I ran into an issue when utilizing this resource where I didn't want to provide a DA credential. In my environment, we utilize machine identities to ACL most of our resources so we can avoid using passwords in 99.9% of situations. Unfortunately, this resource doesn't support this.
Suggested fixes:
Changed the "DomainAdministratorCredential" property in the schema to "write" (was required).
Changed the "DomainAdministratorCredential" parameter in the resource to "Mandatory = $false".
Wrapped the Set-ImpersonateAs function in an if statement to check for the "DomainAdministratorCredential" key exists in $PSBoundParameters.
I ran into an issue when utilizing this resource where I didn't want to provide a DA credential. In my environment, we utilize machine identities to ACL most of our resources so we can avoid using passwords in 99.9% of situations. Unfortunately, this resource doesn't support this. Suggested fixes:
Changed the "DomainAdministratorCredential" property in the schema to "write" (was required). Changed the "DomainAdministratorCredential" parameter in the resource to "Mandatory = $false". Wrapped the Set-ImpersonateAs function in an if statement to check for the "DomainAdministratorCredential" key exists in $PSBoundParameters.