ad_group_membership removes all members of a group when destroying resource

[v-esteves]

Terraform Version and Provider Version

Terraform v1.3.8 on windows_386

• provider registry.terraform.io/hashicorp/ad v0.4.4

Windows Version

Windows Server 2022 Datacenter Azure Edition

Affected Resource(s)

ad_group_membership

Terraform Configuration Files

terraform {
  required_providers {
    ad = {
      source = "hashicorp/ad"
      version = "0.4.4"
    }
    azurerm = {
      source = "hashicorp/azurerm"
      version = ">= 3.25.0"
    }
  }
}

provider "ad" {
  winrm_hostname = ""
  winrm_username = ""
  winrm_password = ""
}

provider azurerm {
  features {}
}

variable "groups"  {
    type = list(object({
        group = string
  }))
}

data "ad_group" "ad_group" {
    count = length(var.groups)
    group_id = var.groups[count.index].group
}

resource "ad_group_membership" "ad_group_member" {
    for_each = {for i, v in data.ad_group.ad_group:  i => v}
    group_id = each.value.id
    group_members = [ "4dec9478-2511-4640-8102-3a456a404643" ]
}

Expected Behavior

Terraform apply executes correctly and the user is added to an existing list of groups. Terraform destroy removes the user from the groups.

Actual Behavior

Terraform destroy removes ALL users from the groups, not only the added user.

Steps to Reproduce

2. 'terraform apply -destroy'

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[bryanfarmer]

Any movement on this issue? We have many shared groups that servers are added to for SCCM, Certificate auto-enrollment, etc. Removing all members would be extremely impacting.