Group Resource Adding a Domain Group to Local Group

Hi All

I am trying to test the use of Group Resource (please see below) to add a domain user to the local administrators group. However when running the DSC configuration (on a domain-joined node), I am getting the following errors:

Job {FB54A459-C92A-4097-8F4D-2107B5A05A29} :
This event indicates that a non-terminating error was thrown when DSCEngine was executing Test-TargetResource on MSFT_GroupResource provider. FullyQualifiedErrorId is PrincipalOperationException. ErrorMessage is Exception calling “FindByIdentity” with “2” argument(s): “Unknown error (0x80005000)”.

Followed by:

This event indicates that failure happens when LCM is processing the configuration. ErrorId is 0x1. ErrorDetail is The SendConfigurationApply function did not succeed… ResourceId is [Group]EEIServerAdmins and SourceInfo is ::61::5::Group. ErrorMessage is The PowerShell provider MSFT_GroupResource threw one or more non-terminating errors while running the Test-TargetResource functionality.

###################

$ConfigData = @{
AllNodes = @(
@{
NodeName=“localhost”;
PSDscAllowPlainTextPassword = $true

     }

)}

Configuration DistributionPoint
{
param
(
[string[]]$ComputerName=“localhost”
)

Node $ComputerName

{
$password = ConvertTo-SecureString “Password” -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential (“domain\domainread”, $password)

Group DomainGroup
{
Ensure = “Present”
GroupName = “Administrators”
MembersToInclude = “domain\domaingroup”
Credential = $Credential
}

}

}

$workingdir = “C:_scripts\DSC\DistributionPoint”

DistributionPoint -ConfigurationData $ConfigData -OutputPath $workingdir

################

Thanks!

I was having trouble with adding domain users to groups. Someone suggested I try xGroups and that solved the problem.
It even allowed me to add users and groups from trusted domains.

It’s part of this Package: https://gallery.technet.microsoft.com/xPSDesiredStateConfiguratio-417dc71d

Give it a try.

OldDog