Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AADAdministrativeUnit: ScopedRoleMembers parameter Set-TargetResource returns 'Expected property 'RoleName' is not present' #2776

Closed
Borgquite opened this issue Jan 12, 2023 · 2 comments · Fixed by #2794
Closed

AADAdministrativeUnit: ScopedRoleMembers parameter Set-TargetResource returns 'Expected property 'RoleName' is not present' #2776

Borgquite opened this issue Jan 12, 2023 · 2 comments · Fixed by #2794
Labels
Bug Something isn't working Entra ID V1.23.111.1 Version 1.23.111.1

Comments

@Borgquite
Copy link
Contributor

Borgquite commented Jan 12, 2023
edited
Loading

Details of the scenario you tried and the problem that is occurring

Should probably be investigated alongside #2775 since they may be related.

Attempting to create an AU with the ScopedRoleMembers parameter applied results in the following errors:

Expected property 'RoleName' is not present on resource of type 'ScopedRoleMembership'
Cannot bind argument to parameter 'AdministrativeUnitId' because it is an empty string.

Hopefully I've got the DSC syntax correct but if not, do correct me!

Verbose logs showing the problem

PS C:\Users\user.name\Documents> Start-DscConfiguration -Path .\Example\ -Verbose -Wait -force
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' =
MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer COMPUTERNAME with user sid SID.
VERBOSE: [COMPUTERNAME]: LCM: [ Start Set ]
VERBOSE: [COMPUTERNAME]: LCM: [ Start Resource ] [[AADUser]TestUser]
VERBOSE: [COMPUTERNAME]: LCM: [ Start Test ] [[AADUser]TestUser]
VERBOSE: [COMPUTERNAME]: [[AADUser]TestUser] Testing configuration of Office 365 User test.user@contoso.com
VERBOSE: [COMPUTERNAME]: [[AADUser]TestUser] Target Values: Credential=; DisplayName=Test User; Ensure=Present; FirstName=Test; LastName=User;
UserPrincipalName=test.user@contoso.com; Verbose=True
VERBOSE: [COMPUTERNAME]: [[AADUser]TestUser] Getting configuration of Office 365 User test.user@contoso.com
VERBOSE: [COMPUTERNAME]: [[AADUser]TestUser] Getting Office 365 User test.user@contoso.com
VERBOSE: [COMPUTERNAME]: [[AADUser]TestUser] Found User test.user@contoso.com
VERBOSE: [COMPUTERNAME]: [[AADUser]TestUser] Current Values: ApplicationId=; ApplicationSecret=$null; CertificateThumbprint=; City=$null;
Country=$null; Credential=; Department=$null; DisplayName=Test User; Ensure=Present; Fax=$null; FirstName=Test; LastName=User; LicenseAssignment=(); MobilePhone=$null;
Office=$null; Password=$null; PasswordNeverExpires=False; PasswordPolicies=None; PhoneNumber=$null; PostalCode=$null; PreferredLanguage=$null; Roles=(); State=$null;
StreetAddress=$null; TenantId=; Title=$null; UsageLocation=$null; UserPrincipalName=test.user@contoso.com; UserType=Member
VERBOSE: [COMPUTERNAME]: [[AADUser]TestUser] Target Values: Credential=***; DisplayName=Test User; Ensure=Present; FirstName=Test; LastName=User;
UserPrincipalName=test.user@contoso.com; Verbose=True
VERBOSE: [COMPUTERNAME]: [[AADUser]TestUser] Test-TargetResource returned True
VERBOSE: [COMPUTERNAME]: LCM: [ End Test ] [[AADUser]TestUser] in 13.6620 seconds.
VERBOSE: [COMPUTERNAME]: LCM: [ Skip Set ] [[AADUser]TestUser]
VERBOSE: [COMPUTERNAME]: LCM: [ End Resource ] [[AADUser]TestUser]
VERBOSE: [COMPUTERNAME]: LCM: [ Start Resource ] [[AADAdministrativeUnit]TestUnit]
VERBOSE: [COMPUTERNAME]: LCM: [ Start Test ] [[AADAdministrativeUnit]TestUnit]
VERBOSE: [COMPUTERNAME]: [[AADAdministrativeUnit]TestUnit] Testing configuration of {}
VERBOSE: [COMPUTERNAME]: [[AADAdministrativeUnit]TestUnit] Nothing with id {} was found
VERBOSE: [COMPUTERNAME]: [[AADAdministrativeUnit]TestUnit] Test-TargetResource returned False
VERBOSE: [COMPUTERNAME]: LCM: [ End Test ] [[AADAdministrativeUnit]TestUnit] in 4.7830 seconds.
VERBOSE: [COMPUTERNAME]: LCM: [ Start Set ] [[AADAdministrativeUnit]TestUnit]
VERBOSE: [COMPUTERNAME]: [[AADAdministrativeUnit]TestUnit] Nothing with id {} was found
VERBOSE: [COMPUTERNAME]: [[AADAdministrativeUnit]TestUnit] Creating AU {Test-Unit}
Expected property 'RoleName' is not present on resource of type 'ScopedRoleMembership'
+ CategoryInfo : InvalidOperation: ({ body = Micros...strativeUnit1 }:) [], CimException
+ FullyQualifiedErrorId : Request_BadRequest,Microsoft.Graph.PowerShell.Cmdlets.NewMgAdministrativeUnit_CreateExpanded
+ PSComputerName : localhost

