xGroup behavior

This topic contains 7 replies, has 4 voices, and was last updated by Profile photo of Michael Felkins Michael Felkins 2 years ago.

  • Author
    Posts
  • #20031
    Profile photo of Michael Felkins
    Michael Felkins
    Participant

    I am using xGroup because I have to add members to the local group that are in a different, trusted domain.
    If I use the property Members I get an error:

    [xGroup]Performance_Log_Users
    D:\Scripts\iAPPWebRole.ps1::358::3::xGroup
    The PowerShell provider MSFT_xGroupResource threw one or more non-terminating errors while running the Test-TargetResource functionality.
    These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.

    If I use MembersToInclude with the same members, everything works fine.

    Perhaps I am missing something here or there is a bug.

    I also notice that the first time through a new configuration xGroup errors complaining that there is no such object as the Group I am trying to create. If I run it again or create the groups manually before I run my script, everything works as long as I use MembersToInclude.

    xGroup xx_rsc_fs_sitecore_ro {
    GroupName = "xx_rsc_fs_sitecore_ro"
    Ensure = "Present"
    Description = "xx_rsc_fs_sitecore_ro"
    MembersToInclude = @("Trusted\Dept_IT Dev")
    Credential = $cred
    }

    puzzled OldDog

  • #20177
    Profile photo of Don Jones
    Don Jones
    Keymaster

    It's very likely just a bug of some kind. Do we have a community version of that resource in the GitHub repo, from our DSC Hub page?

  • #20225
    Profile photo of Simon Wåhlin
    Simon Wåhlin
    Participant

    There isn't a community version yet but I took the liberty to fork the cPSDesiredStateConfiguration and add the cGroup resource.

    I've fixed the bug causing errors when a group is created but I wasn't able to reproduce the problem using Members. This is how I wrote the configuration:

    cGroup MyGroup
    {
        Ensure           = 'Present'
        GroupName        = 'MyGroup'
        Members          = 'Test1','Test2'
    }
    

    My fork is available here:
    https://github.com/SimonWahlin/cPSDesiredStateConfiguration

    I'll give it some more testing and then I'll submit a pullrequest.

  • #20504
    Profile photo of Michael Felkins
    Michael Felkins
    Participant

    Hi,

    I tried your cGroup, but got the same result. I compared it to the xGroup and I could find no changes. Did I grab the wrong code?

    Old Dog

  • #20510
    Profile photo of Simon Wåhlin
    Simon Wåhlin
    Participant

    The only change is that cGroup checks if $Group -ne $null on row 169.

    If xGroup is used to manage a Group that doesnt exist the search on row 168 results in $Group being set to $null.

    $group = [System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($localPrincipalContext, $GroupName);
    

    On the next row (169), $Group is added to $Disposables.

    Later on when each item in $Disposables are disposed (row 436), the null value will result in an error stating "You cannot call a method on a null-valued expression."

    The cGroup resource checks if $Group -ne $null Before adding it to $disposables.

    This change should fix the errors generated the first time a configuration runs (when the Group is created).

    Regarding your problem with using Members vs MembersToInclude I could not test the scenario since I do not have a trusted domain in my lab.

  • #20583
    Profile photo of Craig Martin
    Craig Martin
    Member

    I've got a problem adding a domain user to a local group, the error is "Network Path Not Found" and happens for a short time after the computer joins the domain, but works sometime afterwards.

    Still narrowing it down, but grabbing a coffee then rebooting the computer works for now.

  • #20768
    Profile photo of Michael Felkins
    Michael Felkins
    Participant

    Ok, I was really happy that the xGroup started working with the fix to line 170.

    if($group -ne $null)
    {
    $disposables.Add($group) | out-null
    }

    Now its doing the same thing, except !!! it only does it when I try to add members.
    Either by members or memberstoadd.

    xGroup wm_rsc_shr_webimport_full {
    GroupName = "wm_rsc_shr_webimport_full"
    Ensure = "Present"
    Description = "wm_rsc_shr_webimport_full"
    MembersToInclude = "trusted\production admins"
    Credential = $cred
    }

    I also tried it with @( "trusted\production admins") both with members and MembersToInclude

    Here is what I get:

    VERBOSE: [FPKDSCSCRUBBER1]: LCM: [ Start Test ] [[xGroup]wm_rsc_shr_webimport_full]
    VERBOSE: [FPKDSCSCRUBBER1]: [[xGroup]wm_rsc_shr_webimport_full] A group with the name
    wm_rsc_shr_webimport_full exists.
    You cannot call a method on a null-valued expression.
    + CategoryInfo : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : InvokeMethodOnNull
    + PSComputerName : FPKDSCSCRUBBER1

    If I comment out the Members line it goes through with out an error.

    Puzzled OldDog

  • #20787
    Profile photo of Michael Felkins
    Michael Felkins
    Participant

    Found the problem. It did not like the credentials I was providing.
    Yet another informative error message.

    OldDog

You must be logged in to reply to this topic.