Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xADUser: updating CommonName and Path at same time on existing object fails #402

Closed
wpbrown opened this issue Jun 27, 2019 · 4 comments · Fixed by #412
Closed

xADUser: updating CommonName and Path at same time on existing object fails #402

wpbrown opened this issue Jun 27, 2019 · 4 comments · Fixed by #412
Labels
bug The issue is a bug.

Comments

@wpbrown
Copy link

wpbrown commented Jun 27, 2019

Details of the scenario you tried and the problem that is occurring

On an existing object, try to set a new Path and CommonName at same time. Only CommonName updated. Running again with CommonName already being updated, moves the object to the new Path properly.

Verbose logs showing the problem

See the invocation of resource below.

Suggested solution to the issue

There seems to be a choice of the DN used in the Move-Object call.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

PS C:\windows\system32> Invoke-DscResource -Name xADUser -Method Set -ModuleName @{'ModuleName'='xActiveDirectory'; 'ModuleVersion'='3.0.0.0'} -Property @{'UserName'='dummy1'; 'DomainName' = 'corp.beaglelab.space'; 'Path' = 'OU=Standard Users,DC=corp,DC=beaglelab,DC=space'; 'DomainAdministratorCredential' = $c }

RebootRequired
--------------
False


PS C:\windows\system32> Invoke-DscResource -Name xADUser -Method Set -ModuleName @{'ModuleName'='xActiveDirectory'; 'ModuleVersion'='3.0.0.0'} -Property @{'UserName'='dummy1'; 'DomainName' = 'corp.beaglelab.space'; 'Path' = 'CN=Users,DC=corp,DC=beaglelab,DC=space'; 'DomainAdministratorCredential' = $c; 'CommonName' = 'dum my2' }
Directory object not found
    + CategoryInfo          : ObjectNotFound: (CN=dum my,OU=St...glelab,DC=space:) [], CimException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,M
   icrosoft.ActiveDirectory.Management.Commands.MoveADObject
    + PSComputerName        : localhost

The PowerShell DSC resource '[xADUser]DirectResourceAccess' with SourceInfo '' threw one or more non-terminating
errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called
Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
    + CategoryInfo          : InvalidOperation: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : localhost

PS C:\windows\system32> Invoke-DscResource -Name xADUser -Method Set -ModuleName @{'ModuleName'='xActiveDirectory'; 'ModuleVersion'='3.0.0.0'} -Property @{'UserName'='dummy1'; 'DomainName' = 'corp.beaglelab.space'; 'Path' = 'CN=Users,DC=corp,DC=beaglelab,DC=space'; 'DomainAdministratorCredential' = $c; 'CommonName' = 'dum my2' }

RebootRequired
--------------
False


PS C:\windows\system32>

The operating system the target node is running

Windows Server 2019

Version and build of PowerShell the target node is running

PSVersion 5.1.17763.503

Version of the DSC module that was used ('dev' if using current dev branch)

3.0.0.0
@johlju johlju added bug The issue is a bug. help wanted The issue is up for grabs for anyone in the community. labels Jun 27, 2019
@johlju
Copy link
Member

johlju commented Jun 27, 2019

Maybe we could move the Move-Object as the last thing to do, after having refreshed the user object with the update properties.

@johlju
Copy link
Member

johlju commented Jun 27, 2019

@wpbrown Is it possible for you to run the invoke command wit the verbose parameter when the error is thrown so we can easier follow the code to see what is going on?

@wpbrown
Copy link
Author

wpbrown commented Jun 27, 2019 

PS C:\users\will\Desktop> Invoke-DscResource -Name xADUser -Method Test -ModuleName @{'ModuleName'='xActiveDirectory'; 'ModuleVersion'='3.0.0.0'} -Property @{'UserName'='dummy1'; 'DomainName' = 'corp.beaglelab.space'; 'Path' = 'OU=Standard Users,DC=corp,DC=beaglelab,DC=space'; 'DomainAdministratorCredential' = $c; 'CommonName' = 'dum my1' } -Verbose
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = ResourceTest,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer oakproxyservn with user sid S-1-5-21-421322206-1191228675-876867509-500.
VERBOSE: [oakproxyservn]: LCM:  [ Start  Test     ]  [[xADUser]DirectResourceAccess]
VERBOSE: [oakproxyservn]:                            [[xADUser]DirectResourceAccess] Retrieving Active Directory user 'dummy1' (dummy1@corp.beaglelab.space) ...
VERBOSE: [oakproxyservn]:                            [[xADUser]DirectResourceAccess] Active Directory user 'dummy1' (dummy1@corp.beaglelab.space) is present.
VERBOSE: [oakproxyservn]: LCM:  [ End    Test     ]  [[xADUser]DirectResourceAccess] True in 0.0780 seconds.
VERBOSE: [oakproxyservn]: LCM:  [ End    Set      ]    in  0.1410 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.

InDesiredState
--------------
True
VERBOSE: Time taken for configuration job to complete is 0.274 seconds


