Group Resource Adding a Domain Group to Local Group

Tagged: ,

This topic contains 1 reply, has 2 voices, and was last updated by Profile photo of Michael Felkins Michael Felkins 2 years, 1 month ago.

  • Author
    Posts
  • #20102
    Profile photo of Riff Khan
    Riff Khan
    Participant

    Hi All

    I am trying to test the use of Group Resource (please see below) to add a domain user to the local administrators group. However when running the DSC configuration (on a domain-joined node), I am getting the following errors:

    Job {FB54A459-C92A-4097-8F4D-2107B5A05A29} :
    This event indicates that a non-terminating error was thrown when DSCEngine was executing Test-TargetResource on MSFT_GroupResource provider. FullyQualifiedErrorId is PrincipalOperationException. ErrorMessage is Exception calling "FindByIdentity" with "2" argument(s): "Unknown error (0x80005000)".

    Followed by:

    This event indicates that failure happens when LCM is processing the configuration. ErrorId is 0x1. ErrorDetail is The SendConfigurationApply function did not succeed.. ResourceId is [Group]EEIServerAdmins and SourceInfo is ::61::5::Group. ErrorMessage is The PowerShell provider MSFT_GroupResource threw one or more non-terminating errors while running the Test-TargetResource functionality.

    ###################

    $ConfigData = @{
    AllNodes = @(
    @{
    NodeName="localhost";
    PSDscAllowPlainTextPassword = $true

    }

    )}

    Configuration DistributionPoint
    {
    param
    (
    [string[]]$ComputerName="localhost"
    )

    Node $ComputerName

    {
    $password = ConvertTo-SecureString "Password" -AsPlainText -Force
    $Credential = New-Object System.Management.Automation.PSCredential ("domain\domainread", $password)

    Group DomainGroup
    {
    Ensure = "Present"
    GroupName = "Administrators"
    MembersToInclude = "domain\domaingroup"
    Credential = $Credential
    }

    }

    }

    $workingdir = "C:\_scripts\DSC\DistributionPoint"

    DistributionPoint -ConfigurationData $ConfigData -OutputPath $workingdir

    ################

    Thanks!

  • #20106
    Profile photo of Michael Felkins
    Michael Felkins
    Participant

    I was having trouble with adding domain users to groups. Someone suggested I try xGroups and that solved the problem.
    It even allowed me to add users and groups from trusted domains.

    It's part of this Package: https://gallery.technet.microsoft.com/xPSDesiredStateConfiguratio-417dc71d

    Give it a try.

    OldDog

You must be logged in to reply to this topic.