Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EXORoleAssignmentPolicy can't set Roles as Arrays as provide in MSFT_EXORoleAssignmentPolicy.psm1 #1538

Closed
atdheekurteshi opened this issue Nov 8, 2021 · 3 comments · Fixed by #1677 or #1686
Closed

EXORoleAssignmentPolicy can't set Roles as Arrays as provide in MSFT_EXORoleAssignmentPolicy.psm1 #1538

atdheekurteshi opened this issue Nov 8, 2021 · 3 comments · Fixed by #1677 or #1686
Labels
Bug Something isn't working Exchange Online

Comments

@atdheekurteshi
Copy link

atdheekurteshi commented Nov 8, 2021
edited
Loading

ISSUE TITLE:
EXORoleAssignmentPolicy:
Values 'MyRetentionPolicies,MyMailboxDelegation,MyBaseOptions,MyVoiceMail' is not supported or valid for property 'Roles' on class EXORoleAssignmentPolicy

User Roles defined in Microsoft Defender Admin Center abc set as IsDefault = True and it can't be modified with new Assigned Roles through DSC

**Current Roles**
User Roles Default Name Policy : 
**abc**
Contact information

    MyContactInformation
    This role enables individual users to modify their contact information, including address and phone numbers.

Profile information

    MyProfileInformation
    This role enables individual users to modify their name.

Distribution groups

    MyDistributionGroups
    This role enables individual users to create, modify and view distribution groups and modify, view, remove, and add members to distribution groups they own.

Distribution group memberships

    MyDistributionGroupMembership
    This role enables individual users to view and modify their membership in distribution groups in an organization, provided that those distribution groups allow manipulation of group membership.

Other roles

    My Custom Apps
    This role will allow users to view and modify their custom apps.
    My Marketplace Apps
    This role will allow users to view and modify their marketplace apps.
    My ReadWriteMailbox Apps
    This role will allow users to install apps with ReadWriteMailbox permissions.
    MyBaseOptions
    This role enables individual users to view and modify the basic configuration of their own mailbox and associated settings.
    MyMailboxDelegation
    This role enables administrators to delegate mailbox permissions.
    MyRetentionPolicies
    This role enables individual users to view their retention tags and view and modify their retention tag settings and defaults.
    MyTeamMailboxes
    This role enables individual users to create site mailboxes and connect them to SharePoint sites.
    MyTextMessaging
    This role enables individual users to create, view, and modify their text messaging settings.
    MyVoiceMail
    This role enables individual users to view and modify their voice mail settings.
    
**Roles that we want to assigne throug DSC**
User Roles Default Name Policy : 
**abc**
  Roles	MyRetentionPolicies,MyMailboxDelegation,MyBaseOptions,MyVoiceMail

ISSUE DESCRIPTION (this template):
EXORoleAssignmentPolicy:
Values 'MyRetentionPolicies,MyMailboxDelegation,MyBaseOptions,MyVoiceMail' is not supported or valid for property 'Roles' on class EXORoleAssignmentPolicy

User Roles defined in Microsoft Defender Admin Center abc set as IsDefault = True and it can't be modified with new Assigned Roles through DSC

