dsccommunity / computermanagementdsc Goto Github PK

When supplying a configuration to just set the computer's name - without specifying a Domain or Workgroup name - the Test-TargetResource method fails. The first Test-TargetResource fails as expected as the computer name is incorrect.

However, after the machine has been renamed correctly and rebooted, all subsequent Test-TargetResource calls fail as the method does not return $true or $false!

If VM was added to the domain, then deleted-recreated-rebuilt, and then we try to use xComputer again, then joining fails with the error "can't join machine to domain cause it already exist"

Here is how to reproduce this issue:

• build VM
• join to DC with xComputer and name "my-dev"
• delete VM
• join to DC with xComputer and name "my-dev" <-- fails here

That could be fixed with the following code-check prior joining to the DC:

$machineName =  "my-dev"
$dcIpAddress = "10.0.0.10"

	# removing maching from the AD
	Write-Output  "`tChecking if VM exists in AD:[$machineName] via DC IP address:[$dcIpAddress]"
	try {
		
		$machine = get-adcomputer $machineName -Server $dcIpAddress -ErrorAction SilentlyContinue
	}
	catch {
		
	}
	
	if($machine -ne $null) {
		Write-Output  "`tRemoving VM from AD:[$machineName]"
		remove-adobject $machine  -Recursive -Server $dcIpAddress -Confirm:$false -ErrorAction SilentlyContinue
	}

In that case, if VM isn't inthe DC and it EXISTS in DC (from previous build), all be good.

GetComputerDomain Function

Consistent Check is failing as System account doesn't have AD Permissions

([System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain()).Name

Test should be changed .

In the xSQLServer module there is currently a resource called xSqlServerPowerPlan. A suggestion was raised (issue dsccommunity/SqlServerDsc#129 ) to move that to the xComputerManagement module instead since it is not just connected to SQL. And at the same time rename the resource to xPowerPlan.

Any thoughts on this?

I'm happy to start the process by sending in a PR to this module.

There are several PSSA Errors being identified that need to be resolved:
https://ci.appveyor.com/project/PlagueHO/xcomputermanagement/build/1.9.31.0#L117
https://ci.appveyor.com/project/PlagueHO/xcomputermanagement/build/1.9.31.0#L137
https://ci.appveyor.com/project/PlagueHO/xcomputermanagement/build/1.9.31.0#L165

There are also some "flagged" rules that should be fixed if possible.

This is primarily to support joining Nano Servers to a Domain, but it should work for any server as well.

Note: The *-Computer (e.g. Add-Computer, Rename-Computer) are not available in Nano Server.

Option 1:
Add an optional ODJFile parameter to the xComputer resource:

[write,description("The path to an Offline Domain Join blob file.")] string ODJFile;

If this is passed then instead of using the normal code path it could check for domain membership and if missing call out to DJOIN.EXE (there is no PowerShell equivalent to DJOIN.EXE that I know of).

Option 2:
Create an entirely new resource (e.g. xODJ) for performing ODJ that will only perform the join from a blob and nothing else (no computer rename etc).

I prefer Option 2 because it means no change to existing resources.

I'm happy to implement this (I need it for one of my projects) but would love feed back on what people think is the best way to go.

The Nano info is also based around TP4, so what is supported by Nano might change with future releases. But ODJ should still be something that is needed for non-Nano Servers.

@PlagueHO I've started converting all my cScheduledTask (totally different resource) configurations to xScheduledTask and noticed some time zone issues. The configuration is being built in Australia but the servers are in New Zealand.

I need a task to run every 15 minutes for 23 hours a day. So I used the following config.

RepeatInterval     = '00:15:00'
RepetitionDuration = '23:00:00'

However, I get the following issue.

Invoke-CimMethod : PowerShell DSC resource MSFT_xScheduledTask  failed to execute Set-TargetResource functionality with error message: Repetition duration 01:00:00 is less than repetition interval 02:15:00. Please set RepeatInterval to a value lower or 
equal to RepetitionDuration

If I do something like this...

RepeatInterval     = [datetime]::Today.AddMinutes(15)
RepetitionDuration = '20:00:00'

...then the scheduled task is set to start 12:00AM, repeat every 02:15:00 for a duration of 22:00:00.

I think one solution would be to add a property to the resource called 'UseLocalTime' this would resolve the issue without having a breaking change.

Another question is how do I set the duration to Indefinitely?

This one's weird, when I try to push DSC I get the following error:

A parameter cannot be found that matches parameter name 'TaskPath'.
    + CategoryInfo          : InvalidArgument: (:) [], CimException
    + FullyQualifiedErrorId : NamedParameterNotFound,Get-ScheduledTask
    + PSComputerName        : MILXXMRDPSDEV01

Running get-help get-scheduledtask on the target server produces this under Syntax:

Get-ScheduledTask [[-TaskName] <String[]>] [[-TaskPath] <String[]>]

Running get-scheduledtask -taskpath \ as SYSTEM (via PsExec) on the target server produces output.

My google-fu has let me down. What's going on here?

It would be great if there was a 5th type of page settings that set the page file to the exact size of the memory installed. For example, if your server had 8GB of RAM. xVirtualMemory would configure the page file (on your specified location) to be 8GB. This would mean if we changed the servers memory to say 16GB, xVirtualMemory would automatically change the paging file to 16GB without having to re-compile the MOF file.

Additions have been made to this module in a separate repo:
https://github.com/robwi/xComputerManagement

HELP WANTED

If someone would like to review this work and incorporate changes back to the resource kit as a new PR, that would be a great project.

Optin to these tests once BOM is fixed:
Common Tests - Validate Module Files
Common Tests - Validate Script Files

I'd like to be able to set the OU on domain join and move the AD Object if possible. While I'm happy to write this myself I wanted to know what dependencies this resource would be willing to take. For example there is a Move-ADObject if we require the AD Module to be installed. This would probably be the easiest requirement and the move powershell like.

Unless I'm missing something really obvious (entirely possible!) I can't seem to find a way to add multiple ScheduleTypes (Triggers) to new Scheduled Tasks. For example, a task that recurs daily, but also runs at computer startup. I have tried specifying multiple schedule types as a comma separated list, and also running a second instance of xScheduledTask to "amend" the new task with an additional Schedule/Trigger, however neither of these seem to work. Is this possible at all, or alternatively can it be made possible?

I'm working on this one.

It's not possible to disable already present tasks because it needs to set required parameters that should not be changed (and might be unknown per target node).

        xScheduledTask 'DisableMyTask'
        {
           TaskName = 'MyTask'
           TaskPath = '\Company'
           Enable = $false
        }

xComputer will currently attempt to change the settings on a computer with certificate authority (which is not supported by Windows as far as I'm aware).

Is this something that should change? Got some code here that'll run a test, let me know if you want a PR in.

Repro steps: Create computer object in AD with target computer name (preseeded computer object). Attempt to use xComputerManagement module MSFT_xComputer resource to join the domain and rename to target computer name. The resource will join the computer to the domain, but the rename fails, as the computer object already exists in AD.

To fix: Need to rename the computer object before joining to domain.

Thank you for this resource! It would be nice to include support for -RandomDelay when creating repeating tasks.

the scheduledTask created successfully, but the verify failed.

here my scheduleTask:

xScheduledTask Task_ddd_sync {
ActionExecutable = "C:\Program Files (x86)\Robocopy\ddd_sync.cmd"
RepeatInterval = 60
ScheduleType = "Minutes"
TaskName = "ddd-sync"
DependsOn = '[xUser]TachographUser'
Ensure = "Present"
ExecuteAsCredential = $TachographUserCred
StartTime = "03:00"
}

configuration foo
{
Import-dscresource -ModuleName xComputerManagement
xComputer x
{
Name = 'amitsara-PC2'
}
}

foo
Start-DscConfiguration -path .\foo -wait -force -Verbose

PS C:\Scenario\TwoTierPKI> F:\Users\Administrator\Desktop\Untitled1.ps1

Directory: C:\Scenario\TwoTierPKI\foo

Mode LastWriteTime Length Name

-a---- 10/21/2015 1:18 PM 1838 localhost.mof
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespace
Name' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer AMITSARA-PC2 with user sid S-1-5-21-2127521184-1604012920-1887927527-13139468.
VERBOSE: [AMITSARA-PC2]: LCM: [ Start Set ]
VERBOSE: [AMITSARA-PC2]: LCM: [ Start Resource ] [[xComputer]x]
VERBOSE: [AMITSARA-PC2]: LCM: [ Start Test ] [[xComputer]x]
VERBOSE: [AMITSARA-PC2]: [[xComputer]x] Checking if computer name is amitsara-PC2
VERBOSE: [AMITSARA-PC2]: LCM: [ End Test ] [[xComputer]x] in 0.1250 seconds.
The PowerShell DSC resource C:\Program Files\WindowsPowerShell\Modules\xComputerManagement\DscResources\MSFT_xComputer returned results in a format that is not valid.
The results from running Test-TargetResource must be the boolean value True or False.
+ CategoryInfo : InvalidResult: (:) [], CimException
+ FullyQualifiedErrorId : TestTargetResourceInvalidResultFormat
+ PSComputerName : localhost

VERBOSE: [AMITSARA-PC2]: LCM: [ End Set ]
The SendConfigurationApply function did not succeed.
+ CategoryInfo : NotImplemented: (root/Microsoft/...gurationManager:String) [], CimException
+ FullyQualifiedErrorId : MI RESULT 7
+ PSComputerName : localhost

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 0.388 seconds

There is a set of standard .vscode style settings that should be used. Add them in.

xComputer Resource should not require the computer name to join a domain

Most of the examples don't meet style guidelines. The locations also need to be moved to more easily support auto-documentation layout.

Each module needs to be converted to HQRM standards:

• MSFT_xComputer
• MSFT_xOfflineDomainJoin
• MSFT_xPowerPlan
• MSFT_xScheduledTask
• MSFT_xVirtualMemory

Noticed that when I change my system name using this module, but make no other changes, that I get a fatal error during Test-TargetResource phase.

VERBOSE: [FOXDC]: LCM: [ End Test ] [[xComputer]NewNameAndWorkgroup] in 0.0160 seconds.
The PowerShell DSC resource C:\Program Files\WindowsPowerShell\Modules\xComputerManagement\DscResources\MSFT_xComputer returned results in a format that is not valid. The results
from running Test-TargetResource must be the boolean value True or False.
+ CategoryInfo : InvalidResult: (:) [], CimException
+ FullyQualifiedErrorId : TestTargetResourceInvalidResultFormat
+ PSComputerName : localhost

Should xOfflineDomainJoin NOT apply if a system is already domain joined? I can write up a bug report depending on whether this is expected behavior. I've provided a scenario below if helps.

Scenario:

1. Node A has an offline domain join blob at c:\ad.blob.txt
2. Node A pulls configuration from pull server 1
3. Node A applies multiple configurations blocks including an xOfflineDomainJoin block as such:

        xOfflineDomainJoin ODJ
        {
          IsSingleInstance = 'Yes'
          RequestFile      = 'C:\a.blob.txt'
        }

4. Node A is successfully domain joined and rebooted and continues it's other configuration blocks.
5. After reboot, configuration resumes and a different block in the configuration fails* NOT the djoin block. (for instance a step that was relying on a service to be started and it wasn't)
6. Being that this is a pull configuration, the LCM attempts to retry the entire MOF configuration.

What I'm noticing here is that the xOfflineDomainJoin block is run AGAIN rather than recognizing that the system is already djoined---and fails of course because the system is already domain join.

Just to reiterate, should xOfflineDomainJoin NOT apply if system is already domain joined? If that's the case I'll test more thoroughly and submit an official bug.

Output below from failure (I added some extra verbose messages to be sure what was causing it.)
MSFT_xComputer.psm1#L268 throws saying Exception calling "GetComputerDomain" with "0" argument(s): "The user name or password is incorrect."

L268 is currently return ([System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain()).Name

VERBOSE: [SPFARM-SQL]: LCM:  [ Start  Resource ]  [[xComputer]DomainJoin]
VERBOSE: [SPFARM-SQL]: LCM:  [ Start  Test     ]  [[xComputer]DomainJoin]
VERBOSE: [SPFARM-SQL]:                            [[xComputer]DomainJoin] Validate desired Name is a valid name
VERBOSE: [SPFARM-SQL]:                            [[xComputer]DomainJoin] Checking if computer name is SPFARM-SQL
VERBOSE: [SPFARM-SQL]:                            [[xComputer]DomainJoin] Checking if the machine is a member of
contoso.local.
VERBOSE: [SPFARM-SQL]:                            [[xComputer]DomainJoin] Exception calling "GetComputerDomain" with
"0" argument(s): "The user name or password is incorrect.
"
VERBOSE: [SPFARM-SQL]:                            [[xComputer]DomainJoin] This machine is not a domain member.
VERBOSE: [SPFARM-SQL]:                            [[xComputer]DomainJoin] The machine is not a domain member.
VERBOSE: [SPFARM-SQL]: LCM:  [ End    Test     ]  [[xComputer]DomainJoin]  in 0.0460 seconds.
VERBOSE: [SPFARM-SQL]: LCM:  [ Start  Set      ]  [[xComputer]DomainJoin]
VERBOSE: [SPFARM-SQL]:                            [[xComputer]DomainJoin] Exception calling "GetComputerDomain" with
"0" argument(s): "The user name or password is incorrect.
"
VERBOSE: [SPFARM-SQL]:                            [[xComputer]DomainJoin] This machine is not a domain member.
VERBOSE: [SPFARM-SQL]:                            [[xComputer]DomainJoin] Added computer to domain 'contoso.local.
Cannot add computer 'spfarm-sql' to domain 'contoso.local' because it is already in that domain.
    + CategoryInfo          : InvalidOperation: (spfarm-sql:) [], CimException
    + FullyQualifiedErrorId : AddComputerToSameDomain,Microsoft.PowerShell.Commands.AddComputerCommand
    + PSComputerName        : localhost

VERBOSE: [SPFARM-SQL]: LCM:  [ End    Set      ]  [[xComputer]DomainJoin]  in 0.4220 seconds.
The PowerShell DSC resource MSFT_xComputer threw one or more non-terminating errors while running the
Set-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational.
Refer to this channel for more details.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : localhost

VERBOSE: [SPFARM-SQL]:                            [] Consistency check completed.
The SendConfigurationApply function did not succeed. LCM failed to start desired state configuration manually.
    + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 1
    + PSComputerName        : localhost

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 8.012 seconds
PS C:\Users\localadmin> Update-DscConfiguration -Wait -Verbose
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' =

xComputerManagement does not meet HQRM requirements. This issue is here for discussions and PRs related to the readiness of xComputerManagement gaining HQRM status.

Sometimes a configuration performs several changes that require a reboot, but not immediately (changing computer name being one of them)

It would be useful for xComputer to be able to raise one of the flags checked by the xPendingReboot instead of simply setting $global:DSCMachineStatus, in order to enable configuration to control when a reboot occurs.

On non-english Windows, power plans names are localized. Using power plan's GUID instead would make it work as they all seem to be the same across all Windows platforms for standard plans.

Computer names longer than 15 chars will have their name truncated upon rename. After this, test-targetResource will continually return false, and set-targetResource will continually throw an exception. It would be nice to add a name length check before performing the rename.

MSFT_xPowerPlan support for Nano server is currently missing.
There is already a module available that does this and it could easily be merged
https://github.com/J0F3/cPowerPlan

If nobody else is working on it i will properly take a look at how it could be done.

It would be beneficial if the module would contain a resource to manage the virtual memory settings.

The following modules need to have their strings moved to localization files:

• xComputer
• xScheduledTask
• xVirtualMemory
• CommonResourceHelper

test-targetresource was passing but this is happening:

PS C:\Users\localadmin> nltest /sc_verify:contoso
Flags: 80
Trusted DC Name
Trusted DC Connection Status Status = 1787 0x6fb ERROR_NO_TRUST_SAM_ACCOUNT
Trust Verification Status = 1787 0x6fb ERROR_NO_TRUST_SAM_ACCOUNT
The command completed successfully

I think it is a good idea to bring this Module inline with the standards before I add the new ODJ resource (Issue #23).

I'll make this change.

This module should be converted to use the Auto-documentation style used by SharePointDsc, xNetworking, xStorage etc.

This enables the documentation and Wiki to be generated automatically from the MOF files, reducing the amount of work that needs to be done to keep the module up-to-date.

Resource fails with fatal error if the computer already is in the domain.
The test should pick this up, which now it doesn't and hence throws a fatal exception when attempting to join the domain again.

Error:
Cannot add computer 'x' to domain 'y' because it is already in that domain.
+ CategoryInfo : InvalidOperation: (x:) [], CimException
+ FullyQualifiedErrorId : AddComputerToSameDomain,Microsoft.PowerShell.Commands.AddComputerCommand
+ PSComputerName : localhost

See PowerShell/DscResources#298

To bring this module up to HQRM standards it needs to reach 70% unit test code coverage.

It would be nice to be able to enable or disable an exiting scheduled task. Currently the schema does not expose an 'Enabled' property.

I used this script to turn off Smart Screen filter. I suggest we make this into a resource, or add this as a parameter to an existing resource.
I do not know if this module is the correct one for this. If not, let me know and I will submit this in the correct module.

SmartScreen Filter: FAQ

If there is a better way to accomplish this, then please let me know. 😄

        Script (New-ResourceName -Name 'EnableSmartScreenFilter')
        {
            SetScript = {
                <#
                    'Off' equals off.
                    'Prompt' equals 'Warn before running an unrecognized app, but don't require administrator approval'.
                    'RequireAdmin' equals 'Get administrator approval before running an unrecognizd app from the Internet (recommended)'
                #>
                Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer -Name SmartScreenEnabled -ErrorAction Stop -Value 'RequireAdmin' -Force
            }

            TestScript = {
                $smartFilterStatus = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer' -Name SmartScreenEnabled -ErrorAction SilentlyContinue).SmartScreenEnabled

                return ($smartFilterStatus -eq 'RequireAdmin')
            }

            GetScript = {
                $smartFilterStatus = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer' -Name SmartScreenEnabled -ErrorAction SilentlyContinue).SmartScreenEnabled
                
                return @{
                    SmartFilterStatus = $smartFilterStatus
                }
            }
        }

Add the files:

• .github/CONTRIBUTING.md
• .github/ISSUE_TEMPLATE.md
• .github/PULL_REQUEST_TEMPLATE.md
  To this repo to improve the amount of information being collected when issues are raised and to provide a checklist for reviewers/contributors when PR's are raised.

We should use the ones from xFailOverCluster.

It would be nice, if i can set the computer description in the module xComputer.

Looking through the xScheduledTask DSC resource and I'm noticing that there is no time triggers based upon "monthly", "yearly" or "one time". Can we get this added as a potential enhancement? The ScheduledTasks PowerShell module supports these I believe.

This came about as a need to run some tasks for OS image generation that happen every 2nd Tuesday of the month.

Thank you for creating the Scheduled Task resource. It would be nice if it could support the Triggers 'At log on' and 'At startup'.

The SystemLocale resource currently resides inside of it's own module (SystemLocaleDSC).
I believe it makes more sense inside of xComputerManagement\xComputer resource as an optional parameter.

Let me know what you guys think. I've already submitted a PR (#49)

Liam