Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Group: Unable to add Different forest User to Local Group #750

Open
danielmiu opened this issue Oct 4, 2022 · 1 comment · May be fixed by #754
Open

Group: Unable to add Different forest User to Local Group #750

danielmiu opened this issue Oct 4, 2022 · 1 comment · May be fixed by #754
Labels
enhancement The issue is an enhancement request. help wanted The issue is up for grabs for anyone in the community.

Comments

@danielmiu
Copy link

Problem description

There are two forests with a single domain each, Computer1 is in domainA and user1 is in domainB. There is a full trust relationship between domains, it should be noted that NETBIOS name is not the same as FQDN on either forest.

I am attempting to add User1 to the local administrators group on Computer1. It should be noted that a number of additional users from domainA are already added into the Computer1 administrative user group via Group Policy.

The issue can be replicated when using Credential property and PsDscRunAsCredential.
The credential used for the resource is for a user which is present in DomainB and has local admin on the computer in domain A.

Same issue was reported in PSDesiredStateConfiguration repository and also the fix with PR was provided.
Issue -> PowerShell/PSDscResources#82
PR for FIX -> PowerShell/PSDscResources#198

Verbose logs

[[xGroup]Resource0::[xGroupSet]***_2-IIS_IUSRS]  in 11.1030 seconds.

PowerShell DSC resource DSC_xGroupResource  failed to execute Set-TargetResource functionality 
At line:1 char:1
+ & 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -NoLogo ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (PowerShell DSC ... functionality :String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
 

with error message: Exception calling "Add" with "1" argument(s): "The network path was not found.

DSC configuration

xGroup AddUser
    {
            GroupName = "Administrators"
            MembersToInclude = @("DOMAINB\USER1")
            Credential = $DomainBCredential
            Ensure = 'Present'
}

Suggested solution

This fix was tested also on our environment and worked PowerShell/PSDscResources#198

Operating system the target node is running

OsName               : Microsoft Windows Server 2016 Standard
OsOperatingSystemSKU : StandardServerEdition
OsArchitecture       : 64-bit
WindowsBuildLabEx    : 14393.5356.amd64fre.rs1_release.220906-1211
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

PowerShell version and build the target node is running

Name                           Value
----                           -----
PSVersion                      5.1.14393.5127
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14393.5127
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

xPSDesiredStateConfiguration version

xPSDesiredStateConfiguration 9.1.0
@johlju johlju added enhancement The issue is an enhancement request. help wanted The issue is up for grabs for anyone in the community. labels Oct 5, 2022
This was referenced Oct 6, 2022
Closed
Open
@ghost
Copy link

ghost commented Feb 14, 2023

Hi there. Any updates on this? Facing the same problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement The issue is an enhancement request. help wanted The issue is up for grabs for anyone in the community.
Projects
None yet
Milestone
No milestone
2 participants
@danielmiu @johlju