MembersToExclude =

Hey guys,

I’m in the process of rolling out DSC to about 1000 hosts and I’ve run into a problem that for the life of me I cant work out (probably due to staring at the screen to long).

I need to exclude all groups/users, except selected groups that i have specified in the MembersToInclude =.

How can I achieve this?


I was doing some searching on the site and i came across this thread

If the MembersToInclude is populated, MembersToExclude is ignored. So if I understand this right if MembersToInclude is populated, those will be the only members allowed? If this is the case, will DSC auto-remove any other groups/users?

Thanks for the help!

Hi Recco,

the best way to achieve what you want would be to use the Members parameter. Whatever users or groups you specify with the Members parameter will be the only members of the group once the configuration has been applied. Any preexisting members of the group that are not specified in your configuration will be removed and the members you do specify will be added.

MembersToInclude and MembersToExclude can be used independently, in conjunction with one another, but not in conjunction with Members parameter. MembersToInclude and MembersToExclude will include or exclude the users and groups you specify but will leave all others unaffected. In other words, users or groups that are not explicitly listed in the MembersToExclude will not be excluded.

The thread you referenced says that MembersToInclude and MembersToExclude will be ignored if the Members parameter is specified. In fact, if you try to specify either the MembersToInclude or the MembersToExclude with the Members parameter you will receive an error message and the application of the resource will fail.

Awesome thanks so much!