Hi All,
I used the powershell DSC Ebook from this site to set up my DSC test, but I’m running into an issue adding people to a group. I’ve tried passing my credentials two different ways, both make it into the mof file and look fine, but neither method actually adds the users to the group. I am an admin on the box I’m trying to create the group on and I’ve tried two different sets of credentials in doing so - neither work.
I’ve run the Trace-cDscOperation and found some log info on it, which is shown below:
This event indicates that a non-terminating error was thrown when DSCEngine was executing Set-TargetResource on MSFT_GroupResource provider. FullyQualifiedErrorId is COMException. ErrorMessage is Exception calling “FindByIdentity” with “2” argument(s): “Unknown error (0x80005000)”.
This event indicates that failure happens when LCM is processing the configuration. ErrorId is 0x1. ErrorDetail is The SendConfigurationApply function did not succeed… ResourceId is [Group]Administrators and SourceInfo is ::559::33::Group. ErrorMessage is The PowerShell provider MSFT_GroupResource threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details…
DSC Engine Error :
Error Message The SendConfigurationApply function did not succeed.
Error Code : 1
It says the same thing in Event Viewer. I’m not sure where to look for the ETW channel that it mentions.
If I manually make a local user on the machine and tell DSC to create the group, give it a description, and add that local guy then it works fine. However, it always fails if I try to pick a domain user. It creates the group, but doesn’t add anyone and doesn’t add the description.
I’m able to add a domain user without issue if I log into the machine and run a more traditional powershell script using ADSI to create the group and add the person. It just doesn’t like it when I try with DSC.
Here’s the pertinent pieces of my DSC script:
configuration test { $SuperUsers = "domain\randomguy1", "domain\randomguy2" $secpasswd = ConvertTo-SecureString "MYPASSWORD" -AsPlainText -Force $mycreds = New-Object System.Management.Automation.PSCredential ("MYUSERID",$secpasswd) node node1 { Group SuperUsers { GroupName = "Super Users" Ensure = "Present" Credential = $mycreds Description = "test test" Members = @($SuperUsers) } } }
I’ve also tried:
Configuration test { param( [pscredential]$Credential ) $SuperUsers = "domain\randomguy1", "domain\randomguy2" node node1 { Group SuperUsers { GroupName = "Super Users" Credential = $credential Description = "test test" Ensure = "Present" Members = @($SuperUsers) } } } test -ConfigurationData $configurationData -credential (get-credential)
At this point I’m stumped as to what it could be since it works fine if I run a script from the target node, or if I add a local user. It seems to be related to my credentials, but I’m not sure why. Can someone point me in the right direction on this?
Thanks,
Matt