Microsoft365DSC icon indicating copy to clipboard operation
Microsoft365DSC copied to clipboard
verified publisher icon microsoft

AADGroup: identification of existing groups is not working properly

Open bartvermeersch opened this issue 1 year ago • 0 comments

Description of the issue

Since the last update (?) the detection of existing AADGroups (and other resources?) is not working correctly anymore resulting in the creation of duplicate AADGroups.

It seems that Get-TargetResource returns Ensure = Absent could this be the reason for this bug?

From logging: 2024-03-01T07:53:10.8344536Z Ensure=Absent

Microsoft 365 DSC Version

1.24.228.1

Which workloads are affected

Azure Active Directory

The DSC configuration

AADGroup "AADGroup_ServiceAccounts"
        {
            DisplayName        = "ServiceAccounts"
            Description        = "ServiceAccounts"
            MailNickName       = "ServiceAccounts"
            IsAssignableToRole = $false
            MailEnabled        = $false
            SecurityEnabled    = $true
            TenantId           = $TenantId
            ApplicationId      = $ApplicationId
            CertificateThumbprint = $Thumbprint
            Ensure             = "Present"
        }

Verbose logs showing the problem

2024-03-01T07:53:08.4590359Z VERBOSE: [domain-M365DSC]: LCM:  [ Start  Resource ]  
2024-03-01T07:53:08.4599176Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration]
2024-03-01T07:53:08.4601324Z VERBOSE: [domain-M365DSC]: LCM:  [ Start  Test     ]  
2024-03-01T07:53:08.4604996Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration]
2024-03-01T07:53:09.8106194Z VERBOSE: [domain-M365DSC]:                            
2024-03-01T07:53:09.8116101Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration] Testing configuration of AzureAD Groups
2024-03-01T07:53:09.8117681Z VERBOSE: [domain-M365DSC]:                            
2024-03-01T07:53:09.8123557Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration] Getting configuration of AzureAD Group
2024-03-01T07:53:09.8782731Z VERBOSE: [domain-M365DSC]:                            
2024-03-01T07:53:09.8789122Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration] Id was NOT specified
2024-03-01T07:53:10.8246296Z VERBOSE: [domain-M365DSC]:                            
2024-03-01T07:53:10.8252869Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration] Current Values: ApplicationId=***
2024-03-01T07:53:10.8257422Z 
2024-03-01T07:53:10.8262831Z AssignedToRole=()
2024-03-01T07:53:10.8267308Z 
2024-03-01T07:53:10.8271445Z CertificateThumbprint=***
2024-03-01T07:53:10.8276264Z 
2024-03-01T07:53:10.8283881Z Description=ServiceAccounts
2024-03-01T07:53:10.8319224Z 
2024-03-01T07:53:10.8324688Z DisplayName=ServiceAccounts
2024-03-01T07:53:10.8336132Z 
2024-03-01T07:53:10.8344536Z Ensure=Absent
2024-03-01T07:53:10.8352666Z 
2024-03-01T07:53:10.8358127Z IsAssignableToRole=False
2024-03-01T07:53:10.8379389Z 
2024-03-01T07:53:10.8383603Z MailEnabled=False
2024-03-01T07:53:10.8413672Z 
2024-03-01T07:53:10.8414712Z MailNickname=ServiceAccounts
2024-03-01T07:53:10.8416809Z 
2024-03-01T07:53:10.8417686Z MemberOf=()
2024-03-01T07:53:10.8419570Z 
2024-03-01T07:53:10.8419795Z Members=()
2024-03-01T07:53:10.8421091Z 
2024-03-01T07:53:10.8422652Z Owners=()
2024-03-01T07:53:10.8424297Z 
2024-03-01T07:53:10.8451718Z SecurityEnabled=True
2024-03-01T07:53:10.8494629Z 
2024-03-01T07:53:10.8525030Z TenantId=***
2024-03-01T07:53:10.8529346Z 
2024-03-01T07:53:10.8554341Z Verbose=True
2024-03-01T07:53:10.8554751Z VERBOSE: [domain-M365DSC]:                            
2024-03-01T07:53:10.8555454Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration] Target Values: ApplicationId=***
2024-03-01T07:53:10.8555811Z 
2024-03-01T07:53:10.8558152Z CertificateThumbprint=***
2024-03-01T07:53:10.8558601Z 
2024-03-01T07:53:10.8563600Z Description=ServiceAccounts
2024-03-01T07:53:10.8568179Z 
2024-03-01T07:53:10.8573327Z DisplayName=ServiceAccounts
2024-03-01T07:53:10.8577996Z 
2024-03-01T07:53:10.8583559Z Ensure=Present
2024-03-01T07:53:10.8587736Z 
2024-03-01T07:53:10.8621106Z IsAssignableToRole=False
2024-03-01T07:53:10.8622743Z 
2024-03-01T07:53:10.8624554Z MailEnabled=False
2024-03-01T07:53:10.8626514Z 
2024-03-01T07:53:10.8630944Z MailNickname=ServiceAccounts
2024-03-01T07:53:10.8631544Z 
2024-03-01T07:53:10.8634574Z SecurityEnabled=True
2024-03-01T07:53:10.8636372Z 
2024-03-01T07:53:10.8637626Z TenantId=***
2024-03-01T07:53:10.8637994Z 
2024-03-01T07:53:10.8638415Z Verbose=True