Details of the scenario you tried and the problem that is occurring

Verbose logs showing the problem

VERBOSE: [INHOUSE-WIN7]:                            [[EXORoleAssignmentPolicy]Container-23-2d77c928-fe95-4bd6-b6a7-2efe7d6548c6] Target Values: Credential=***; Description=Diese Richtlinie gew?hrt Endbenutzern die Berechtigung zum Festlegen ihrer Optionen f?r Outlook im Web und zum Durchf?hren anderer Aufgaben im Rahmen der Selbstverwaltung.; Ensure=Present; Name=abc; Roles=(MyRetentionPolicies,MyMailboxDelegation,MyBaseOptions,MyVoiceMail); Verbose=True
VERBOSE: [INHOUSE-WIN7]:                            [[EXORoleAssignmentPolicy]Container-23-2d77c928-fe95-4bd6-b6a7-2efe7d6548c6] Test-TargetResource returned False
VERBOSE: [INHOUSE-WIN7]: LCM:  [ BeendenTesten   ]  [[EXORoleAssignmentPolicy]Container-23-2d77c928-fe95-4bd6-b6a7-2efe7d6548c6]  in 124.3660 Sekunden.
VERBOSE: [INHOUSE-WIN7]: LCM:  [ StartenFestlegen]  [[EXORoleAssignmentPolicy]Container-23-2d77c928-fe95-4bd6-b6a7-2efe7d6548c6]
VERBOSE: [INHOUSE-WIN7]:                            [[EXORoleAssignmentPolicy]Container-23-2d77c928-fe95-4bd6-b6a7-2efe7d6548c6] Setting Role Assignment Policy configuration for abc
VERBOSE: [INHOUSE-WIN7]:                            [[EXORoleAssignmentPolicy]Container-23-2d77c928-fe95-4bd6-b6a7-2efe7d6548c6] Getting Role Assignment Policy configuration for abc
VERBOSE: [INHOUSE-WIN7]:                            [[EXORoleAssignmentPolicy]Container-23-2d77c928-fe95-4bd6-b6a7-2efe7d6548c6] Found Role Assignment Policy abc
VERBOSE: [INHOUSE-WIN7]:                            [[EXORoleAssignmentPolicy]Container-23-2d77c928-fe95-4bd6-b6a7-2efe7d6548c6] Role Assignment Policy 'abc' already exists, but roles attribute needs updating.
VERBOSE: [INHOUSE-WIN7]:                            [[EXORoleAssignmentPolicy]Container-23-2d77c928-fe95-4bd6-b6a7-2efe7d6548c6] Remove Role AssignmentPolicy before recreating because Roles attribute cannot be change with Set cmdlet
Die Standardrichtlinie f?r die Rollenzuweisung "abc" kann nicht entfernt werden. Sie m?ssen eine andere Richtlinie als Standard festlegen, um diese Richtlinie entfernen zu k?nnen.
    + CategoryInfo          : WriteError: (abc:) [], CimException
    + FullyQualifiedErrorId : [Server=FRYP281MB0392,RequestId=5ba2eb53-b188-48f9-8eed-97331d760481,TimeStamp=08.11.2021 15:24:03] [FailureCategory=Cmdlet-InvalidOperationException] 96B0  
   4470,Microsoft.Exchange.Management.Tasks.RemoveRoleAssignmentPolicy
    + PSComputerName        : localhost

Fehler bei Active Directory-Vorgang mit
    + CategoryInfo          : NotSpecified: (:) [], CimException
    + FullyQualifiedErrorId : [Server=FRYP281MB0392,RequestId=182c22e3-5e6b-4ee1-964d-5c85980a9353,TimeStamp=08.11.2021 15:24:05] [FailureCategory=Cmdlet-ADObjectAlreadyExistsException]  
    50B29C8,Microsoft.Exchange.Management.Tasks.NewRoleAssignmentPolicy
    + PSComputerName        : localhost

VERBOSE: [INHOUSE-WIN7]: LCM:  [ BeendenFestlegen]  [[EXORoleAssignmentPolicy]Container-23-2d77c928-fe95-4bd6-b6a7-2efe7d6548c6]  in 11.9940 Sekunden.
Die PowerShell DSC-Ressource "[EXORoleAssignmentPolicy]Container-23-2d77c928-fe95-4bd6-b6a7-2efe7d6548c6" mit SourceInfo "::10::3::EXORoleAssignmentPolicy" hat beim Ausf?hren der         
Funktion "Set-TargetResource" mindestens einen Fehler ohne Abbruch ausgegeben. Diese Fehler werden im ETW-Kanal namens "Microsoft-Windows-DSC/Operational" protokolliert. Weitere
Informationen finden Sie in diesem Kanal.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : localhost
 
