xGroup behavior

I am using xGroup because I have to add members to the local group that are in a different, trusted domain.
If I use the property Members I get an error:

[xGroup]Performance_Log_Users
D:\Scripts\iAPPWebRole.ps1::358::3::xGroup
The PowerShell provider MSFT_xGroupResource threw one or more non-terminating errors while running the Test-TargetResource functionality.
These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.

If I use MembersToInclude with the same members, everything works fine.

Perhaps I am missing something here or there is a bug.

I also notice that the first time through a new configuration xGroup errors complaining that there is no such object as the Group I am trying to create. If I run it again or create the groups manually before I run my script, everything works as long as I use MembersToInclude.

xGroup xx_rsc_fs_sitecore_ro {
GroupName = “xx_rsc_fs_sitecore_ro”
Ensure = “Present”
Description = “xx_rsc_fs_sitecore_ro”
MembersToInclude = @(“Trusted\Dept_IT Dev”)
Credential = $cred
}

puzzled OldDog

It’s very likely just a bug of some kind. Do we have a community version of that resource in the GitHub repo, from our DSC Hub page?

There isn’t a community version yet but I took the liberty to fork the cPSDesiredStateConfiguration and add the cGroup resource.

I’ve fixed the bug causing errors when a group is created but I wasn’t able to reproduce the problem using Members. This is how I wrote the configuration:

cGroup MyGroup
{
    Ensure           = 'Present'
    GroupName        = 'MyGroup'
    Members          = 'Test1','Test2'
}

My fork is available here:
https://github.com/SimonWahlin/cPSDesiredStateConfiguration

I’ll give it some more testing and then I’ll submit a pullrequest.

Hi,

I tried your cGroup, but got the same result. I compared it to the xGroup and I could find no changes. Did I grab the wrong code?

Old Dog

The only change is that cGroup checks if $Group -ne $null on row 169.

If xGroup is used to manage a Group that doesnt exist the search on row 168 results in $Group being set to $null.

$group = [System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($localPrincipalContext, $GroupName);

On the next row (169), $Group is added to $Disposables.

Later on when each item in $Disposables are disposed (row 436), the null value will result in an error stating “You cannot call a method on a null-valued expression.”

The cGroup resource checks if $Group -ne $null Before adding it to $disposables.

This change should fix the errors generated the first time a configuration runs (when the Group is created).

Regarding your problem with using Members vs MembersToInclude I could not test the scenario since I do not have a trusted domain in my lab.

I’ve got a problem adding a domain user to a local group, the error is “Network Path Not Found” and happens for a short time after the computer joins the domain, but works sometime afterwards.

Still narrowing it down, but grabbing a coffee then rebooting the computer works for now.

Ok, I was really happy that the xGroup started working with the fix to line 170.

if($group -ne $null)
{
$disposables.Add($group) | out-null
}

Now its doing the same thing, except !!! it only does it when I try to add members.
Either by members or memberstoadd.

xGroup wm_rsc_shr_webimport_full {
GroupName = “wm_rsc_shr_webimport_full”
Ensure = “Present”
Description = “wm_rsc_shr_webimport_full”
MembersToInclude = “trusted\production admins”
Credential = $cred
}

I also tried it with @( “trusted\production admins”) both with members and MembersToInclude

Here is what I get:

VERBOSE: [FPKDSCSCRUBBER1]: LCM: [ Start Test ] [[xGroup]wm_rsc_shr_webimport_full]
VERBOSE: [FPKDSCSCRUBBER1]: [[xGroup]wm_rsc_shr_webimport_full] A group with the name
wm_rsc_shr_webimport_full exists.
You cannot call a method on a null-valued expression.
+ CategoryInfo : InvalidOperation: (:slight_smile: [], CimException
+ FullyQualifiedErrorId : InvokeMethodOnNull
+ PSComputerName : FPKDSCSCRUBBER1

If I comment out the Members line it goes through with out an error.

Puzzled OldDog

Found the problem. It did not like the credentials I was providing.
Yet another informative error message.

OldDog