SharePoint object properties not working withing dsc resource

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Brian Douglas Brian Douglas 2 months, 2 weeks ago.

  • Author
    Posts
  • #69750
    Profile photo of Brian Douglas
    Brian Douglas
    Participant

    Hi,
    I'm writing a dsc resource to set permission in a SharePoint site. The code I'm using works perfectly fine when I test it in a powershell shell with the snappin Microsoft.SharePoint.PowerShell loaded.
    As a dsc resource the object Microsoft.SharePoint.SPWeb does not return the properties although it seems to load fine.

    function Test-TargetResource
    {
        [CmdletBinding()]
        [OutputType([System.Boolean])]
        param
        (
            [parameter(Mandatory = $true)]
            [System.String]
            $GroupName,
    
            [System.String]
            $LoginName,
    
            [System.String]
            $WebUrl,
    
            [ValidateSet("Present","Absent")]
            [System.String]
            $Ensure
        )
        $WebUrl = "http://scw000001204.corp.gwpnet.com/search"
        Add-PSSnapin Microsoft.SharePoint.PowerShell
        $result = $false
        Write-Verbose ("using credentials: " + $Env:USERNAME)
        try {
            $web = Get-SPWeb -Identity $WebUrl -ErrorAction Stop
            Write-Verbose ("Web found: " + $web.Url)
            Write-Verbose ("Object Type: " + $web.GetType().Fullname)
        }
        catch {
            Write-Error ("Could not load web with url: " + $weburl)
        }
    
        if($Group = $web.SiteGroups[$GroupName]) {
    		try {
    			$User = $web.EnsureUser($LoginName)
    			foreach ($GroupUser in $group.users) {
    				if ($GroupUser.Userlogin -eq $User.Userlogin) {
    					$result = $true
                        Write-Verbose ("User " + $User.Userlogin + " is member of the group: " + $GroupName)
    				}
    			}
            }
            catch {
                Write-Error ("User not found: " + $LoginName)
            }
        }
        else {
            Write-Error ("Group not found: " + $GroupName)
        }
        return $result
    }
    
    

    The output looks like this:

    VERBOSE: [SCW000001204]: LCM: [ Start Resource ] [[srSPGroupMember]VisitorGroupRoot]
    VERBOSE: [SCW000001204]: LCM: [ Start Test ] [[srSPGroupMember]VisitorGroupRoot]
    VERBOSE: [SCW000001204]: [[srSPGroupMember]VisitorGroupRoot] using credentials: tecshp00
    VERBOSE: [SCW000001204]: [[srSPGroupMember]VisitorGroupRoot] Leaving BeginProcessing Method of Get-SPWeb.
    VERBOSE: [SCW000001204]: [[srSPGroupMember]VisitorGroupRoot] Leaving ProcessRecord Method of Get-SPWeb.
    VERBOSE: [SCW000001204]: [[srSPGroupMember]VisitorGroupRoot] Leaving EndProcessing Method of Get-SPWeb.
    VERBOSE: [SCW000001204]: [[srSPGroupMember]VisitorGroupRoot] Web found: http://scw000001204.corp.gwpnet.com/search
    VERBOSE: [SCW000001204]: [[srSPGroupMember]VisitorGroupRoot] Object Type: Microsoft.SharePoint.SPWeb
    Group not found: TestGroup
    + CategoryInfo : NotSpecified: (:) [], CimException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Test-TargetResource
    + PSComputerName : localhost

    The Group "TestGroup" exists and I can run the same code outside the dsc resource and it works fine.

    Any ideas what I'm doing wrong here?

    Thanks,
    Brian

  • #70111
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Permissions? The LCM runs under LocalSystem – if the SharePoint bits assume a user context, they won't have one.

    • #70189
      Profile photo of Brian Douglas
      Brian Douglas
      Participant

      I'm using PsDscRunAsCredential to run the resource as the setup user. I'm checking the identity with the line
      Write-Verbose ("using credentials: " + $Env:USERNAME)
      which returns
      VERBOSE: [SCW000001204]: [[srSPGroupMember]VisitorGroupRoot] using credentials: tecshp00
      that's the correct user with the permission that is required.

      Is my assumption wrong that the resource is running using this account?

      Thanks,
      Brian

You must be logged in to reply to this topic.