From 69ed0a73eb9df838dd0f71f558f5485b589ee2a0 Mon Sep 17 00:00:00 2001 From: Sergey Dedik Date: Thu, 29 Apr 2021 10:22:57 +0300 Subject: [PATCH 1/6] workaround for the https://github.com/PowerShell/PSDscResources/issues/82 --- .../MSFT_GroupResource.psm1 | 19 +++++++++++++++++-- .../en-US/MSFT_GroupResource.strings.psd1 | 2 ++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 b/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 index 1efc25fb..9190ea32 100644 --- a/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 +++ b/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 @@ -2487,7 +2487,11 @@ function Clear-GroupMember <# .SYNOPSIS Adds the specified member to the specified group. - This is a wrapper function for testing purposes. + + There is an issue reported at https://github.com/PowerShell/PSDscResources/issues/82 + If local group already has members from trusted forests/domains, the Add method fails + The exact reason of the failure is unknown at the moment and as a workaround try-catch + block is used to fallback to ADSI WinNT provider. .PARAMETER Group The group to add the member to. @@ -2511,7 +2515,18 @@ function Add-GroupMember $MemberAsPrincipal ) - $Group.Members.Add($MemberAsPrincipal) + try + { + $Group.Members.Add($MemberAsPrincipal) + } + catch + { + Write-Verbose -Message $script:localizedData.PrincipalCollectionAddMethodException + Write-Verbose -Message $_.ToString() + Write-Verbose -Message $script:localizedData.WinNTProviderFallback + [ADSI] $adsiGroup = ("WinNT://$env:COMPUTERNAME/$($Group.Name),group") + $adsiGroup.Add("WinNT://$($MemberAsPrincipal.Sid)") + } } <# diff --git a/DscResources/MSFT_GroupResource/en-US/MSFT_GroupResource.strings.psd1 b/DscResources/MSFT_GroupResource/en-US/MSFT_GroupResource.strings.psd1 index fd362595..7a47a410 100644 --- a/DscResources/MSFT_GroupResource/en-US/MSFT_GroupResource.strings.psd1 +++ b/DscResources/MSFT_GroupResource/en-US/MSFT_GroupResource.strings.psd1 @@ -33,4 +33,6 @@ ConvertFrom-StringData @' SetTargetResourceEndMessage = End executing Set functionality on the group {0}. MembersToIncludeEmpty = MembersToInclude is empty. No group member additions are needed. MembersToExcludeEmpty = MembersToExclude is empty. No group member removals are needed. + PrincipalCollectionAddMethodException = The Add method of the System.DirectoryServices.AccountManagement.PrincipalCollection class has thrown an exception. + WinNTProviderFallback = Falling back to ADSI WinNT provider. '@ From 7fa308fe626aca6d14d5c03443c187fba7798b6f Mon Sep 17 00:00:00 2001 From: Sergey Dedik Date: Thu, 29 Apr 2021 10:36:32 +0300 Subject: [PATCH 2/6] changelog updated --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bc3d3d39..b7fcfd46 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,10 @@ # Change log for PsDscResources ## Unreleased +* Group + * Workaround added for the [Issue #82](https://github.com/PowerShell/PSDscResources/issues/82) + The resource could fail with the + 'Exception calling "Add" with "1" argument(s): "The network path was not found."' ## 2.12.0.0 From 54d74ed518804b06f89cb601eb814c6eb8c34adf Mon Sep 17 00:00:00 2001 From: Sergey Dedik Date: Fri, 7 May 2021 11:52:53 +0300 Subject: [PATCH 3/6] Implementing requested changes and clarifications --- CHANGELOG.md | 2 ++ DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 | 1 + 2 files changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b7fcfd46..720c0958 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,8 @@ * Workaround added for the [Issue #82](https://github.com/PowerShell/PSDscResources/issues/82) The resource could fail with the 'Exception calling "Add" with "1" argument(s): "The network path was not found."' + The workaround is to catch the exception and try to use another programmatic method + to update group members. ## 2.12.0.0 diff --git a/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 b/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 index 9190ea32..a764d795 100644 --- a/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 +++ b/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 @@ -2488,6 +2488,7 @@ function Clear-GroupMember .SYNOPSIS Adds the specified member to the specified group. + .NOTES There is an issue reported at https://github.com/PowerShell/PSDscResources/issues/82 If local group already has members from trusted forests/domains, the Add method fails The exact reason of the failure is unknown at the moment and as a workaround try-catch From 4f6c5952c581b2c6eab65f5da221de0d213eea18 Mon Sep 17 00:00:00 2001 From: Sergey Dedik Date: Fri, 7 May 2021 12:03:13 +0300 Subject: [PATCH 4/6] use Write-Warning instead of Write-Verbose --- DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 b/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 index a764d795..8ef01b95 100644 --- a/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 +++ b/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 @@ -2522,8 +2522,8 @@ function Add-GroupMember } catch { - Write-Verbose -Message $script:localizedData.PrincipalCollectionAddMethodException - Write-Verbose -Message $_.ToString() + Write-Warning -Message $script:localizedData.PrincipalCollectionAddMethodException + Write-Warning -Message $_.ToString() Write-Verbose -Message $script:localizedData.WinNTProviderFallback [ADSI] $adsiGroup = ("WinNT://$env:COMPUTERNAME/$($Group.Name),group") $adsiGroup.Add("WinNT://$($MemberAsPrincipal.Sid)") From 317838bf3812ea71a6b4fa6a5f32a2d5d8309a20 Mon Sep 17 00:00:00 2001 From: Sergey Dedik Date: Thu, 13 May 2021 09:28:55 +0300 Subject: [PATCH 5/6] reverted Write-Warning back to Write-Verbose --- DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 b/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 index 8ef01b95..a764d795 100644 --- a/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 +++ b/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 @@ -2522,8 +2522,8 @@ function Add-GroupMember } catch { - Write-Warning -Message $script:localizedData.PrincipalCollectionAddMethodException - Write-Warning -Message $_.ToString() + Write-Verbose -Message $script:localizedData.PrincipalCollectionAddMethodException + Write-Verbose -Message $_.ToString() Write-Verbose -Message $script:localizedData.WinNTProviderFallback [ADSI] $adsiGroup = ("WinNT://$env:COMPUTERNAME/$($Group.Name),group") $adsiGroup.Add("WinNT://$($MemberAsPrincipal.Sid)") From f801902b22db53bc5ae02ba3499d8b153ad8d682 Mon Sep 17 00:00:00 2001 From: Sergey Dedik Date: Fri, 14 May 2021 11:24:02 +0300 Subject: [PATCH 6/6] Moved NOTES section --- .../MSFT_GroupResource/MSFT_GroupResource.psm1 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 b/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 index a764d795..c1d7fb34 100644 --- a/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 +++ b/DscResources/MSFT_GroupResource/MSFT_GroupResource.psm1 @@ -2488,17 +2488,17 @@ function Clear-GroupMember .SYNOPSIS Adds the specified member to the specified group. - .NOTES - There is an issue reported at https://github.com/PowerShell/PSDscResources/issues/82 - If local group already has members from trusted forests/domains, the Add method fails - The exact reason of the failure is unknown at the moment and as a workaround try-catch - block is used to fallback to ADSI WinNT provider. - .PARAMETER Group The group to add the member to. .PARAMETER MemberAsPrincipal The member to add to the group as a principal. + + .NOTES + There is an issue reported at https://github.com/PowerShell/PSDscResources/issues/82 + If local group already has members from trusted forests/domains, the Add method fails + The exact reason of the failure is unknown at the moment and as a workaround try-catch + block is used to fallback to ADSI WinNT provider. #> function Add-GroupMember {