Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AADGroup: Test-TargetResource always returns False for certain AADGroups #5101

Closed
smccut opened this issue Sep 25, 2024 · 0 comments · Fixed by #5107 or #5132
Closed

AADGroup: Test-TargetResource always returns False for certain AADGroups #5101

smccut opened this issue Sep 25, 2024 · 0 comments · Fixed by #5107 or #5132
Assignees
@NikCharlebois
Labels
Entra ID

Comments

@smccut
Copy link

smccut commented Sep 25, 2024

Description of the issue

Description of the issue
Every time a set of AADGroup resources uses Test-TargetResource to determine whether or not the resource is in desired state, Test-TargetResource returns false. This leads to the instance of that resource having a set operation run against it every MOF application cycle, even if the resource is already in the desired state.

Microsoft 365 DSC Version

1.24.731.1 but issue present on 1.24.904.1 as well

Which workloads are affected

Azure Active Directory (Entra ID)

The DSC configuration

The issue exists in groups with Ensure => Present and Ensure => Absent.

Example with Ensure => Present, some values sanitized:
    AADGroup 'test-users' {
        DependsOn             = @(
            '[AADApplication]AADApplication-Microsoft365DSC'
        )
        DisplayName           = 'test-users'
        MailNickname          = 'test-users'
        Description           = 'Test Users'
        Owners                = @(
            "example1@contoso.com"
            "example2@contoso.com"
            "example3@contoso.com"
        )
        Members               = @(
            $arrayofusers
        )
    
        SecurityEnabled       = $true 
        MailEnabled           = $false 
        IsAssignableToRole    = $true 
        # AssignedToRole        = @()
        Visibility            = 'Private' 
        AssignedLicenses      = @()
        Ensure                = 'Present'
        ApplicationId         = $ApplicationId
        TenantId              = $TenantId
        CertificateThumbprint = $Thumbprint
    }


Example with Ensure => Absent, some values sanitized:
    AADGroup 'security-group' {
        DependsOn             = @(
            '[AADApplication]AADApplication-Microsoft365DSC'
        )
        DisplayName           = 'security-group' 
        MailNickname          = 'security-group' 
        Description           = 'Security Group' 
        Owners                = @(
            "example1@contoso.com"
            "example2@contoso.com"
        )
        Members               = @()
        SecurityEnabled       = $true 
        MailEnabled           = $false 
        IsAssignableToRole    = $true 
        Visibility            = 'Private' 
        AssignedLicenses      = @()
        Ensure                = 'Absent'
        ApplicationId         = $ApplicationId
        TenantId              = $TenantId
        CertificateThumbprint = $Thumbprint
    }

Verbose logs showing the problem

Multiple instances of this behavior:



[[AADGroup]test-users::[AzureAD]AzureAD_Configuration] Current Values: 

AccessTokens=$null

ApplicationId=***

ApplicationSecret=$null

AssignedLicenses=$null

AssignedToRole=()

CertificateThumbprint=***

Credential=$null

Description=Test Users Security Group

DisplayName=test-users

Ensure=Present

GroupTypes=()

Id=46ae78cb-dd88-459f-8ab9-aea7a340b303

IsAssignableToRole=True

MailEnabled=False

MailNickname=test-users

Managedidentity=False

MemberOf=()

Members=(example1@contoso.com,example2@contoso.com,example3@contoso.com,example4@contoso.com,example5@contoso.com)

MembershipRule=$null

MembershipRuleProcessingState=$null

Owners=(example6@contoso.com,example7@contoso.com,example8@contoso.com)

SecurityEnabled=True

TenantId=***

Visibility=Private

_______________________________
[[AADGroup]test-users::[AzureAD]AzureAD_Configuration] Target Values: 

ApplicationId=***

AssignedLicenses=()

CertificateThumbprint=***

Description=Test Users Security Group

DisplayName=test-users

Ensure=Present

IsAssignableToRole=True

MailEnabled=False

MailNickname=test-users

Members=(example1@contoso.com,example2@contoso.com,example3@contoso.com,example4@contoso.com,example5@contoso.com)

Owners=(example6@contoso.com,example7@contoso.com,example8@contoso.com)

SecurityEnabled=True

TenantId=***

Verbose=True

Visibility=Private

Environment Information + PowerShell Version

OsName               : Microsoft Windows Server 2022 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 20348.1.amd64fre.fe_release.210507-1500
OsLanguage           : en-US
OsMuiLanguages       : {en-US}


Name                           Value
----                           -----
PSVersion                      5.1.20348.2400
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.20348.2400
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@NikCharlebois NikCharlebois

Labels
Entra ID
Projects
None yet
Milestone
No milestone
2 participants
@NikCharlebois @smccut