Hi,
I am trying to create some local groups and add Domain members to those groups.
So far I have this:
$systemID = $env:COMPUTERNAME
$ConfigurationData = @{
AllNodes = @(
@{
NodeName=$systemID
PSDscAllowPlainTextPassword=$true
}
}
}
$securedstring = ConvertTo-SecureString -String $Password -AsPlainText -Force
[PSCredential]$cred = New-Object System.Management.Automation.PSCredential ($UserName, $securedstring)
Group sitecore_ro {
GroupName = “sitecore_ro”
Ensure = “Present”
Description = “sitecore_ro”
Members = “$Domain\Dept_IT Dev”
#Members = @(“$Domain\Dept_IT Dev”)
Credential = $cred
}
It creates the group but does not add the members to the group.
Could some one post an example of the correct way to write this?
Also, I need to add more than one user or group, so is the Members = @(“$Domain\Dept_IT Dev”,“user1”,“user2”)
format the correct way to do this?
TIA
The Old Dog
I’ve had the same issue as discussed in my post here - https://powershell.org/forums/topic/issue-adding-users-to-a-group/
Don replied to me and pointed me towards some info that may help you. I’ve been busy and haven’t had a chance to dig back into it myself so I can’t really help you out any further than to point you to my thread and Dons reply.
Are you getting an error? If so, can you post it?
I get this error message:
The PowerShell provider MSFT_GroupResource threw one or more non-terminating errors while running the
Set-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational
Refer to this channel for more details.
+ CategoryInfo : InvalidOperation: (
, CimException
+ FullyQualifiedErrorId : NonTerminatingErrorFromProvider
+ PSComputerName : DSCTESTIAPP
One more thing, I am trying this on Windows 2008R2 server. I have noticed that some of the resources only work on 2012 servers.
What is the error in the Microsoft-Windows-DSC/Operational (Applications and Services Logs > Microsoft > Windows > Desired State Configuration > Operational) event log?
This event indicates that a non-terminating error was thrown when DSCEngine was executing Set-TargetResource on MSFT_GroupResource provider.
FullyQualifiedErrorId is COMException. ErrorMessage is Exception calling “FindByIdentity” with “2” argument(s): “Unknown error (0x80005000)”.
Old Dog
If I comment out the members line, the script runs without an error. It can’t seem to find the members…
The members are on a different, trusted domain and I can add them to the groups with a simple
Net localgroup “Performance Log Users” “otherdomain.com\user” /add
I wonder if this is a “feature” of DSC?
BTW, the Group Resource adds the group and description with no problems.
Mike
That’s what I thought. The Group resource only works when everything is on the same domain. Computer, members, etc. Sad trombone. I’m not sure there is any workaround. It doesn’t look like anyone has contributed a fix.
Here is a PowerShell Connect issue I’ve filed about this. It covers two issues: you have to supply credentials when talking to any AD, even if that instance is world readable, and those credentials and the members being added to the group must be on the same domain. Feel free to give it an up vote:
https://connect.microsoft.com/PowerShell/feedbackdetail/view/957378/dsc-group-resource-fails-to-add-a-domain-user-to-a-local-group-without-domain-credentials
I had problems with this myself, and I finally figured it out and got it working! Using your code as an example. My 2 “minor” changes (not minor when your pulling your hair out) in BOLD:
$systemID = $env:COMPUTERNAME
$ConfigurationData = @{
AllNodes = @(
@{
NodeName=$systemID
PSDscAllowPlainTextPassword=$true
}
}
}
$securedstring = ConvertTo-SecureString -String $Password -AsPlainText -Force
[PSCredential]$cred = New-Object System.Management.Automation.PSCredential ([b]$Domain\[/b]$UserName, $securedstring)
Configuration AddUsersToGroup
Node $systemID {
Group sitecore_ro {
GroupName = "sitecore_ro"
Ensure = "Present"
Description = "sitecore_ro"
Members[b]ToInclude[/b] = "$Domain\Dept_IT Dev"
Credential = $cred
}
}
AddUsersToGroup -ConfigurationData $ConfigurationData