VERBOSE: [INHOUSE-WIN7]:                            [] Die Konsistenzpr?fung ist abgeschlossen.
Mindestens eine der partiellen Konfigurationen konnte nicht angewendet werden. Es konnte keine Konfiguration erstellt werden.  Der lokale Konfigurations-Manager (LCM) konnte Desired      
State Configuration nicht manuell starten.
    + CategoryInfo          : ObjectNotFound: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 6
    + PSComputerName        : localhost

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 137.272 seconds
VERBOSE: Running this cmdlet clears all active sessions created using Connect-ExchangeOnline or Connect-IPPSSession.
VERBOSE: Loading module from path 'C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\2.0.5\netFramework\Microsoft.Exchange.Management.ExoPowershellGalleryModule.dll'.
VERBOSE: Importing cmdlet 'Clear-ActiveToken'.
2021-11-08 16:24:05,308 INFO    [TenantConfig][T13] - Disconnected successfully !
Disconnected successfully !
2021-11-08 16:24:05,312 WARN    [TenantConfig][T13] - Start DSCConfiguration produced no output in the DSC Variable
2021-11-08 16:24:05,349 ERROR   [TenantConfig][T13] - Error occured during DSC Execution in VarErr: Die Standardrichtlinie f?r die Rollenzuweisung "abc" kann nicht entfernt werden. Sie m?ssen eine andere Richtlinie als Standard festlegen, um diese Richtlinie entfernen zu k?nnen.
    + CategoryInfo          : WriteError: (abc:) [], CimException
    + FullyQualifiedErrorId : [Server=FRYP281MB0392,RequestId=5ba2eb53-b188-48f9-8eed-97331d760481,TimeStamp=08.11.2021 15:24:03] [FailureCategory=Cmdlet-InvalidOperationException] 96B0  
   4470,Microsoft.Exchange.Management.Tasks.RemoveRoleAssignmentPolicy
    + PSComputerName        : localhost

Fehler bei Active Directory-Vorgang mit ist bereits vorhanden.
    + CategoryInfo          : NotSpecified: (:) [], CimException
    + FullyQualifiedErrorId : [Server=FRYP281MB0392,RequestId=182c22e3-5e6b-4ee1-964d-5c85980a9353,TimeStamp=08.11.2021 15:24:05] [FailureCategory=Cmdlet-ADObjectAlreadyExistsException]  
    50B29C8,Microsoft.Exchange.Management.Tasks.NewRoleAssignmentPolicy
    + PSComputerName        : localhost

Die PowerShell DSC-Ressource "[EXORoleAssignmentPolicy]Container-23-2d77c928-fe95-4bd6-b6a7-2efe7d6548c6" mit SourceInfo "::10::3::EXORoleAssignmentPolicy" hat beim Ausf?hren der
Funktion "Set-TargetResource" mindestens einen Fehler ohne Abbruch ausgegeben. Diese Fehler werden im ETW-Kanal namens "Microsoft-Windows-DSC/Operational" protokolliert. Weitere 
Informationen finden Sie in diesem Kanal.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : localhost

Mindestens eine der partiellen Konfigurationen konnte nicht angewendet werden. Es konnte keine Konfiguration erstellt werden.  Der lokale Konfigurations-Manager (LCM) konnte Desired      
State Configuration nicht manuell starten.
    + CategoryInfo          : ObjectNotFound: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 6
    + PSComputerName        : localhost


Write-Error : Error occured during DSC Execution in VarErr: Die Standardrichtlinie f?r die Rollenzuweisung "abc" kann nicht entfernt werden. Sie m?ssen eine andere Richtlinie als 
Standard festlegen, um diese Richtlinie entfernen zu k?nnen.
    + CategoryInfo          : WriteError: (abc:) [], CimException
    + FullyQualifiedErrorId : [Server=FRYP281MB0392,RequestId=5ba2eb53-b188-48f9-8eed-97331d760481,TimeStamp=08.11.2021 15:24:03] [FailureCategory=Cmdlet-InvalidOperationException] 96B0  
   4470,Microsoft.Exchange.Management.Tasks.RemoveRoleAssignmentPolicy
    + PSComputerName        : localhost

