ADObjectPermissionEntry: Cannot find drive. A drive with the name 'AD' does not exist #547
Comments
|
Hi @shurick81, thanks for raising this issue. I have tested your configuration and am not getting this error in my lab. Can you therefore provide more information on how you are running this, (locally on a DC or remote etc) and also whether you are able to recreate the error every time. Also, are you creating any other resources within the same Dsc other than the ones you have listed, as your Dsc configuration is not complete? |
X-Guardian
added
the
waiting for author response
|
Hi, thanks for prompt reply. The way I excute this config is basically running this script: $configName = "CRMDomainCustomizations"
Write-Host "$(Get-Date) Defining DSC"
try
{
Configuration $configName
{
param(
[Parameter(Mandatory=$true)]
[ValidateNotNullorEmpty()]
[PSCredential]
$CRMInstallAccountCredential
)
Import-DscResource -ModuleName PSDesiredStateConfiguration
Import-DscResource -ModuleName ActiveDirectoryDsc -ModuleVersion 5.0.0
$domainName = "contoso.local";
Node $AllNodes.NodeName
{
ADUser CRMInstallAccountUser
{
DomainName = $domainName
UserName = $CRMInstallAccountCredential.GetNetworkCredential().UserName
Password = $CRMInstallAccountCredential
PasswordNeverExpires = $true
}
ADOrganizationalUnit CRMGroupsOU
{
Name = "CRM groups"
Path = "DC=contoso,DC=local"
}
ADGroup CRMPrivUserGroup
{
GroupName = "CRM01PrivUserGroup"
MembersToInclude = $CRMInstallAccountCredential.GetNetworkCredential().UserName
GroupScope = "Universal"
Path = 'OU=CRM groups,DC=contoso,DC=local'
DependsOn = "[ADOrganizationalUnit]CRMGroupsOU", "[ADUser]CRMInstallAccountUser"
}
ADObjectPermissionEntry OUPermissions
{
Ensure = 'Present'
Path = 'OU=CRM groups,DC=contoso,DC=local'
IdentityReference = 'contoso\CRM01PrivUserGroup'
ActiveDirectoryRights = 'GenericAll'
AccessControlType = 'Allow'
ObjectType = '00000000-0000-0000-0000-000000000000'
ActiveDirectorySecurityInheritance = 'All'
InheritedObjectType = '00000000-0000-0000-0000-000000000000'
DependsOn = "[ADGroup]CRMPrivUserGroup"
}
}
}
}
catch
{
Write-Host "$(Get-Date) Exception in defining DCS:"
$_.Exception.Message
Exit 1;
}
$configurationData = @{ AllNodes = @(
@{ NodeName = $env:COMPUTERNAME; PSDscAllowPlainTextPassword = $True; PsDscAllowDomainUser = $True }
) }
$securedPassword = ConvertTo-SecureString "c0tmp1Expa~~" -AsPlainText -Force
$CRMInstallAccountCredential = New-Object System.Management.Automation.PSCredential( "contoso\_crmadmin", $securedPassword );
Write-Host "$(Get-Date) Compiling DSC"
try
{
&$configName `
-ConfigurationData $configurationData `
-CRMInstallAccountCredential $CRMInstallAccountCredential;
}
catch
{
Write-Host "$(Get-Date) Exception in compiling DCS:";
$_.Exception.Message
Exit 1;
}
Write-Host "$(Get-Date) Starting DSC"
try
{
Start-DscConfiguration $configName -Verbose -Wait -Force;
}
catch
{
Write-Host "$(Get-Date) Exception in starting DCS:"
$_.Exception.Message
Exit 1;
}
if ( $env:VMDEVOPSSTARTER_NODSCTEST -ne "TRUE" )
{
Write-Host "$(Get-Date) Testing DSC"
try {
$result = Test-DscConfiguration $configName -Verbose;
$inDesiredState = $result.InDesiredState;
$failed = $false;
$inDesiredState | % {
if ( !$_ ) {
Write-Host "$(Get-Date) Test failed"
Exit 1;
}
}
}
catch {
Write-Host "$(Get-Date) Exception in testing DCS:"
$_.Exception.Message
Exit 1;
}
} else {
Write-Host "$(Get-Date) Skipping tests"
}
Exit 0; |
|
Actually, when I am running it just like this on the AD01 machine in console, it works. The condition that I get error from is that I run it with Vagrant remotely, I guess. I will get back with further details later. |
X-Guardian
added
needs more information
|
Here's what I found. It does not matter if I execute it remotely or not. When I run it like this, it works:
$domainName = "contoso.local";
Node $AllNodes.NodeName
{
ADDomain ADDomain
{
DomainName = $domainName
SafemodeAdministratorPassword = $domainSafeModeAdministratorPasswordCredential
Credential = $shortDomainAdminCredential
}
However, if I don't do pause and run the configuration immediately, it throws the error |
|
If you are creating the domain as part of the same DSC configuration, you need to use the |
|
Hi, I'm not creating the docmain as part of the same DSC configuration and not even as part of the same PS session. |
|
Ok, but you are creating the domain as part of the same 'process', whatever that may be, (set of scripts etc), so it is most probably a timing issue between the creation of the domain and applying the |
|
Ok, let me be more specific Then as soon as it is finished, I restart the machine, then as soon as winrm is available again, I run the same script again, but this time I don't set this varialbe: As you suggested, I tried to add WaitForADDomain in domain.ps1 but it did not make any difference. What I've imperically found as a temporary solution is running |
|
Hi @shurick81, I need to be able to see the DSC configuration and verbose logging that includes the |
|
here is the script: https://gist.github.com/shurick81/dc2931aabaf53d2601b8c96a0911810a here is the output: https://gist.github.com/shurick81/2e4653b8447501dbf8bf9c559f02da03 |
|
Hi @shurick81, can you post the raw DSC logs from the run, rather than the vagrant script output? You can find these on the target server in 'C:\Windows\System32\Configuration\ConfigurationStatus' with a suffix of 'details.json'. Reason being as it is not clear from the script output exactly when the exception is occurring and it will be clearer from the raw DSC logs. |
|
Here's the output from the console itself, when I run manually, without vagrant: https://gist.github.com/shurick81/f6d7a1e19748d26449c977d5988a8a86 Here's the contents of 'C:\Windows\System32\Configuration\ConfigurationStatus{BB5B9146-48D7-11EA-9DF9-080027009DD1}-0.details.json' file: https://gist.github.com/shurick81/077c3d3f4ca32a472a745b5a55837675 Here's the contents of 'C:\Windows\System32\Configuration\ConfigurationStatus{BB5B9146-48D7-11EA-9DF9-080027009DD1}-0.mof' file: https://gist.github.com/shurick81/b6467d3c38038df7eb1c8229bf8d8b61 |
|
OK, that's better. I can now see that it is attempting to create a new AD: PSDrive at the Test stage of the |
|
Yes, if you mean authoring source code of DSC module, it would be great for me to gain some hands on experience, I'm ready. |
|
Great, shall we chat on the PowerShell Slack channel: http://slack.poshcode.org. |
X-Guardian
added
bug
Details of the scenario you tried and the problem that is occurring
I am trying to apply permissions to an OU and getting get an error when applying the configuration with
Start-DscConfigurationVerbose logs showing the problem
Suggested solution to the issue
The DSC configuration that is used to reproduce the issue (as detailed as possible)
The operating system the target node is running
OsName : Microsoft Windows Server 2016 Standard Evaluation
OsOperatingSystemSKU : 79
OsArchitecture : 64-bit
WindowsBuildLabEx : 14393.0.amd64fre.rs1_release.160715-1616
OsLanguage : en-US
OsMuiLanguages : {en-US}
Version and build of PowerShell the target node is running
Name Value
PSVersion 5.1.14393.0
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.14393.0
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Version of the DSC module that was used
5.0.0
The text was updated successfully, but these errors were encountered: