Author Posts

June 4, 2018 at 3:01 pm

Team,

Learning DSC , could you please provide a conf. file for creating a AD user ? It is not working.

configuration aaduser {
Import-DscResource -ModuleName xActiveDirectory
    xADUser FirstUser
{
     DomainName = "contoso.net"
     #DomainAdministratorCredential = $DomainCreds
     UserName = "testp"
     Password = '@683g#hyu88dtt'
     Ensure = "Present"
     DependsOn = "[xWaitForADDomain]DscForestWait"
}
}

June 4, 2018 at 3:13 pm

If you do Get-DSCResource xADUser -Syntax, you'll see that the Password field requires a PSCredential, not a string input.

xADUser [String] #ResourceName
{
    DomainName = [string]
    UserName = [string]
    [CannotChangePassword = [bool]]
    [City = [string]]
    [CommonName = [string]]
    [Company = [string]]
    [Country = [string]]
    [Department = [string]]
    [DependsOn = [string[]]]
    [Description = [string]]
    [DisplayName = [string]]
    [Division = [string]]
    [DomainAdministratorCredential = [PSCredential]]
    [DomainController = [string]]
    [EmailAddress = [string]]
    [EmployeeID = [string]]
    [EmployeeNumber = [string]]
    [Enabled = [bool]]
    [Ensure = [string]{ Absent | Present }]
    [Fax = [string]]
    [GivenName = [string]]
    [HomeDirectory = [string]]
    [HomeDrive = [string]]
    [HomePage = [string]]
    [HomePhone = [string]]
    [Initials = [string]]
    [IPPhone = [string]]
    [JobTitle = [string]]
    [LogonScript = [string]]
    [Manager = [string]]
    [MobilePhone = [string]]
    [Notes = [string]]
    [Office = [string]]
    [OfficePhone = [string]]
    [Pager = [string]]
    [Password = [PSCredential]]
    [PasswordAuthentication = [string]{ Default | Negotiate }]
    [PasswordNeverExpires = [bool]]
    [Path = [string]]
    [POBox = [string]]
    [PostalCode = [string]]
    [ProfilePath = [string]]
    [PsDscRunAsCredential = [PSCredential]]
    [State = [string]]
    [StreetAddress = [string]]
    [Surname = [string]]
    [UserPrincipalName = [string]]
}

I'd check your code to make sure you're using all the proper inputs and pass a PSCredential to the resource. Ashley McGlone also wrote a pretty good article on some pitfalls when doing this and compiling .mof's, and how to handle them.

https://blogs.technet.microsoft.com/ashleymcglone/2015/12/18/using-credentials-with-psdscallowplaintextpassword-and-psdscallowdomainuser-in-powershell-dsc-configuration-data/

June 4, 2018 at 5:19 pm

Thanks Will. let me try & will update shortly 🙂