Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSFT_ADUser: missing property "OtherAttributes" #698

Closed
fasteiner opened this issue Aug 1, 2023 · 1 comment
Closed

MSFT_ADUser: missing property "OtherAttributes" #698

fasteiner opened this issue Aug 1, 2023 · 1 comment
Labels
duplicate The issue or PR is the duplicate of another.

Comments

@fasteiner
Copy link

Problem description

When creating an ADUser you have the possibility to set extended attribute by specifying the OtherAttributes property (inputting a hashtable). This is unfourtunatley not possible with ActiveDirectoryDsc.

Error Message:
error within user creation: A parameter cannot be found that matches parameter name 'OtherAttributes'.

Plain AD Command:

$userparams = @{
                    Name              = $DisplayName
                    Path              = $path
                    Initials          = $initials
                    AccountPassword   = $passwordSecure
                    SamAccountName    = $samaccountname
                    GivenName         = $manager.GivenName
                    Surname           = $manager.sn
                    UserPrincipalName = $userprincipalname
                    DisplayName       = $DisplayName
                    Company           = $manager.Company
                    Enabled           = $true
                    Manager           = $($manager.samaccountname)
                    Credential        = $credential
                    OtherAttributes   = @{gidNumber = "5000"; uidNumber = "$UNIXUID" }
                    Server            = $DC
                }
                $user = New-ADUser @userparams

In active directory DSC:

$commonParams = @{
                Name       = 'ADUser'
                Property   = @{
                    Ensure            = 'Present'
                    Path              = $path
                    Initials          = $initials
                    Password          = New-Object System.Management.Automation.PSCredential("$samaccountname", $passwordSecure)
                    UserName          = $samaccountname
                    GivenName         = $manager.GivenName
                    Surname           = $manager.sn
                    UserPrincipalName = $userprincipalname
                    DisplayName       = $DisplayName
                    Company           = $manager.Company
                    Enabled           = $true
                    Manager           = $($manager.samaccountname)
                    Credential        = $credential
                    #OtherAttributes   = @{gidNumber = "5000"; uidNumber = "$UNIXUID" }
                    DomainController  = $DC
                }
                ModuleName = "ActiveDirectoryDsc"
            }
            $state = Invoke-DscResource @commonParams -Method Test
            if (-not $state.InDesiredState) {
                Invoke-DscResource @commonParams -Method Set | Out-Null
            }
            else {
                Add-LogToFile -filename $fileName -level INFO -Message "$($c_Permissionlevel) user already exists"
            }

            # Nessacary as not directly supported
            Set-ADUser $user -Replace @{gidNumber = "5000"; uidNumber = "$UNIXUID" } -Credential $credential

Verbose logs

-

DSC configuration

$commonParams = @{
                Name       = 'ADUser'
                Property   = @{
                    Ensure            = 'Present'
                    Path              = $path
                    Initials          = $initials
                    Password          = New-Object System.Management.Automation.PSCredential("$samaccountname", $passwordSecure)
                    UserName          = $samaccountname
                    GivenName         = $manager.GivenName
                    Surname           = $manager.sn
                    UserPrincipalName = $userprincipalname
                    DisplayName       = $DisplayName
                    Company           = $manager.Company
                    Enabled           = $true
                    Manager           = $($manager.samaccountname)
                    Credential        = $builderittier1
                    #OtherAttributes   = @{gidNumber = "5000"; uidNumber = "$UNIXUID" }
                    DomainController  = $DC
                }
                ModuleName = "ActiveDirectoryDsc"
            }

Suggested solution

Add a parameter named OtherAttributes:

 param(
   [Parameter()]
        [System.Hashtable]
        $OtherAttributes
)

Change:
https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/source/DSCResources/MSFT_ADUser/MSFT_ADUser.psm1#L1459
to

$otherUserAttributes = $OtherAttributes

if the user is already present, the otherattributes could just be overwritten:

Set-ADUser $user -Replace @{gidNumber = "5000"; uidNumber = "$UNIXUID" } -Credential $credential

Operating system the target node is running

Get-ComputerInfo -Property @('OsName','OsOperatingSystemSKU','OSArchitecture','WindowsVersion','WindowsBuildLabEx','OsLanguage','OsMuiLanguages')

OsName               : Microsoft Windows 11 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage           : en-US
OsMuiLanguages       : {en-US, de-DE}

PowerShell version and build the target node is running

$PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.3.6
PSEdition                      Core
GitCommitId                    7.3.6
OS                             Microsoft Windows 10.0.22621
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

ActiveDirectoryDsc version

Get-Module -Name 'ActiveDirectoryDsc' -ListAvailable | ft Name,Version,Path

Name               Version Path
----               ------- ----
ActiveDirectoryDsc 6.2.0   C:\Users\fasteiner\OneDrive - TTTECH COMPUTERTECHNIK AG\Documents\PowerShell\Modules\ActiveDirectoryDsc\6.2.0\ActiveDirectoryDsc.psd1
@johlju
Copy link
Member

johlju commented Aug 14, 2023

This is being tracked in issue #630. Closing this but happy to review a PR with the needed changes and corresponding unit tests. Closing this as it is being tracked in another issue.

@johlju johlju closed this as completed Aug 14, 2023
@johlju johlju added the duplicate The issue or PR is the duplicate of another. label Aug 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
duplicate The issue or PR is the duplicate of another.
Projects
None yet
Development

No branches or pull requests

2 participants