Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AADMSGroup] Missing GroupType will cause Set-TargetResource to crash #850

Closed
SebastianGoers opened this issue Oct 21, 2020 · 1 comment · Fixed by #1643, #1645 or #3088
Closed

[AADMSGroup] Missing GroupType will cause Set-TargetResource to crash #850

SebastianGoers opened this issue Oct 21, 2020 · 1 comment · Fixed by #1643, #1645 or #3088
Labels
Entra ID

Comments

@SebastianGoers
Copy link

Details of the scenario you tried and the problem that is occurring

Set-TargetResource will fail when the GroupType property of an AAD group is missing.

Verbose logs showing the problem

Setting configuration of Azure AD Groups
VERBOSE:[[AADMSGroup]xxx] Getting configuration of AzureAD Group
VERBOSE:[[AADMSGroup]xxx] Id was NOT specified
You cannot call a method on a null-valued expression.
At D:\... DscConfiguration.ps1:157 char:2
 +     $dscTestResults = Start-DSCConfiguration -UseExisting -wait
 +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 + CategoryInfo          : InvalidOperation: (:) [], CimException
 + FullyQualifiedErrorId : InvokeMethodOnNull
 + PSComputerName        : localhost

Suggested solution to the issue

In Set-TargetResource GroupTypes is being evaluated, but the parameter is not mandatory. Thus, if the parameter is empty (aka missing in the config file), the script will crash.
Suggestion: Make GroupTypes a mandatory parameter for Set-TargetResource.

The line where the code crashes is:

@ $GroupTypes.Contains("Unified")


    if ($Ensure -eq 'Present' -and $GroupTypes.Contains("Unified") -and $MailEnabled -eq $false)
    {
        Write-Verbose -Message "Cannot set mailenabled to false if GroupTypes is set to Unified when creating group."
        throw "Cannot set mailenabled to false if GroupTypes is set to Unified when creating a group."
    }

The DSC configuration that is used to reproduce the issue (as detailed as possible)

The Group name "SEC_CLOUD_NOT_EXISITNG_GRP" has been used for demo purposes only.

AADMSGroup xxx
        {
            Description          = "SEC_CLOUD_NOT_EXISITNG_GRP";
            DisplayName       = "SEC_CLOUD_NOT_EXISITNG_GRP";
            Ensure                  = "Present";
            GlobalAdminAccount   = $Credsglobaladmin;
            Id                         = "";
            MailEnabled        = $false;
            MailNickname         = "SEC_CLOUD_NOT_EXISITNG_GRP";
            SecurityEnabled      = $true;
        }

The operating system the target node is running

Version of the DSC module that was used ('dev' if using current dev branch)
@NikCharlebois
Copy link
Collaborator

Update coming that will default group types to Unified if no implicit types are specified. This will prevent having to release a breaking change for this.

NikCharlebois added a commit to NikCharlebois/Microsoft365DSC that referenced this issue Dec 21, 2021
@NikCharlebois
Fixes microsoft#850
ad9fa40 
closes microsoft#850
This was referenced Dec 21, 2021
Merged
Merged
@Borgquite Borgquite mentioned this issue Mar 29, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Entra ID
Projects
None yet
Milestone
No milestone
2 participants
@NikCharlebois @SebastianGoers