Fehler bei Active Directory-Vorgang mit ist bereits vorhanden.
    + CategoryInfo          : NotSpecified: (:) [], CimException
    + FullyQualifiedErrorId : [Server=FRYP281MB0392,RequestId=182c22e3-5e6b-4ee1-964d-5c85980a9353,TimeStamp=08.11.2021 15:24:05] [FailureCategory=Cmdlet-ADObjectAlreadyExistsException]  
    50B29C8,Microsoft.Exchange.Management.Tasks.NewRoleAssignmentPolicy
    + PSComputerName        : localhost

Die PowerShell DSC-Ressource "[EXORoleAssignmentPolicy]Container-23-2d77c928-fe95-4bd6-b6a7-2efe7d6548c6" mit SourceInfo "::10::3::EXORoleAssignmentPolicy" hat beim Ausf?hren der
Funktion "Set-TargetResource" mindestens einen Fehler ohne Abbruch ausgegeben. Diese Fehler werden im ETW-Kanal namens "Microsoft-Windows-DSC/Operational" protokolliert. Weitere
Informationen finden Sie in diesem Kanal.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : localhost

Mindestens eine der partiellen Konfigurationen konnte nicht angewendet werden. Es konnte keine Konfiguration erstellt werden.  Der lokale Konfigurations-Manager (LCM) konnte Desired      
State Configuration nicht manuell starten.
    + CategoryInfo          : ObjectNotFound: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 6
    + PSComputerName        : localhost

At C:\Users\xgxtan4\Downloads\m365automationnew\Main.ps1:652 char:9
+         Write-Error -Message  ("Error occured during DSC Execution in ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-ErrorProxy], Exception
    + FullyQualifiedErrorId : System.Exception,Logging.WriteErrorProxy

Suggested solution to the issue

$Roles = @("MyVoiceMail", 'MyBaseOptions', "MyTeamMailboxes","MyRetentionPolicies","MyMailboxDelegation")

function Get-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Collections.Hashtable])]
    param
    (
        [Parameter(Mandatory = $true)]
        [ValidateLength(1, 64)]
        [System.String]
        $Name,

        [Parameter()]
        [System.String]
        $Description,

        [Parameter()]
        [System.Boolean]
        $IsDefault,

        [Parameter()]
        [System.String[]]
        $Roles,

        [Parameter()]
        [ValidateSet('Present', 'Absent')]
        [System.String]
        $Ensure = 'Present',

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $Credential,

        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint,

        [Parameter()]
        [System.String]
        $CertificatePath,

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $CertificatePassword
    )

    Write-Verbose -Message "Getting Role Assignment Policy configuration for $Name"

    if ($Global:CurrentModeIsExport)
    {
        $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' `
            -InboundParameters $PSBoundParameters `
            -SkipModuleReload $true
    }
    else
    {
        $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' `
            -InboundParameters $PSBoundParameters
    }

    $nullReturn = $PSBoundParameters
    $nullReturn.Ensure = "Absent"

    try
    {
        $AllRoleAssignmentPolicies = Get-RoleAssignmentPolicy -ErrorAction Stop

