AdDomainController: MSFT_ADDomainController failed to execute Test-TargetResource functionality with error message: System.InvalidOperationException: Cannot convert a existing domain controller to a Read-Only Domain Controller (RODC)

[TorstenSchnitter]

Details of the scenario you tried and the problem that is occurring

Installed a RODC with ActiveDirectoryDSC (success).

Next run of DSC fails with error.

Verbose logs showing the problem

VERBOSE: [_Servername_]: LCM:  [ Start  Resource ]  [[ADDomainController]_Servername.domainname_]
VERBOSE: [_Servername_]: LCM:  [ Start  Test     ]  [[ADDomainController]_Servername.domainname_]
VERBOSE: [_Servername_]:                            [[ADDomainController]_Servername.domainname_] Determine the state of the domain controller on the current node '_Servername_' in the dom
ain '_domainname_'. (ADDC0015)
VERBOSE: [_Servername_]:                            [[ADDomainController]_Servername.domainname_] Resolving the domain name '_domainname_'. (ADDC0001)
VERBOSE: [_Servername_]:                            [[ADDomainController]_Servername.domainname_] The domain '_domainname_' is present. Looking for domain controllers. (ADDC0002)
VERBOSE: [_Servername_]:                            [[ADDomainController]_Servername.domainname_] The current node '_Servername_' is a domain controller for the domain '_domainname_'. (AD
DC0007)
VERBOSE: [_Servername_]: LCM:  [ End    Test     ]  [[ADDomainController]_Servername.domainname_]  in 1.2350 seconds.
PowerShell DSC resource MSFT_ADDomainController  failed to execute Test-TargetResource functionality with error message: System.InvalidOperationException: Cannot convert a 
existing domain controller to a Read-Only Domain Controller (RODC). (ADDC0023) 
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : ProviderOperationExecutionFailure
    + PSComputerName        : _Servername.domainname_
VERBOSE: [_Servername_]:                            [] Consistency check completed.
One or more partial configurations failed to apply. No configuration could be created.  LCM failed to start desired state configuration manually.
    + CategoryInfo          : ObjectNotFound: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 6
    + PSComputerName        : _Servername.domainname_

Suggested solution to the issue

N/A

The DSC configuration that is used to reproduce the issue (as detailed as possible)

WindowsFeature "AD-Domain-Services"
{
	Name = "AD-Domain-Services"
	Ensure = "Present"
}

WindowsFeature "RSAT-AD-PowerShell"
{
	Name = "RSAT-AD-PowerShell"
	Ensure = "Present"
}

AdDomainController ('{0}' -f $Node.NodeName)
{
	DomainName = $DomainName
	Credential = $DomainAdministratorCredential
	SafemodeAdministratorPassword = $DomainRecoveryCredential
	ReadOnlyReplica = $true
	SiteName = $Node.SiteName
}

The operating system the target node is running

OsName               : Microsoft Windows Server 2019 Standard
OsOperatingSystemSKU : StandardServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 1809
WindowsBuildLabEx    : 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version and build of PowerShell the target node is running

PSVersion                      5.1.17763.1007
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.17763.1007
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version of the DSC module that was used

ActiveDirectoryDSC 4.2.0.0
ActiveDirectoryDSC 6.0.1

[X-Guardian]

Thanks for reporting this @TorstenSchnitter. I'll look into it.

[X-Guardian]

Hi @TorstenSchnitter, I can see the faulty code in the DomainController resource, Test-TargetResource function. I'll get this fixed.