search

microsoft / Microsoft365DSC

Manages, configures, extracts and monitors Microsoft 365 tenant configurations
https://aka.ms/M365DSC
MIT License
1.61k stars 501 forks source link

SCRetentionCompliancePolicy performing wrong when creating Microsoft Teams Chat Standard Retention Policy/Rule #2181

Closed atdheekurteshi closed 2 years ago

atdheekurteshi commented 2 years ago

Details of the scenario you tried and the problem that is occurring

SCRetentionCompliancePolicy -Name 'Microsoft Teams Chat Standard Retention Policy' can't be created with the following error:

PS C:\Windows\system32> Publish-DscConfiguration -Path C:\Users\src\MOFs\MainConfig -Force -Verbose
PS C:\Windows\system32> Start-DscConfiguration -UseExisting -Force -Verbose -Wait  
The parent policy 'FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/Configuration/Microsoft Teams Chat Standard Retention Policy' is a Teams policy.  Configuring non-Teams supported parameters of this rule are not allowed.
   + CategoryInfo          : NotSpecified: (:) [], CimException
   + FullyQualifiedErrorId : [Server=,RequestId=d5ea873a-a153-4c9b-8201-d6b9ea3c402c,TimeStamp=05.08.2022 10:45:52] [FailureCategory=Cmdlet-ErrorModifyingTeamsRuleWithNonTeamsAllowedParameterException] B57FBD,Microsoft.Office.CompliancePolicy.Tasks.NewRetentionComplianceRule
   + PSComputerName        : localhost

VERBOSE: []: LCM:  [ BeendenFestlegen]  [[SCRetentionComplianceRule]Container-110-f9a02134-4c19-4b97-8009-e8baaec2a7ab]  in 1.5310 Sekunden.
Die PowerShell DSC-Ressource "[SCRetentionComplianceRule]Container-110-f9a02134-4c19-4b97-8009-e8baaec2a7ab" mit SourceInfo "::52::3::SCRetentionComplianceRule" hat beim Ausführen der Funktion "Set-TargetResource" mindestens einen Fehler ohne Abbruch ausgegeben. Diese Fehler werden im ETW-Kanal namens "Microsoft-Windows-DSC/Operational" protokolliert. 
Weitere
Informationen finden Sie in diesem Kanal.
   + CategoryInfo          : InvalidOperation: (:) [], CimException
   + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
   + PSComputerName        : localhost

SCRetentionCompliancePolicy -Name 'Microsoft Teams Chat Standard Retention Policy' can't be crated with -TeamsChatLocation 'All' attribute but in PowerShell is working check the code below.

Here we have two issues one is not creating the policy due to unknown and the second is the -TeamsChatLocation 'All' when specified you need to specify some other attributes like -TeamsChatLocationException, -TeamsChannelLocation,TeamsChannelLocationException when the value 'All' is provided.

In PowerShell when I run the following commands everything seems to be working fine for SCRetentionCompliancePolicy:

PS C:\Windows\system32> New-RetentionCompliancePolicy -Name 'Microsoft Teams Chat Standard Retention Policy' -Comment 'abc' -Enabled:$false -RestrictiveRetention:$false -TeamsChatLocation 'All'

Name Workload                                                                    Enabled Mode
---- --------                                                                    ------- ----
Microsoft Teams Chat Standard Retention Policy Exchange, SharePoint, OneDriveForBusiness, Skype, ModernGroup, DynamicScope False   Enforce

PS C:\Windows\system32>

The DSC configuration that is used to reproduce the issue (as detailed as possible)

MOF file extract:

/*
@TargetNode='localhost'
@GeneratedBy=
@GenerationDate=
@GenerationHost=
*/

instance of MSFT_Credential as $MSFT_Credential1ref
{
Password = ""
UserName = "";
};

instance of MSFT_SCRetentionCompliancePolicy as $MSFT_SCRetentionCompliancePolicy1ref
{
ResourceID = "[SCRetentionCompliancePolicy]Container-106-7721c540-0083-4536-9eb3-6119cd6cbde5";
 Enabled = False;
 Credential = $MSFT_Credential1ref;
 Ensure = "Present";
 Comment = "Standard Aufbewahrungsfrist für Exchange Online 93 Tage";
 SourceInfo = "::10::3::SCRetentionCompliancePolicy";
 Name = "Exchange Online Standard Retention Policy";
 ModuleName = "Microsoft365DSC";
 RestrictiveRetention = False;
 ExchangeLocation = {
    "All"
};
 ModuleVersion = "1.22.720.1";

 ConfigurationName = "MainConfig";

};
instance of MSFT_Credential as $MSFT_Credential2ref
{
Password = ""
UserName = "";
};

instance of MSFT_SCRetentionCompliancePolicy as $MSFT_SCRetentionCompliancePolicy2ref
{
ResourceID = "[SCRetentionCompliancePolicy]Container-107-7a9fb40b-94a8-42c4-96ae-08fcb8304d34";
 TeamsChatLocation = {
    "All"
};
 Enabled = False;
 Credential = $MSFT_Credential2ref;
 Ensure = "Present";
 Comment = "Standard Aufbewahrungsrichtlinie für Microsoft Teams Chat Protokolle";
 SourceInfo = "::20::3::SCRetentionCompliancePolicy";
 Name = "Microsoft Teams Chat Standard Retention Policy";
 ModuleName = "Microsoft365DSC";
 RestrictiveRetention = False;
 ModuleVersion = "1.22.720.1";