        $RoleAssignmentPolicy = $AllRoleAssignmentPolicies | Where-Object -FilterScript { $_.Name -eq $Name }

        if ($null -eq $RoleAssignmentPolicy)
        {
            Write-Verbose -Message "Role Assignment Policy $($Name) does not exist."
            return $nullReturn
        }
        else
        {
            $result = @{
                Name                  = $RoleAssignmentPolicy.Name
                Description           = $RoleAssignmentPolicy.Description
                IsDefault             = $RoleAssignmentPolicy.IsDefault
                Roles                 = $RoleAssignmentPolicy.AssignedRoles
                Ensure                = 'Present'
                Credential            = $Credential
                ApplicationId         = $ApplicationId
                CertificateThumbprint = $CertificateThumbprint
                CertificatePath       = $CertificatePath
                CertificatePassword   = $CertificatePassword
                TenantId              = $TenantId
            }

            Write-Verbose -Message "Found Role Assignment Policy $($Name)"
            return $result
        }
    }
    catch
    {
        try
        {
            Write-Verbose -Message $_
            $tenantIdValue = ""
            if (-not [System.String]::IsNullOrEmpty($TenantId))
            {
                $tenantIdValue = $TenantId
            }
            elseif ($null -ne $Credential)
            {
                $tenantIdValue = $Credential.UserName.Split('@')[1]
            }
            Add-M365DSCEvent -Message $_ -EntryType 'Error' `
                -EventID 1 -Source $($MyInvocation.MyCommand.Source) `
                -TenantId $tenantIdValue
        }
        catch
        {
            Write-Verbose -Message $_
        }
        return $nullReturn
    }
}
function Set-TargetResource
{
    [CmdletBinding()]
    param
    (
        [Parameter(Mandatory = $true)]
        [ValidateLength(1, 64)]
        [System.String]
        $Name,

        [Parameter()]
        [System.String]
        $Description,

        [Parameter()]
        [System.Boolean]
        $IsDefault,

        [Parameter()]
        [System.String[]]
        $Roles,

        [Parameter()]
        [ValidateSet('Present', 'Absent')]
        [System.String]
        $Ensure = 'Present',

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $Credential,

        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint,

        [Parameter()]
        [System.String]
        $CertificatePath,

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $CertificatePassword
    )

    Write-Verbose -Message "Setting Role Assignment Policy configuration for $Name"

    $currentRoleAssignmentPolicyConfig = Get-TargetResource @PSBoundParameters

    $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' `
        -InboundParameters $PSBoundParameters

    $NewRoleAssignmentPolicyParams = @{
        Name        = $Name
        Description = $Description
        IsDefault   = $IsDefault
        Roles       = $Roles
        Confirm     = $false
    }

    $SetRoleAssignmentPolicyParams = @{
        Identity    = $Name
        # IsDefault   = $IsDefault
        Name        = $Name
        Description = $Description
        Roles       = $Roles
        Confirm     = $false
    }

    # # CASE: Role Assignment Policy doesn't exist but should;
    # if ($Ensure -eq "Present" -and $currentRoleAssignmentPolicyConfig.Ensure -eq "Absent")
    # {
    #     Write-Verbose -Message "Role Assignment Policy '$($Name)' does not exist but it should. Create and configure it."
    #     # Create Role Assignment Policy
    #     New-RoleAssignmentPolicy @NewRoleAssignmentPolicyParams
    # }
    # # CASE: Role Assignment Policy exists but it shouldn't;
    # elseif ($Ensure -eq "Absent" -and $currentRoleAssignmentPolicyConfig.Ensure -eq "Present")
    # {
    #     Write-Verbose -Message "Role Assignment Policy '$($Name)' exists but it shouldn't. Remove it."
    #     Remove-RoleAssignmentPolicy -Identity $Name -Confirm:$true
    # }
    # # CASE: Role Assignment Policy exists and it should, but has different values than the desired ones
    # elseif ($Ensure -eq "Present" -and $currentRoleAssignmentPolicyConfig.Ensure -eq "Present" -and $null -eq (Compare-Object -ReferenceObject $($currentRoleAssignmentPolicyConfig.Roles) -DifferenceObject $Roles))
    #{
        Write-Output -Message "Role Assignment Policy '$($Name)' already exists, but needs updating."
        # Write-Output -Message "Setting Role Assignment Policy $($Name) with values: $(Convert-M365DscHashtableToString -Hashtable $SetRoleAssignmentPolicyParams)"
        # $SetRoleAssignmentPolicyParams.Remove("Roles") | Out-Null
        # Set-RoleAssignmentPolicy @SetRoleAssignmentPolicyParams 
        foreach ($item in $SetRoleAssignmentPolicyParams.Roles) {
            Write-Output $item
            