2024-03-01T07:53:10.8642615Z VERBOSE: [domain-M365DSC]:                            
2024-03-01T07:53:10.8671961Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration] Test-TargetResource returned False
2024-03-01T07:53:10.8680509Z VERBOSE: [domain-M365DSC]: LCM:  [ End    Test     ]  
2024-03-01T07:53:10.8686152Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration]  in 2.4140 seconds.
2024-03-01T07:53:10.8709227Z VERBOSE: [domain-M365DSC]: LCM:  [ Start  Set      ]  
2024-03-01T07:53:10.8710864Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration]
2024-03-01T07:53:10.8711409Z VERBOSE: [domain-M365DSC]:                            
2024-03-01T07:53:10.8712502Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration] Setting configuration of Azure AD 
2024-03-01T07:53:10.8712901Z Groups
2024-03-01T07:53:12.1799874Z VERBOSE: [domain-M365DSC]:                            
2024-03-01T07:53:12.1806410Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration] Getting configuration of AzureAD Group
2024-03-01T07:53:12.2814868Z VERBOSE: [domain-M365DSC]:                            
2024-03-01T07:53:12.2821129Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration] Id was NOT specified
2024-03-01T07:53:12.4134256Z VERBOSE: [domain-M365DSC]:                            
2024-03-01T07:53:12.4233433Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration] Getting all Service Plans
2024-03-01T07:53:12.4370891Z VERBOSE: [domain-M365DSC]:                            
2024-03-01T07:53:12.4381259Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration] Checking to see if an existing deleted 
2024-03-01T07:53:12.4382045Z group exists with DisplayName {ServiceAccounts}
2024-03-01T07:53:12.4870453Z VERBOSE: [domain-M365DSC]:                            
2024-03-01T07:53:12.4878614Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration] Creating new group {ServiceAccounts}
2024-03-01T07:53:12.4882632Z VERBOSE: [domain-M365DSC]:                            
2024-03-01T07:53:12.4921286Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration] Creating Group with Values: 
2024-03-01T07:53:12.4921904Z Description=ServiceAccounts
2024-03-01T07:53:12.4925004Z 
2024-03-01T07:53:12.4927472Z DisplayName=ServiceAccounts
2024-03-01T07:53:12.4930669Z 
2024-03-01T07:53:12.4934397Z IsAssignableToRole=False
2024-03-01T07:53:12.4936983Z 
2024-03-01T07:53:12.4941357Z MailEnabled=False
2024-03-01T07:53:12.4943982Z 
2024-03-01T07:53:12.4949726Z MailNickname=ServiceAccounts
2024-03-01T07:53:12.4949928Z 
2024-03-01T07:53:12.4952289Z SecurityEnabled=True
2024-03-01T07:53:12.4954009Z 
2024-03-01T07:53:12.4954620Z Verbose=True
2024-03-01T07:53:12.4961537Z VERBOSE: [domain-M365DSC]:                            
2024-03-01T07:53:12.4967824Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration] Performing the operation 
2024-03-01T07:53:12.4973967Z "New-MgGroup_CreateExpanded" on target "Call remote 'POST /groups' operation".
2024-03-01T07:53:12.6971741Z VERBOSE: [domain-M365DSC]:                            
2024-03-01T07:53:12.6981218Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration] Created Group 
2024-03-01T07:53:12.6984900Z a2b23b76-6fa2-4ed8-ad6f-a4eea0d441f7
2024-03-01T07:53:12.7023899Z VERBOSE: [domain-M365DSC]:                            
2024-03-01T07:53:12.7024675Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration] Group {ServiceAccounts} exists and 
2024-03-01T07:53:12.7024986Z it should.
2024-03-01T07:53:12.7025359Z VERBOSE: [domain-M365DSC]:                            
2024-03-01T07:53:12.7025904Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration] Updating settings by ID for group 
2024-03-01T07:53:12.7026312Z {ServiceAccounts}
2024-03-01T07:53:12.7026669Z VERBOSE: [domain-M365DSC]:                            
2024-03-01T07:53:12.7027240Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration] Cannot set IsAssignableToRole once 
2024-03-01T07:53:12.7027551Z group is created.
2024-03-01T07:53:12.7214556Z VERBOSE: [domain-M365DSC]:                            
2024-03-01T07:53:12.7215262Z [[AADGroup]AADGroup_ServiceAccounts::[EntraGroups]EntraGroups_Configuration] Performing the operation 
2024-03-01T07:53:12.7215853Z "Update-MgGroup_UpdateExpanded" on target "Call remote 'PATCH /groups/{group-id}' operation".
2024-03-01T07:53:12.8032735Z VERBOSE: [domain-M365DSC]: LCM:  [ End    Set      ]

Environment Information + PowerShell Version

No response

bartvermeersch avatar Mar 01 '24 08:03 bartvermeersch