PS C:\users\will\Desktop> Invoke-DscResource -Name xADUser -Method Set -ModuleName @{'ModuleName'='xActiveDirectory'; 'ModuleVersion'='3.0.0.0'} -Property @{'UserName'='dummy1'; 'DomainName' = 'corp.beaglelab.space'; 'Path' = 'CN=Users,DC=corp,DC=beaglelab,DC=space'; 'DomainAdministratorCredential' = $c; 'CommonName' = 'dum my2' } -Verbose
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = ResourceSet,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer oakproxyservn with user sid S-1-5-21-421322206-1191228675-876867509-500.
VERBOSE: [oakproxyservn]: LCM:  [ Start  Set      ]  [[xADUser]DirectResourceAccess]
VERBOSE: [oakproxyservn]:                            [[xADUser]DirectResourceAccess] Retrieving Active Directory user 'dummy1' (dummy1@corp.beaglelab.space) ...
VERBOSE: [oakproxyservn]:                            [[xADUser]DirectResourceAccess] Active Directory user 'dummy1' (dummy1@corp.beaglelab.space) is present.
VERBOSE: [oakproxyservn]:                            [[xADUser]DirectResourceAccess] Renaming user from 'dum my1' to 'dum my2'.
VERBOSE: [oakproxyservn]:                            [[xADUser]DirectResourceAccess] Moving user from 'OU=Standard Users,DC=corp,DC=beaglelab,DC=space' to 'CN=Users,DC=corp,DC=beaglelab,DC=space'.
Directory object not found
    + CategoryInfo          : ObjectNotFound: (CN=dum my1,OU=S...glelab,DC=space:) [], CimException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.MoveADObject
    + PSComputerName        : localhost

VERBOSE: [oakproxyservn]:                            [[xADUser]DirectResourceAccess] Updating Active Directory user 'dummy1'.
VERBOSE: [oakproxyservn]: LCM:  [ End    Set      ]  [[xADUser]DirectResourceAccess]  in 0.2660 seconds.
The PowerShell DSC resource '[xADUser]DirectResourceAccess' with SourceInfo '' threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called
Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
    + CategoryInfo          : InvalidOperation: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : localhost

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 0.459 seconds


PS C:\users\will\Desktop> Invoke-DscResource -Name xADUser -Method Set -ModuleName @{'ModuleName'='xActiveDirectory'; 'ModuleVersion'='3.0.0.0'} -Property @{'UserName'='dummy1'; 'DomainName' = 'corp.beaglelab.space'; 'Path' = 'CN=Users,DC=corp,DC=beaglelab,DC=space'; 'DomainAdministratorCredential' = $c; 'CommonName' = 'dum my2' } -Verbose
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = ResourceSet,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer oakproxyservn with user sid S-1-5-21-421322206-1191228675-876867509-500.
VERBOSE: [oakproxyservn]: LCM:  [ Start  Set      ]  [[xADUser]DirectResourceAccess]
VERBOSE: [oakproxyservn]:                            [[xADUser]DirectResourceAccess] Retrieving Active Directory user 'dummy1' (dummy1@corp.beaglelab.space) ...
VERBOSE: [oakproxyservn]:                            [[xADUser]DirectResourceAccess] Active Directory user 'dummy1' (dummy1@corp.beaglelab.space) is present.
VERBOSE: [oakproxyservn]:                            [[xADUser]DirectResourceAccess] Moving user from 'OU=Standard Users,DC=corp,DC=beaglelab,DC=space' to 'CN=Users,DC=corp,DC=beaglelab,DC=space'.
VERBOSE: [oakproxyservn]:                            [[xADUser]DirectResourceAccess] Updating Active Directory user 'dummy1'.
VERBOSE: [oakproxyservn]: LCM:  [ End    Set      ]  [[xADUser]DirectResourceAccess]  in 0.1560 seconds.
VERBOSE: [oakproxyservn]: LCM:  [ End    Set      ]    in  0.2340 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.

RebootRequired
--------------
False
VERBOSE: Time taken for configuration job to complete is 0.342 seconds


PS C:\users\will\Desktop> Invoke-DscResource -Name xADUser -Method Test -ModuleName @{'ModuleName'='xActiveDirectory'; 'ModuleVersion'='3.0.0.0'} -Property @{'UserName'='dummy1'; 'DomainName' = 'corp.beaglelab.space'; 'Path' = 'CN=Users,DC=corp,DC=beaglelab,DC=space'; 'DomainAdministratorCredential' = $c; 'CommonName' = 'dum my2' } -Verbose
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = ResourceTest,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer oakproxyservn with user sid S-1-5-21-421322206-1191228675-876867509-500.
VERBOSE: [oakproxyservn]: LCM:  [ Start  Test     ]  [[xADUser]DirectResourceAccess]
VERBOSE: [oakproxyservn]:                            [[xADUser]DirectResourceAccess] Retrieving Active Directory user 'dummy1' (dummy1@corp.beaglelab.space) ...
VERBOSE: [oakproxyservn]:                            [[xADUser]DirectResourceAccess] Active Directory user 'dummy1' (dummy1@corp.beaglelab.space) is present.
VERBOSE: [oakproxyservn]: LCM:  [ End    Test     ]  [[xADUser]DirectResourceAccess] True in 0.0780 seconds.
VERBOSE: [oakproxyservn]: LCM:  [ End    Set      ]    in  0.1410 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.

InDesiredState
--------------
True
VERBOSE: Time taken for configuration job to complete is 0.27 seconds


PS C:\users\will\Desktop>

@johlju
Copy link
Member

johlju commented Jun 27, 2019

@wpbrown thank you I think that will help someone in the community to resolve this.

@X-Guardian X-Guardian mentioned this issue Jul 2, 2019
Merged
9 tasks
@johlju johlju added in progress The issue is being actively worked on by someone. and removed help wanted The issue is up for grabs for anyone in the community. labels Jul 3, 2019
johlju pushed a commit that referenced this issue Jul 5, 2019
@X-Guardian @johlju
xADUser: Fix CN/Path Concurrent Change and Empty String Property on C…
f81e3b7 
…reation Exceptions (#412)

- Changes to xADUser
  - Fixes exception when creating a user with an empty string property (issue #407).
  - Fixes exception when updating `CommonName` and `Path` concurrently (issue #402).
@johlju johlju removed the in progress The issue is being actively worked on by someone. label Jul 5, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug The issue is a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

xADUser: Fix CN/Path Concurrent Change and Empty String Property on Creation Exceptions
2 participants
@wpbrown @johlju