Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xADUser: Password Property is Updated Whenever Another Property is Changed #384

Closed
X-Guardian opened this issue Jun 18, 2019 · 0 comments · Fixed by #389
Closed

xADUser: Password Property is Updated Whenever Another Property is Changed #384

X-Guardian opened this issue Jun 18, 2019 · 0 comments · Fixed by #389
Labels
bug The issue is a bug.

Comments

@X-Guardian
Copy link
Contributor

Details of the scenario you tried and the problem that is occurring

If an xADUser resource has the password property set, the password will be updated for the user account when any other property is changed.

Verbose logs showing the problem

Initial resource deploy:

ERBOSE: [MSTEST01]: LCM:  [ Start  Resource ]  [[xADUser]ExampleUser]
VERBOSE: [MSTEST01]: LCM:  [ Start  Test     ]  [[xADUser]ExampleUser]
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Retrieving Active Directory user 'ExampleUser' ([email protected]) ...
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Active Directory user 'ExampleUser' ([email protected]) is present.
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Creating connection to Active Directory domain 'contoso.com' ...
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Checking Active Directory user 'ExampleUser' password ...
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] User 'Password' property is NOT in the desired state. Expected '<Password>', actual '<Password>'.
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] User 'Enabled' property is NOT in the desired state. Expected 'True', actual 'False'.
VERBOSE: [MSTEST01]: LCM:  [ End    Test     ]  [[xADUser]ExampleUser]  in 9.6600 seconds.
VERBOSE: [MSTEST01]: LCM:  [ Start  Set      ]  [[xADUser]ExampleUser]
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Retrieving Active Directory user 'ExampleUser' ([email protected]) ...
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Active Directory user 'ExampleUser' ([email protected]) is present.
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Setting Active Directory user password.
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Updating user property 'Enabled' with/to 'True'.
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Updating Active Directory user 'ExampleUser'.
VERBOSE: [MSTEST01]: LCM:  [ End    Set      ]  [[xADUser]ExampleUser]  in 1.8810 seconds.
VERBOSE: [MSTEST01]: LCM:  [ End    Resource ]  [[xADUser]ExampleUser]

Resource redeployed with no changes:

VERBOSE: [MSTEST01]: LCM:  [ Start  Resource ]  [[xADUser]ExampleUser]
VERBOSE: [MSTEST01]: LCM:  [ Start  Test     ]  [[xADUser]ExampleUser]
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Retrieving Active Directory user 'ExampleUser' ([email protected]) ...
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Active Directory user 'ExampleUser' ([email protected]) is present.
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Creating connection to Active Directory domain 'contoso.com' ...
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Checking Active Directory user 'ExampleUser' password ...
VERBOSE: [MSTEST01]: LCM:  [ End    Test     ]  [[xADUser]ExampleUser]  in 7.3440 seconds.
VERBOSE: [MSTEST01]: LCM:  [ Skip   Set      ]  [[xADUser]ExampleUser]
VERBOSE: [MSTEST01]: LCM:  [ End    Resource ]  [[xADUser]ExampleUser]

Resource redeployed after setting GivenName:

VERBOSE: [MSTEST01]: LCM:  [ Start  Resource ]  [[xADUser]ExampleUser]
VERBOSE: [MSTEST01]: LCM:  [ Start  Test     ]  [[xADUser]ExampleUser]
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Retrieving Active Directory user 'ExampleUser' ([email protected]) ...
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Active Directory user 'ExampleUser' ([email protected]) is present.
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Creating connection to Active Directory domain 'contoso.com' ...
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Checking Active Directory user 'ExampleUser' password ...
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] User 'GivenName' property is NOT in the desired state. Expected 'bob', actual ''.
VERBOSE: [MSTEST01]: LCM:  [ End    Test     ]  [[xADUser]ExampleUser]  in 8.3370 seconds.
VERBOSE: [MSTEST01]: LCM:  [ Start  Set      ]  [[xADUser]ExampleUser]
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Retrieving Active Directory user 'ExampleUser' ([email protected]) ...
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Active Directory user 'ExampleUser' ([email protected]) is present.
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Setting Active Directory user password.
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Updating user property 'GivenName' with/to 'bob'.
VERBOSE: [MSTEST01]:                            [[xADUser]ExampleUser] Updating Active Directory user 'ExampleUser'.
VERBOSE: [MSTEST01]: LCM:  [ End    Set      ]  [[xADUser]ExampleUser]  in 2.1260 seconds.
VERBOSE: [MSTEST01]: LCM:  [ End    Resource ]  [[xADUser]ExampleUser]

Notice the Setting Active Directory user password. verbose message on the GivenName change redeploy.

Suggested solution to the issue

Add a call to Test-Password in the Set-TargetResource function.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

Configuration xADUser
{
    param ()

    Import-DscResource -Module xActiveDirectory

    $Password = [PSCredential]::new('n/a', ('TestPassword123!' |
        ConvertTo-SecureString -AsPlainText -Force))

    Node localhost
    {
        xADUser ExampleUser {
            Ensure                = 'Present'
            UserName              = "ExampleUser"
            GivenName             = 'bob'
            DomainName            = "contoso.com"
            Password              =  $Password
        }
    }
}

$ConfigurationData = @{
    AllNodes = @(
        @{
            NodeName                    = 'localhost'
            PSDscAllowPlainTextPassword = $true
        }
    )
}

xADUser -ConfigurationData $ConfigurationData
Publish-DscConfiguration xADUser
Start-DscConfiguration -Wait -UseExisting -Verbose

The operating system the target node is running

OsName               : Microsoft Windows Server 2019 Standard Evaluation
OsOperatingSystemSKU : 79
OsArchitecture       : 64-bit
WindowsVersion       : 1809
WindowsBuildLabEx    : 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version and build of PowerShell the target node is running

Name                           Value
----                           -----
PSVersion                      5.1.17763.316
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.17763.316
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version of the DSC module that was used ('dev' if using current dev branch)

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Manifest   2.26.0.0   xActiveDirectory
@johlju johlju added bug The issue is a bug. help wanted The issue is up for grabs for anyone in the community. labels Jun 19, 2019
@X-Guardian X-Guardian mentioned this issue Jun 23, 2019
Merged
9 tasks
johlju pushed a commit that referenced this issue Jun 23, 2019
@X-Guardian @johlju
xADUser: Fix Password Property Being Updated Whenever Another Propert…
f664c1f 
…y is Changed (#389)

- Changes to xADUser
  - Fix Password property being updated whenever another property is changed (issue #384).
@johlju johlju removed the help wanted The issue is up for grabs for anyone in the community. label Jun 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug The issue is a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

xADUser: Fix Password Property Being Updated Whenever Another Property is Changed
2 participants
@johlju @X-Guardian