Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10057

User resource on Windows confuses domain and local accounts

    XMLWordPrintable

    Details

    • Template:
      PUP Bug Template
    • Console Browser:
      Chrome
    • Master Config:
      Monolithic
    • Agent OS:
      Windows Server 2016
    • Master OS:
      CentOS 7
    • Team:
      Night's Watch
    • Story Points:
      5
    • Sprint:
      PR - Triage, NW - 2019-11-13, 2019-11-27, 2019-12-11
    • Method Found:
      Needs Assessment
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Puppet no longer checks for domain users or groups when managing local resources on Windows. This fixes a local user management issue where an Active Directory account existed with the same name as the local user.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Puppet Version: 6.4.3 (PE Agent from PE 2019.1.1)
      Puppet Server Version: PE 2019.1.1
      OS Name/Version: Tested against Windows 2016

      Behavior of the user resource goes wonky when an AD account exists that has the same name as the local user account you’re trying to manage on a Windows server that is domain-joined.

      Desired Behavior:

      Enforcing configuration of local user accounts on Windows domain-member servers works normally.

      Actual Behavior:

      When a user account exists locally on a member server, and a user account with the same name also exists in the Active Directory domain, this happens when setting `ensure=>absent` on that local user account:

      • The first puppet run, the local user account is detected, and removed
      • The second puppet run, the provider seems to detect the domain user account, and tries to delete the account again (from the local user database), which fails with this error:

      Could not set 'absent' on ensure: (in OLE method `Delete': )
      OLE error code:800708AD in Active Directory
      The user name could not be found.
      HRESULT error code:0x80020009
      Exception occurred. (file: /etc/puppetlabs/code/environments/development/site-modules/profile/manifests/base.pp, line: 98)
      Wrapped exception:
      (in OLE method `Delete': )
      OLE error code:800708AD in Active Directory
      The user name could not be found.
      HRESULT error code:0x80020009
      Exception occurred.
       

        Attachments

          Activity

            People

            Assignee:
            gabriel.nagy Gabriel Nagy
            Reporter:
            kevin.reeuwijk Kevin Reeuwijk
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support