-
Notifications
You must be signed in to change notification settings - Fork 225
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SqlSetup: Add documentation around how to use built-in account #1230
Comments
This would be useful for group service account as well. But this also begs the question, is there any reason we can't just pass it a string as well? |
It can’t be a string because if the account used actually have a password, for example a domain account, then the password should be encrypted, that’s why it needs to be a PSCredential object. |
@johlju I get that. Not suggesting to get rid of that, but I was thinking more along the lines of using CredentialAttribute, but I'm not sure it makes it any less complicated thinking about it. I'll have to do a few tests of mine own to see |
Is there an example to use gMsa? |
@cnilak I don't think so. If you do install using gMSA please sen in an example. It would be much appreciated. |
I would also like a solution for this, Isnt this possible by just passing the credential it as a string? |
- SqlServerDsc - Remove the file `.github/CONTRIBUTION.md` as it no longer filled any purpose as GitHub will find the CONTRIBUTION.md in the root folder directly now (issue #1227). - The documentation in CONTRIBUTING.md has been somewhat updated. - Update documentation around design pattern for accounts that does not use passwords (issue #378) and (issue #1230). - Updating the Integration Test README.md to better explain what the integration tests for SqlSetup, SqlRSSetup, and SqlRS does (issue #1315). - SqlAGReplica - Update documentation with a requirement for SqlServer in certain circumstances (issue #1033). - SqlRSSetup - There was a typo in the error message that was thrown when not passing either the `Edition` or `ProductKey` that could be misleading (issue #1386). - Updated the parameter descriptions for the parameters `Edition` and `ProductKey` that they are mutually exclusive (issue #1386).
You still have to pass a password - even if it is a fake one. I am using the SqlServiceAccount DSC resource & after many hours of head scratching I found a post where gMSA credential is passed with the dollar sign and a fake password. Generate a fake password string to prevent NULL password errors during execution
I then passed the PSCredential object into the resource. SqlServiceAccount SetSQLServiceAccountgMSA{
you cannot just pass the object as a string because it errors out & you cannot create a PSCredential without a password. All a bit counter intuitive. http://ryannielsen.org/2020/06/desired-state-configuration-sql-always-on-deployment/ Please note that I have already include the domain in the service account string & just appended a dollar sign to it. |
Details of the scenario you tried and the problem that is occurring
To use built-in accounts a password must be provided in the credential properties, e.g.
SQLSvcAccount
. That password can be any string as the password is ignored by the resource when it sees a built-in account, e.g.'NT AUTHORITY\NetworkService'
.Verbose logs showing the problem
n/a
Suggested solution to the issue
Add information around this into the documentation of the SqlSetup resource.
The DSC configuration that is used to reproduce the issue (as detailed as possible)
n/a
SQL Server edition and version the target node is running
Any
SQL Server PowerShell modules present on the target node
Any
The operating system the target node is running
Any
Version and build of PowerShell the target node is running
Any
Version of the DSC module that was used ('dev' if using current dev branch)
Dev
The text was updated successfully, but these errors were encountered: