER\\simone.niccol"};

 ConfigurationName = "CreateUserAndManagePassword";

};
instance of MSFT_Credential as $MSFT_Credential9ref
{
Password = "MyPassword!";
 UserName = "FABRIKAM-SERVER\\myadmin-admin";

};

instance of MSFT_ADGROUP as $MSFT_ADGROUP7ref
{
ResourceID = "[ADGROUP]APP-GROUP5 IC";
 PsDscRunAsCredential = $MSFT_Credential9ref;
 MembersToInclude = {
    "simone.niccol"
};
 Ensure = "Present";
 GROUPName = "APP-GROUP5 IC";
 SourceInfo = "E:\\ActiveDirectoryDsc\\ON-PowerShell\\Source\\Public\\CreateUserAndManagePassword.ps1::164::21::ADGROUP";
 ModuleName = "ActiveDirectoryDsc";
 ModuleVersion = "6.0.1";

DependsOn = {

    "[ADUser]FABRIKAM-SERVER\\simone.niccol"};

 ConfigurationName = "CreateUserAndManagePassword";

};
instance of MSFT_Credential as $MSFT_Credential10ref
{
Password = "MyPassword!";
 UserName = "FABRIKAM-SERVER\\myadmin-admin";

};

instance of MSFT_ADGROUP as $MSFT_ADGROUP8ref
{
ResourceID = "[ADGROUP]QS-GROUP6";
 PsDscRunAsCredential = $MSFT_Credential10ref;
 MembersToInclude = {
    "simone.niccol"
};
 Ensure = "Present";
 GROUPName = "QS-GROUP6";
 SourceInfo = "E:\\ActiveDirectoryDsc\\ON-PowerShell\\Source\\Public\\CreateUserAndManagePassword.ps1::164::21::ADGROUP";
 ModuleName = "ActiveDirectoryDsc";
 ModuleVersion = "6.0.1";

DependsOn = {

    "[ADUser]FABRIKAM-SERVER\\simone.niccol"};

 ConfigurationName = "CreateUserAndManagePassword";

};
instance of OMI_ConfigurationDocument

                    {
 Version="2.0.0";

                        MinimumCompatibleVersion = "2.0.0";

                        CompatibleVersionAdditionalProperties= {"Omi_BaseResource:ConfigurationName"};

                        Author="myadmin-admin";

                        GenerationDate="05/22/2022 11:57:00";

                        GenerationHost="FABRIKAM-SERVER-SERVER";

                        Name="CreateUserAndManagePassword";

                    };

Suggested solution

N/A

Operating system the target node is running

OsName               : Microsoft Windows Server 2016 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsBuildLabEx    : 14393.5125.amd64fre.rs1_release.220429-1732
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

PowerShell version and build the target node is running

Name                           Value                                                                                                                                                                                                                             
----                           -----                                                                                                                                                                                                                             
PSVersion                      5.1.14393.5066                                                                                                                                                                                                                    
PSEdition                      Desktop                                                                                                                                                                                                                           
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                                                                                                                                                           
BuildVersion                   10.0.14393.5066                                                                                                                                                                                                                   
CLRVersion                     4.0.30319.42000                                                                                                                                                                                                                   
WSManStackVersion              3.0                                                                                                                                                                                                                               
PSRemotingProtocolVersion      2.3                                                                                                                                                                                                                               
SerializationVersion           1.1.0.1

ActiveDirectoryDsc version

Name               Version Path                                                                                       
----               ------- ----                                                                                       
ActiveDirectoryDsc 6.0.1   C:\Program Files\WindowsPowerShell\Modules\ActiveDirectoryDsc\6.0.1\ActiveDirectoryDsc.psd1
johlju commented 2 years ago

I can't reproduce the problem with ProxyAddresses, are you sure that it is that property that make it throw?

Running this works (using v6.2.0):

Invoke-DscResource -Name ADUser -ModuleName ActiveDirectoryDsc -Method Set -Property @{
    DomainName = 'company.local'
    UserName = 'simone.niccol'
    Password = $mockDomainUserCredential
    ProxyAddresses = @(
        'SMTP:simone.niccol@company.local'
    )
    Credential = $mockDomainUserCredential
} -Verbose

Result:

VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = ResourceGet,'className' = MSFT_DSCLocalConfigurationManager,'namespaceN
ame' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer DC01 with user sid S-1-5-21-580101038-1291350449-3907825012-500.
VERBOSE: [DC01]:                            [[ADUser]DirectResourceAccess] Retrieving 'simone.niccol' from domain 'company.local'. (ADU0004)
VERBOSE: [DC01]:                            [[ADUser]DirectResourceAccess] 'simone.niccol' is present in domain 'company.local'. (ADU0007)
VERBOSE: [DC01]: LCM:  [ End    Get      ]  [[ADUser]DirectResourceAccess]  in 0.1240 seconds.
VERBOSE: [DC01]: LCM:  [ End    Set      ]    in  0.1880 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.
albvar commented 2 years ago

Bizarre, I updated to the latest version 6.2.0 and using the same exact payload the error was gone and the ProxyAddresses field was populated. Lesson learned, before asking for help make sure I am running latest version. Sorry for the lack of response, this is a Friday - Sunday project for me. Thanks for all you do!

albvar commented 2 years ago

After updating from 6.0.1 to 6.2.0 I was no longer experiencing this issue.