xGroupResource Throws Exceptions when Using Multiple Local Virtual Account Types

[kenny-scelfo]

Problem description

Virtual Accounts are causing the xGroup Resource to fail when executing.

When using 'IIS APPPOOL' or 'NT Virtual Machine' you get:

ArgumentException: Server names cannot contain a space character.

When using 'NT Service' you get:

InvalidCastException: Unable to cast object of type 'System.Boolean' to
type 'System.DirectoryServices.DirectoryEntry'.

When using 'NT Authority' you get:

ArgumentException: Could not find a principal with the provided name
NT AUTHORITY... SERVICE. (Parameter 'NT AUTHORITY...')

Verbose logs

VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = ResourceTest,'className' =
MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer WEBDEVEXT with user sid
S-1-5-21-##########-##########-##########-#####.
VERBOSE: [WEBDEVEXT]: LCM:  [ Start  Test     ]  [[xGroup]DirectResourceAccess]
VERBOSE: [WEBDEVEXT]:                            [[xGroup]DirectResourceAccess] Invoking the function
Test-TargetResourceOnFullSKU for the group IIS_IUSRS.
VERBOSE: [WEBDEVEXT]:                            [[xGroup]DirectResourceAccess] A group with the name IIS_IUSRS exists.
VERBOSE: [WEBDEVEXT]:                            [[xGroup]DirectResourceAccess] Resolving FacadeServiceDev in the
domain RedactedDomain.
VERBOSE: [WEBDEVEXT]:                            [[xGroup]DirectResourceAccess] Resolving CustomerSvcWebDev in the
domain RedactedDomain.
VERBOSE: [WEBDEVEXT]:                            [[xGroup]DirectResourceAccess] Resolving AccountIDDev in the domain
RedactedDomain.
VERBOSE: [WEBDEVEXT]:                            [[xGroup]DirectResourceAccess] Resolving TFSBuild in the domain
RedactedDomain.
VERBOSE: [WEBDEVEXT]:                            [[xGroup]DirectResourceAccess] Resolving SeminarWebDev in the domain
RedactedDomain.
VERBOSE: [WEBDEVEXT]:                            [[xGroup]DirectResourceAccess] Resolving RedactedOrgWebDev in the domain
RedactedDomain.
VERBOSE: [WEBDEVEXT]:                            [[xGroup]DirectResourceAccess] Resolving AccountServiceDev in the
domain RedactedDomain.
WARNING: [WEBDEVEXT]:                            [[xGroup]DirectResourceAccess] The group member
WinNT://S-1-5-82-##########-##########-##########-##########-########## does not exist or cannot be resolved.
VERBOSE: [WEBDEVEXT]:                            [[xGroup]DirectResourceAccess] Resolving IIS
APPPOOL\GuidanceDevDisconnectedConsumer with domain trust.
VERBOSE: [WEBDEVEXT]: LCM:  [ End    Test     ]  [[xGroup]DirectResourceAccess] False in 8.4200 seconds.
PowerShell DSC resource DSC_xGroupResource  failed to execute Test-TargetResource functionality with error message:
Exception calling ".ctor" with "2" argument(s): "Server names cannot contain a space character."
    + CategoryInfo          : InvalidOperation: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : ProviderOperationExecutionFailure
    + PSComputerName        : localhost

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 8.919 seconds

DSC configuration

Configuration SERVER
{

    Import-DscResource -Name xGroup -ModuleName xPSDesiredStateConfiguration

    Node localhost {
        xGroup "SERVER_IIS_IUSERS_xGROUP" {
          GroupName = 'IIS_IUSRS'
          MembersToInclude = @('IIS APPPOOL\GuidanceDevDisconnectedConsumer')
          Ensure = 'Present'
        }
}

Suggested solution

Stop overwriting all local machine scopes with the name of the computer
in Split-MemberName. Include the scope when calling Find-Principal,
then resolve the SID of the account using the NTAccount class for
specific scopes.

Operating system the target node is running

OsName               : Microsoft Windows Server 2016 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsBuildLabEx    : 14393.6343.amd64fre.rs1_release.230913-1727
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

PowerShell version and build the target node is running

Name                           Value
----                           -----
PSVersion                      5.1.14393.6343
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14393.6343
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

xPSDesiredStateConfiguration version

Name    : xPSDesiredStateConfiguration
Version : 9.1.0
Path    : C:\Program
          Files\WindowsPowerShell\Modules\xPSDesiredStateConfiguration\9.1.0\xPSDesiredStateConfiguration.psd1