Create AD user using DSC

This topic contains 2 replies, has 2 voices, and was last updated by  Biswajit 2 weeks, 2 days ago.

  • Author
    Posts
  • #101728

    Biswajit
    Participant

    Team,

    Learning DSC , could you please provide a conf. file for creating a AD user ? It is not working.

    configuration aaduser {
    Import-DscResource -ModuleName xActiveDirectory
        xADUser FirstUser
    {
         DomainName = "contoso.net"
         #DomainAdministratorCredential = $DomainCreds
         UserName = "testp"
         Password = '@683g#hyu88dtt'
         Ensure = "Present"
         DependsOn = "[xWaitForADDomain]DscForestWait"
    }
    }
    
  • #101730

    Will Anderson
    Keymaster

    If you do Get-DSCResource xADUser -Syntax, you'll see that the Password field requires a PSCredential, not a string input.

    xADUser [String] #ResourceName
    {
        DomainName = [string]
        UserName = [string]
        [CannotChangePassword = [bool]]
        [City = [string]]
        [CommonName = [string]]
        [Company = [string]]
        [Country = [string]]
        [Department = [string]]
        [DependsOn = [string[]]]
        [Description = [string]]
        [DisplayName = [string]]
        [Division = [string]]
        [DomainAdministratorCredential = [PSCredential]]
        [DomainController = [string]]
        [EmailAddress = [string]]
        [EmployeeID = [string]]
        [EmployeeNumber = [string]]
        [Enabled = [bool]]
        [Ensure = [string]{ Absent | Present }]
        [Fax = [string]]
        [GivenName = [string]]
        [HomeDirectory = [string]]
        [HomeDrive = [string]]
        [HomePage = [string]]
        [HomePhone = [string]]
        [Initials = [string]]
        [IPPhone = [string]]
        [JobTitle = [string]]
        [LogonScript = [string]]
        [Manager = [string]]
        [MobilePhone = [string]]
        [Notes = [string]]
        [Office = [string]]
        [OfficePhone = [string]]
        [Pager = [string]]
        [Password = [PSCredential]]
        [PasswordAuthentication = [string]{ Default | Negotiate }]
        [PasswordNeverExpires = [bool]]
        [Path = [string]]
        [POBox = [string]]
        [PostalCode = [string]]
        [ProfilePath = [string]]
        [PsDscRunAsCredential = [PSCredential]]
        [State = [string]]
        [StreetAddress = [string]]
        [Surname = [string]]
        [UserPrincipalName = [string]]
    }

    I'd check your code to make sure you're using all the proper inputs and pass a PSCredential to the resource. Ashley McGlone also wrote a pretty good article on some pitfalls when doing this and compiling .mof's, and how to handle them.

    https://blogs.technet.microsoft.com/ashleymcglone/2015/12/18/using-credentials-with-psdscallowplaintextpassword-and-psdscallowdomainuser-in-powershell-dsc-configuration-data/

  • #101742

    Biswajit
    Participant

    Thanks Will. let me try & will update shortly 🙂

You must be logged in to reply to this topic.