Cannot bind argument to parameter 'AdministrativeUnitId' because it is an empty string.
+ CategoryInfo : InvalidData: (:) [], CimException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAllowed,New-MgDirectoryAdministrativeUnitScopedRoleMember
+ PSComputerName : localhost

VERBOSE: [COMPUTERNAME]: LCM: [ End Set ] [[AADAdministrativeUnit]TestUnit] in 4.3740 seconds.
The PowerShell DSC resource '[AADAdministrativeUnit]TestUnit' with SourceInfo 'C:\Users\user.name\Documents\Example.ps1::19::9::AADAdministrativeUnit'
threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called
Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
+ CategoryInfo : InvalidOperation: (:) [], CimException
+ FullyQualifiedErrorId : NonTerminatingErrorFromProvider
+ PSComputerName : localhost

VERBOSE: [COMPUTERNAME]: LCM: [ End Set ]
The SendConfigurationApply function did not succeed.
+ CategoryInfo : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
+ FullyQualifiedErrorId : MI RESULT 1
+ PSComputerName : localhost

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 23.69 seconds

Suggested solution to the issue

In DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1, line 546 only removes 'ScopedRoleMembers' if it is NOT set (line 496). However line 541 is also commented out, so at present ScopedRoleMembers is passed to New-MgAdministrativeUnit unprocessed, which appears to be the cause. However there may be other bugs here (not least #2775) so perhaps worth testing & checking all of this implementation?

The DSC configuration that is used to reproduce the issue (as detailed as possible)

$credsCredential = Get-Credential

Configuration Example
{
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        AADUser 'TestUser'
        {
            Credential = $credsCredential;
            UserPrincipalName = "test.user@contoso.com"
            FirstName = "Test"
            LastName = "User"
            DisplayName = "Test User"
            Ensure = "Present"
        }
        AADAdministrativeUnit 'TestUnit'
        {
            Credential = $credsCredential;
            DisplayName = "Test-Unit";
            Ensure = "Present";
            ScopedRoleMembers             = @(
                MSFT_MicrosoftGraphScopedRoleMembership
                {
                    RoleName = "User Administrator"
                    RoleMemberInfo = MSFT_MicrosoftGraphIdentity
                    {
                        Identity = "test.user@contoso.com"
                        Type = "User"
                    }
                }
            )
        }
    }
}

$cd = @{
    AllNodes = @(
        @{
            NodeName = 'localhost'
            PSDscAllowPlainTextPassword = $true
        }
    )
}

Example -ConfigurationData $cd

The operating system the target node is running

OsName : Microsoft Windows 11 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture : 64-bit
WindowsVersion : 2009
WindowsBuildLabEx : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage : en-GB
OsMuiLanguages : {en-GB, en-US}

Version of the DSC module that was used ('dev' if using current dev branch)

1.23.111.1
@Borgquite Borgquite changed the title AADAdministrativeUnit: ScopedRoleMembers parameter Set-TargetResource returrns 'Expected property 'RoleName' is not present' AADAdministrativeUnit: ScopedRoleMembers parameter Set-TargetResource returns 'Expected property 'RoleName' is not present' Jan 12, 2023
@andikrueger andikrueger added Bug Something isn't working Entra ID V1.23.111.1 Version 1.23.111.1 labels Jan 16, 2023
@salbeck-sit
Copy link
Contributor

I believe #2786 addresses the issues. Please have a look

@Borgquite Borgquite mentioned this issue Jan 17, 2023
Closed
@salbeck-sit salbeck-sit mentioned this issue Jan 17, 2023
Merged
@ykuijs ykuijs mentioned this issue Mar 9, 2023
Merged
@Borgquite
Copy link
Contributor Author

Seems to work fine in my testing now :) Ta!

@Borgquite Borgquite mentioned this issue Mar 18, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working Entra ID V1.23.111.1 Version 1.23.111.1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes issues discussed in #2786 salbeck-sit/Microsoft365DSC
3 participants
@andikrueger @Borgquite @salbeck-sit