 ConfigurationName = "MainConfig";

};
instance of MSFT_Credential as $MSFT_Credential3ref
{
Password = ""
UserName = "";
};

instance of MSFT_SCRetentionCompliancePolicy as $MSFT_SCRetentionCompliancePolicy3ref
{
ResourceID = "[SCRetentionCompliancePolicy]Container-108-24dff2f6-1c80-4299-bd89-b182168b96b6";
 Enabled = True;
 Credential = $MSFT_Credential3ref;
 Ensure = "Present";
 Comment = "Standard Aufbewahrungsrichtlinie für Microsoft OneDrive";
 SharePointLocation = {
    "All"
};
 SourceInfo = "::30::3::SCRetentionCompliancePolicy";
 Name = "OneDrive Standard Retention Policy";
 ModuleName = "Microsoft365DSC";
 RestrictiveRetention = False;
 OneDriveLocation = {
    "All"
};
 ModuleVersion = "1.22.720.1";

 ConfigurationName = "MainConfig";

};
instance of MSFT_Credential as $MSFT_Credential4ref
{
Password = ""
UserName = "";
};

instance of MSFT_SCRetentionComplianceRule as $MSFT_SCRetentionComplianceRule1ref
{
ResourceID = "[SCRetentionComplianceRule]Container-109-652a615d-b9b3-4ab0-8602-5286509ab61b";
 ExpirationDateOption = "ModificationAgeInDays";
 RetentionDurationDisplayHint = "Days";
 Ensure = "Present";
 RetentionDuration = "93";
 Policy = "Exchange Online Standard Retention Policy";
 SourceInfo = "::41::3::SCRetentionComplianceRule";
 Name = "Exchange Online Standard Retention Rule";
 ModuleName = "Microsoft365DSC";
 RetentionComplianceAction = "Keep";
 Credential = $MSFT_Credential4ref;
 ModuleVersion = "1.22.720.1";

 ConfigurationName = "MainConfig";

};
instance of MSFT_Credential as $MSFT_Credential5ref
{
Password = ""
UserName = "";
};

instance of MSFT_SCRetentionComplianceRule as $MSFT_SCRetentionComplianceRule2ref
{
ResourceID = "[SCRetentionComplianceRule]Container-110-f9a02134-4c19-4b97-8009-e8baaec2a7ab";
 ExpirationDateOption = "CreationAgeInDays";
 RetentionDurationDisplayHint = "Days";
 Ensure = "Present";
 RetentionDuration = "730";
 Policy = "Microsoft Teams Chat Standard Retention Policy";
 SourceInfo = "::52::3::SCRetentionComplianceRule";
 Name = "Microsoft Teams Chat Standard Retention Rule";
 ModuleName = "Microsoft365DSC";
 RetentionComplianceAction = "KeepAndDelete";
 Credential = $MSFT_Credential5ref;
 ModuleVersion = "1.22.720.1";

 ConfigurationName = "MainConfig";

};
instance of MSFT_Credential as $MSFT_Credential6ref
{
Password = ""
UserName = "";
};

instance of MSFT_SCRetentionComplianceRule as $MSFT_SCRetentionComplianceRule3ref
{
ResourceID = "[SCRetentionComplianceRule]Container-111-f16174cd-78e9-4895-8511-4bd542f96f6c";
 ExpirationDateOption = "ModificationAgeInDays";
 RetentionDurationDisplayHint = "Days";
 Ensure = "Present";
 RetentionDuration = "93";
 Policy = "OneDrive Standard Retention Policy";
 SourceInfo = "::63::3::SCRetentionComplianceRule";
 Name = "OneDrive Standard Retention Rule";
 ModuleName = "Microsoft365DSC";
 RetentionComplianceAction = "Keep";
 Credential = $MSFT_Credential6ref;
 ModuleVersion = "1.22.720.1";

 ConfigurationName = "MainConfig";

};
instance of OMI_ConfigurationDocument

                    {
 Version="2.0.0";

                        MinimumCompatibleVersion = "1.0.0";

                        CompatibleVersionAdditionalProperties= {"Omi_BaseResource:ConfigurationName"};

                        Author="";

                        GenerationDate=

                        GenerationHost="";

                        ContentType="PasswordEncrypted";

                        Name="MainConfig";

                    };
#### The operating system the target node is running
<!--
    Please provide as much as possible about the target node, for example
    edition, version, build and language.
    On OS with WMF 5.1 the following command can help get this information.

OsName               : Microsoft Windows 10 Pro
OsOperatingSystemSKU : 48
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 19041.1.amd64fre.vb_release.191206-1406
OsLanguage           : en-US
OsMuiLanguages       : {en-US, de-DE}

-->

#### Version of the DSC module that was used ('dev' if using current dev branch)
1.22.720.1
andikrueger commented 2 years ago

This is somehow related to #2173.

NikCharlebois commented 2 years ago

It would appear that for some reason, even if certain parameters are returned via the Get- cmdlet and exposed via the New-* equivalent, that Teams based rules cannot use certain parameters, which is what is causing the issue: https://github.com/MicrosoftDocs/office-docs-powershell/issues/7026#issuecomment-759088407

NikCharlebois commented 2 years ago

My proposed strategy is to look up the parent policy to see if it has the TeamsPolicy property set to $true. If it does, then the ExpirationDateOption and RetentionComplianceAction properties will be ignored in the Set, and would not be returned in the Get.