Author Posts

April 28, 2017 at 1:23 pm

Hi,
I'm writing a dsc resource to set permission in a SharePoint site. The code I'm using works perfectly fine when I test it in a powershell shell with the snappin Microsoft.SharePoint.PowerShell loaded.
As a dsc resource the object Microsoft.SharePoint.SPWeb does not return the properties although it seems to load fine.

function Test-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Boolean])]
    param
    (
        [parameter(Mandatory = $true)]
        [System.String]
        $GroupName,

        [System.String]
        $LoginName,

        [System.String]
        $WebUrl,

        [ValidateSet("Present","Absent")]
        [System.String]
        $Ensure
    )
    $WebUrl = "http://scw000001204.corp.gwpnet.com/search"
    Add-PSSnapin Microsoft.SharePoint.PowerShell
    $result = $false
    Write-Verbose ("using credentials: " + $Env:USERNAME)
    try {
        $web = Get-SPWeb -Identity $WebUrl -ErrorAction Stop
        Write-Verbose ("Web found: " + $web.Url)
        Write-Verbose ("Object Type: " + $web.GetType().Fullname)
    }
    catch {
        Write-Error ("Could not load web with url: " + $weburl)
    }

    if($Group = $web.SiteGroups[$GroupName]) {
		try {
			$User = $web.EnsureUser($LoginName)
			foreach ($GroupUser in $group.users) {
				if ($GroupUser.Userlogin -eq $User.Userlogin) {
					$result = $true
                    Write-Verbose ("User " + $User.Userlogin + " is member of the group: " + $GroupName)
				}
			}
        }
        catch {
            Write-Error ("User not found: " + $LoginName)
        }
    }
    else {
        Write-Error ("Group not found: " + $GroupName)
    }
    return $result
}

The output looks like this:

VERBOSE: [SCW000001204]: LCM: [ Start Resource ] [[srSPGroupMember]VisitorGroupRoot]
VERBOSE: [SCW000001204]: LCM: [ Start Test ] [[srSPGroupMember]VisitorGroupRoot]
VERBOSE: [SCW000001204]: [[srSPGroupMember]VisitorGroupRoot] using credentials: tecshp00
VERBOSE: [SCW000001204]: [[srSPGroupMember]VisitorGroupRoot] Leaving BeginProcessing Method of Get-SPWeb.
VERBOSE: [SCW000001204]: [[srSPGroupMember]VisitorGroupRoot] Leaving ProcessRecord Method of Get-SPWeb.
VERBOSE: [SCW000001204]: [[srSPGroupMember]VisitorGroupRoot] Leaving EndProcessing Method of Get-SPWeb.
VERBOSE: [SCW000001204]: [[srSPGroupMember]VisitorGroupRoot] Web found: http://scw000001204.corp.gwpnet.com/search
VERBOSE: [SCW000001204]: [[srSPGroupMember]VisitorGroupRoot] Object Type: Microsoft.SharePoint.SPWeb
Group not found: TestGroup
+ CategoryInfo : NotSpecified: (:) [], CimException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Test-TargetResource
+ PSComputerName : localhost

The Group "TestGroup" exists and I can run the same code outside the dsc resource and it works fine.

Any ideas what I'm doing wrong here?

Thanks,
Brian

May 4, 2017 at 3:19 pm

Permissions? The LCM runs under LocalSystem – if the SharePoint bits assume a user context, they won't have one.

May 5, 2017 at 8:23 am

I'm using PsDscRunAsCredential to run the resource as the setup user. I'm checking the identity with the line
Write-Verbose ("using credentials: " + $Env:USERNAME)
which returns
VERBOSE: [SCW000001204]: [[srSPGroupMember]VisitorGroupRoot] using credentials: tecshp00
that's the correct user with the permission that is required.

Is my assumption wrong that the resource is running using this account?

Thanks,
Brian