Hello @all.
It seems, that the MSFT_GroupResource has an error, if the group to edit has a member “NETWORK SERVICE”.
It exits with an error like ‘New-Object : Exception calling “.ctor” with “2” argument(s): "Server names cannot contain a space character.’
Debugging the resource shows line 782 producing the exception.
# ...
[System.DirectoryServices.AccountManagement.Principal] $principal = $null
# extract the objectSid from the underlying DirectoryEntry
[System.DirectoryServices.DirectoryEntry] $entry = New-Object System.DirectoryServices.DirectoryEntry($item)
[byte[]] $sidBytes = $entry.Properties["objectSid"].Value # <--
# ...
Looks like the conversion to DirectoryEntry does not work here.
Is there any way around this? Probably just customizing the resource…
Thanks for the input.
Steffen
Can you check a local group with a space and a domain group with a space…it doesn’t seem to be limited to just ‘NETWORK SERVICE’.
Should probably open an issue on PowerShell DSC repo on GitHub - GitHub - PowerShell/DscResources: Central repository for PowerShell Desired State Configuration (DSC) resources.
Hi Arie,
thanks for your time.
I think you got me wrong. I do not want to add NETWORK SERVICE, it is already a member of the group. Changing the members using the “Group” resource fails with the above error message. 
If I remove NETWORK SERVICE from the group afore running my DSC config, everything works fine. That is not a viable solution, though.
Cheers,
Steffen
Hi,
I think it might be something to do with DirectoryService not working with local built-in SIDs but rather domain ones
but since I dont think your the first to try this and this hasn’t been reported yet, I assume its a matter of syntax.
Instead of ‘Network Service’ as the value in your DSC script, try ‘NT AUTHORITY\NETWORK SERVICE’ or ‘BUILTIN\NETWORK SERVICE’ or ‘ServerName\NETWORK SERVICE’ replacing ServerName with the real name of your server. IIRC the first one should be the one I;ve seen used in the past.