ADGroup: Throws incorrect error message when MembersToInclude syntax is wrong #166
Comments
|
Having the same issue when adding computer accounts to "Terminal Server License Servers" built-in group. After a few research, I found the answer on #90 thanks to @iainbrighton . No more error when adding a $ at the end of the computer account. The sAMAccountName attribute of a computer object is the NetBIOS name of the computer with a trailing dollar sign, "$", appended. Besides flagging the object as a computer (which has class user), it also helps ensure uniqueness. The sAMAccountName value must be unique in the domain. Note, the Common Name of computer objects (the value of the cn attribute) does not have a trailing "$ https://social.technet.microsoft.com/Forums/windowsserver/en-US/68e20176-60af-42d4-b32a-4d563ff798e9/why-does-a-machine-name-in-the-domain-have-a-dollar-sign-behind-it However, would it be possible to correct the xadgroup code to return the right error (member account not existing, not group creation error message) ? |
|
I also see that in the README.md it says that if
|
|
Have you tried with the following syntax (add a $ at the end of TESTCLU01 if TESTCLU01 is a computer account) ? |
|
@matt6697 My bad. That does work. As you said in your comment above, we should just fix so the resource return a correct error message. It wouldn't hurt to update the README.md that SamAccountName of computer objects should be suffixed with '$'. |
johlju
added
bug
|
I've dug into this and found a couple things:
|
|
Thanks for fixing this @devopsjesus! In regards to the wrong parameter name, it is not correct that it has the wrong parameter name, it is a typo (can be resolved in either end). It works since parameter names can be written so much as they are unique, e.g |
devopsjesus
added
in progress
|
ah yeah...parameter name resolution, duh! I'll update the resource with the correct param name! Oh, and I'm fixing/updating the unit tests as well, along with modifying the stubs. |
johlju
changed the title
- Changes to ActiveDirectoryDsc.Common
- Update helper function `Add-ADCommonGroupMember` to reduce duplicated
code, and add an evaluation if `Members` is empty.
- Updated helper function `Restore-ADCommonObject` to write out a verbose
message when no object was found in the recycle bin.
- Updated helper function `Assert-MemberParameters` to not throw an error
if the parameter `Members` is en empty array.
- Changes to ADGroup
- Added a read-only property `DistinguishedName`.
- Refactor the function `Set-TargetResource` to use the function
`Get-TargetResource` so that `Set-TargetResource` can correctly throw
an error when something goes wrong (issue #151, issue #166, issue #493).
- It is now possible to enforce a group with no members by using
`Members = @()` in a configuration (issue #189).
When adding a member to a group using the SamAccountName.
It throws an error indicating it tried to create the group again.
If changing the configuration to use the distinguished name for the member to add, it correctly adds the member and does not try to create the group.
The text was updated successfully, but these errors were encountered: