ADManagedServiceAccount: Fails when computer is not domain joined and the 'DomainController' and 'Credential' params are specified.

[jacob-h1]

Details of the scenario you tried and the problem that is occurring

When the computer is not member of the domain and the 'DomainController' and 'Credential' properties are specified it fails. When the computer is member of the domain it works just fine.

Verbose logs showing the problem

The DSC Operations event log contains the following error:

Error Detail is:

The SendConfigurationApply function did not succeed.. Resource Id is [ADManagedServiceAccount]InstallationGMSA and Source Info is ::87::9::ADManagedServiceAccount.

Error Message is:

PowerShell DSC resource MSFT_ADManagedServiceAccount  failed to execute Test-TargetResource functionality with error message: System.InvalidOperationException: Error retrieving Account 'inst-6822'. (MSA0016) --->
 Microsoft.ActiveDirectory.Management.ADServerDownException: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running. --->
 System.ServiceModel.CommunicationException: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:02:00'. ---> 
System.IO.IOException: The write operation failed, see inner exception. ---> 
System.ServiceModel.CommunicationException: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:02:00'. ---> 
System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host

Suggested solution to the issue

Add the 'Credential' property to the 'getTargetResourceParameters' hash table in the Test-TargetResource and Set-TargetResource functions so that the Get-TargetResource function is able to connect to the domain controller using credential.

Existing:

$getTargetResourceParameters = @{
    ServiceAccountName  = $ServiceAccountName
    AccountType         = $AccountType
    DomainController    = $DomainController
    MembershipAttribute = $MembershipAttribute
}

Suggested:

$getTargetResourceParameters = @{
    ServiceAccountName  = $ServiceAccountName
    AccountType         = $AccountType
    DomainController    = $DomainController
    Credential          = $Credential
    MembershipAttribute = $MembershipAttribute
}

The DSC configuration that is used to reproduce the issue (as detailed as possible)

N/A

The operating system the target node is running

OsName               : Microsoft Windows Server 2019 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 1809
WindowsBuildLabEx    : 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version and build of PowerShell the target node is running

PSVersion                      5.1.17763.771
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.17763.771
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version of the DSC module that was used

5.0.0