                New-ManagementRoleAssignment -Role $item -Policy $Name
        }
        # New-RoleAssignmentPolicy -Name 'test1' -Roles $Roles -IsDefault

    #}
    # CASE: Role Assignment Policy exists and it should, but Roles attribute has different values than the desired ones
    # Set-RoleAssignmentPolicy cannot change Roles attribute. Therefore we have to remove and recreate the policy if Roles attribute should be changed.
    # elseif ($Ensure -eq "Present" -and $currentRoleAssignmentPolicyConfig.Ensure -eq "Present" -and $null -ne (Compare-Object -ReferenceObject $($currentRoleAssignmentPolicyConfig.Roles) -DifferenceObject $Roles))
    # {
        # Write-Verbose -Message "Role Assignment Policy '$($Name)' already exists, but roles attribute needs updating."
        # Write-Verbose -Message "Remove Role AssignmentPolicy before recreating because Roles attribute cannot be change with Set cmdlet"
        # Remove-RoleAssignmentPolicy -Identity $Name -Confirm:$false
        # New-RoleAssignmentPolicy @NewRoleAssignmentPolicyParams
    # }
}

Set-TargetResource -Name 'test1' -Roles $Roles -ApplicationId 'xx' -TenantId 'xxx' -CertificateThumbprint 'xx'

The DSC configuration that is used to reproduce the issue (as detailed as possible)

MOF file extract:

/*
@TargetNode='localhost'
@GeneratedBy=xxx
@GenerationDate=11/08/2021 15:11:37
@GenerationHost=INHOUSE-WIN7
*/

instance of MSFT_EXORoleAssignmentPolicy as $MSFT_EXORoleAssignmentPolicy1ref
{
ResourceID = "[EXORoleAssignmentPolicy]Container-23-1d3b4d8c-5cc5-4b20-b9b5-acc2956a728d";
 Description = "Diese Richtlinie gewährt Endbenutzern die Berechtigung zum Festlegen ihrer Optionen für Outlook im Web und zum Durchführen anderer Aufgaben im Rahmen der Selbstverwaltung.";
 Roles = {
    "MyRetentionPolicies",
    "MyMailboxDelegation",
    "MyBaseOptions",
    "MyVoiceMail"
};
 Credential = $MSFT_Credential1ref;
 Ensure = "Present";
 SourceInfo = "::10::3::EXORoleAssignmentPolicy";
 Name = "Default Role Assignment Policy";
 ModuleName = "Microsoft365DSC";
 ModuleVersion = "1.21.1103.1";

 ConfigurationName = "MainConfig";

};
instance of OMI_ConfigurationDocument


                    {
 Version="2.0.0";
 

                        MinimumCompatibleVersion = "1.0.0";
 

                        CompatibleVersionAdditionalProperties= {"Omi_BaseResource:ConfigurationName"};
 

                        Author="xxx";
 

                        GenerationDate="11/08/2021 15:11:37";
 

                        GenerationHost="INHOUSE-WIN7";


                        ContentType="PasswordEncrypted";
 

                        Name="MainConfig";


                    };



#### The operating system the target node is running
<!--
    Please provide as much as possible about the target node, for example
    edition, version, build and language.
    On OS with WMF 5.1 the following command can help get this information.

