Details
-
Bug
-
Status: Accepted
-
Normal
-
Resolution: Unresolved
-
None
-
None
-
2008R2 - Fresh deployment; rdp enabled, windows firewall disabled, handful of reg edits for security and usability (i.e. disable uac and logon server manager).
Installed: .net 3.5 feature in conjunction with AD DS and AD LDS Tools Feature
Installed: .net 4.5
Installed: WMF5
-----------------------------------------
20012R2 - Fresh deployment; rdp enabled, windows firewall disabled, handful of reg edits for security and usability (i.e. disable uac and logon server manager).
Installed: AD DS and AD LDS Tools Feature
Installed: WMF5
----------------------------------------
Puppet 2016.1.1 MoM w/ 3 compile masters
Puppet agent 1.4.1 windows
We are configured with environment groups; issue occurs when testing a feature branch.
(Issue occurred at 2015.3.3 also; upgraded recently)2008R2 - Fresh deployment; rdp enabled, windows firewall disabled, handful of reg edits for security and usability (i.e. disable uac and logon server manager). Installed: .net 3.5 feature in conjunction with AD DS and AD LDS Tools Feature Installed: .net 4.5 Installed: WMF5 ----------------------------------------- 20012R2 - Fresh deployment; rdp enabled, windows firewall disabled, handful of reg edits for security and usability (i.e. disable uac and logon server manager). Installed: AD DS and AD LDS Tools Feature Installed: WMF5 ---------------------------------------- Puppet 2016.1.1 MoM w/ 3 compile masters Puppet agent 1.4.1 windows We are configured with environment groups; issue occurs when testing a feature branch. (Issue occurred at 2015.3.3 also; upgraded recently)
-
Modules
-
Reviewed
Description
I am testing the use of the xadgroup dsc resource with puppet. In order to get access to the resource I had to use the master branch of the dsc repo on github; it's not available in the version on the forge.
When the code is processed the first time and the group does not exist the system creates the AD group as expected. When a subsequent run is kicked off the resource generates an error indicating the specified group already exists. I expected the resource to be idempotent and not attempt to create an existing ADgroup.
I am able to reproduce this on multiple machines for both 2008 R2 and 2012 R2.
Error: The specified group already exists
Error: /Stage[main]/Profile::Windows::Dsc_createad/Dsc_xadgroup[LSA-DSC-TESTING]/ensure: change from absent to present
failed: The specified group already exists
Code to create an AD group (removed identifying variables)
class profile::windows::dsc_createad { |
|
$create_adgroup=hiera('create_adgroup') |
|
# Create an ADgroup |
dsc_xadgroup {'LSA-DSC-TESTING': |
dsc_ensure => 'Present', |
dsc_groupname => 'LSA-DSC-TESTING', |
dsc_category => 'Security', |
dsc_groupscope => 'Global', |
dsc_path => <OU removed>,
|
dsc_description => "<puppet managed> ${::hostname} Users", |
dsc_domaincontroller => <dc removed>,
|
dsc_credential => {
|
'user' => <user removed>, |
'password' => "${create_adgroup}" |
}
|
}
|
}
|
Update made to puppetfile in feature branch to pull in branch with xadgroup resource
mod 'dsc', |
:git => 'https://github.com/puppetlabs/puppetlabs-dsc', |
:ref => 'master' |
Attachments
Issue Links
- links to