-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ADGroup: Not removing members if MemberParameter is null #189
Comments
Your scenario haven't been thought of. Normally having a group with empty members have no point, then the group could be removed instead. But that is not the case for the 'Schema Admins', since that group should not be removed. Not sure of your scenario, I'm sure you have valid reasons for doing this (seeing your configuration). Although if you run this from a pull server then 'Schema Admins' will be empty every ~15 minutes (the default). It could potentially have consequences on any upgrade of the schema that is done in the future if it is removed in the middle of such upgrade. If the resource should be able to empty a group from all members, then this is a bug. If instead the group should be removed if it should not contain any members, then this is by design. @voigtsv What are your thoughts about this? |
Having the group emptied every 15 minutes is exactly what I want. For Schema Admins and a couple of other groups that need to be there but empty in our default configuration. @johlju I can see my case being a bit extraordinary though. |
@voigtsv I label this as a bug and 'help wanted' so that someone in the community can run with this. |
- Changes to ActiveDirectoryDsc.Common - Update helper function `Add-ADCommonGroupMember` to reduce duplicated code, and add an evaluation if `Members` is empty. - Updated helper function `Restore-ADCommonObject` to write out a verbose message when no object was found in the recycle bin. - Updated helper function `Assert-MemberParameters` to not throw an error if the parameter `Members` is en empty array. - Changes to ADGroup - Added a read-only property `DistinguishedName`. - Refactor the function `Set-TargetResource` to use the function `Get-TargetResource` so that `Set-TargetResource` can correctly throw an error when something goes wrong (issue #151, issue #166, issue #493). - It is now possible to enforce a group with no members by using `Members = @()` in a configuration (issue #189).
Hi,
in xActiveDirectory 2.18.0.0 when setting the member parameter of a xADGroup resource to null, existing groupmembers will not be removed. Instead the membership will be reported as "in the desired state".
This looks like the place where null values are skipped in the code
if ($PSBoundParameters.ContainsKey('Members') -and -not [system.string]::IsNullOrEmpty($Members))
Is there another way to do this?
Regards
The text was updated successfully, but these errors were encountered: