I am trying to use PowerShell DSC to add a domain group to the local administrators group. Here is the code:
Configuration TestSetup {
Node localhost {
Group Administrators {
GroupName = "Administrators"
MembersToInclude = "MYDOMAIN\TheAdministratorsGroup"
}
}
}
This is resulting in the following error when I run it:
PowerShell provider MSFT_GroupResource failed to execute Test-TargetResource functionality with error message: Could not find a principal with the provided name [mydomain\theadministratorsgroup]
+ CategoryInfo : InvalidOperation: (:) [], CimException
+ FullyQualifiedErrorId : ProviderOperationExecutionFailure
+ PSComputerName : localhost
The principal does exist and I can add it manually through the GUI and using net localgroup
.
I know that DSC configurations get executed under the SYSTEM
account so I thought it might be a permissions issue with the SYSTEM
account wanting to query Active Directory. However I've run a cmd as the SYSTEM
account using PsExec and I was able to add a domain group to the local administrators group without any trouble.