OsName               : Microsoft Windows 10 Pro
OsOperatingSystemSKU : 48
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 19041.1.amd64fre.vb_release.191206-1406
OsLanguage           : en-US
OsMuiLanguages       : {en-US, de-DE}

-->

#### Version of the DSC module that was used ('dev' if using current dev branch)
1.21.1103.1
@atdheekurteshi
Copy link
Author

atdheekurteshi commented Dec 23, 2021
edited
Loading

The issue was tested on the newest verison of the DSC but I still got the same Issue as described above.

Version of the DSC module that was used ('dev' if using current dev branch)

1.21.1222.1

@NikCharlebois
Copy link
Collaborator

Any chances you could post the configuration you are trying to apply and which is failing? Thanks

@atdheekurteshi
Copy link
Author

I am trying to apply this DSC configuration:
EXORoleAssignmentPolicy

Name : 'Default Role Assignment Policy'
Description: ''Diese Richtlinie gewährt Endbenutzern die Berechtigung zum Festlegen ihrer Optionen für Outlook im Web und zum Durchführen anderer Aufgaben im Rahmen der Selbstverwaltung.
Roles: { "MyRetentionPolicies","MyMailboxDelegation","MyBaseOptions","MyVoiceMail"}

Currently, Roles can't be set as an array like it mention above.
Please check the last thread above, it is described in more detail.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

MOF file extract:

/*
@TargetNode='localhost'
@GeneratedBy=xxx
@GenerationDate=xxx
@GenerationHost=INHOUSE-WIN7
*/

instance of MSFT_EXORoleAssignmentPolicy as $MSFT_EXORoleAssignmentPolicy1ref
{
ResourceID = "[EXORoleAssignmentPolicy]Container-23-1d3b4d8c-5cc5-4b20-b9b5-acc2956a728d";
 Description = "Diese Richtlinie gewährt Endbenutzern die Berechtigung zum Festlegen ihrer Optionen für Outlook im Web und zum Durchführen anderer Aufgaben im Rahmen der Selbstverwaltung.";
 Roles = {
    "MyRetentionPolicies",
    "MyMailboxDelegation",
    "MyBaseOptions",
    "MyVoiceMail"
};
 Credential = $MSFT_Credential1ref;
 Ensure = "Present";
 SourceInfo = "::10::3::EXORoleAssignmentPolicy";
 Name = "Default Role Assignment Policy";
 ModuleName = "Microsoft365DSC";
 ModuleVersion = "1.21.1222.1";

 ConfigurationName = "MainConfig";

};
instance of OMI_ConfigurationDocument


                    {
 Version="2.0.0";
 

                        MinimumCompatibleVersion = "1.0.0";
 

                        CompatibleVersionAdditionalProperties= {"Omi_BaseResource:ConfigurationName"};
 

                        Author="xxx";

                        GenerationHost="INHOUSE-WIN7";


                        ContentType="PasswordEncrypted";
 

                        Name="MainConfig";


                    };



#### The operating system the target node is running
<!--
    Please provide as much as possible about the target node, for example
    edition, version, build and language.
    On OS with WMF 5.1 the following command can help get this information.

OsName               : Microsoft Windows 10 Pro
OsOperatingSystemSKU : 48
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 19041.1.amd64fre.vb_release.191206-1406
OsLanguage           : en-US
OsMuiLanguages       : {en-US, de-DE}

-->

#### Version of the DSC module that was used ('dev' if using current dev branch)
1.21.1222.1

NikCharlebois added a commit to NikCharlebois/Microsoft365DSC that referenced this issue Jan 14, 2022
@NikCharlebois
Fixes microsoft#1538
12ce7ec
@NikCharlebois NikCharlebois added Bug Something isn't working and removed Pending Information labels Jan 14, 2022
@NikCharlebois NikCharlebois mentioned this issue Jan 14, 2022
Merged
@NikCharlebois NikCharlebois mentioned this issue Jan 19, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working Exchange Online
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Various Fixes NikCharlebois/Microsoft365DSC
Release 1.22.119.1 NikCharlebois/Microsoft365DSC
2 participants
@atdheekurteshi @NikCharlebois