xADGroup: Member logic executed even if it not was specified

[claudiospizzi]

Details of the scenario you tried and the problem that is occurring

I've used the xADGroup resource in a complex multi Forest multi Trust environment to create a so called "Local Administrators" group for each server in AD, to control the local server Administrators in a central place. Creating is no problem. But as soon as a group has a member, which belongs to a different trusted forest, the following error is thrown, because the Get-ADGroupMember command can't resolve the members from an other forest:

Verbose logs showing the problem

The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.

Suggested solution to the issue

The real long term solution would be to handle members of different forests correctly. But this change is quite huge. In the meanwhile, I would like to suggest, that we optimize the resource so that no logic about group members is executed, as long as no group member parameter is used in the resource (Members, MembersToInclude, MembersToExclude, MembershipAttribute).

The DSC configuration that is used to reproduce the issue (as detailed as possible)

xADGroup 'LocalAdminGroup'
{
    Ensure               = 'Present'

    GroupName            = 'Local Admin SERVER01'
    Path                 = 'OU=Local Admin Groups,DC=contoso,DC=local'

    GroupScope           = 'DomainLocal'
    Category             = 'Security'

    Description          = 'Local Administrators permissions on SERVER01'

    DomainController     = 'contoso.local
    PsDscRunAsCredential = $Credential
}

The operating system the target node is running

OsName : Microsoft Windows Server 2016 Standard
OsOperatingSystemSKU : StandardServerEdition
OsArchitecture : 64-bit
WindowsBuildLabEx : 14393.2485.amd64fre.rs1_release.180827-1809
OsLanguage : en-US
OsMuiLanguages : {en-US}

Version and build of PowerShell the target node is running

PSVersion 5.1.14393.2485
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.14393.2485
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

Version of the DSC module that was used ('dev' if using current dev branch)

2.22.0.0

[claudiospizzi]

PoC for the solution:
claudiospizzi/xActiveDirectory@dev...claudiospizzi:xADGroupOptimize

[stale]

This issue has been automatically marked as stale because it has not had activity from the community in the last 30 days. It will be closed if no further activity occurs within 10 days. If the issue is labelled with any of the work labels (e.g bug, enhancement, documentation, or tests) then the issue will not auto-close.

[stale]

This issue has been automatically closed because it is has not had activity from the community in the last 40 days.