Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AADAdministrativeUnit: ScopedRoleMembers parameter Get-TargetResource returns 'Could not infer CimType from the provided .NET object.' #2775

Closed
Borgquite opened this issue Jan 12, 2023 · 2 comments · Fixed by #2794 or #2986
Closed

AADAdministrativeUnit: ScopedRoleMembers parameter Get-TargetResource returns 'Could not infer CimType from the provided .NET object.' #2775

Borgquite opened this issue Jan 12, 2023 · 2 comments · Fixed by #2794 or #2986
Labels
Bug Something isn't working Entra ID V1.23.111.1 Version 1.23.111.1

Comments

@Borgquite
Copy link
Contributor

Details of the scenario you tried and the problem that is occurring

Trying to run Get-DscConfiguration against an AADAdministrativeUnit which has Scoped Role Members defined results in errors.

  • Create an AU via the Azure AD interface called 'TestUnit'
  • Under 'Roles and administrators', assign an Administrative Role to the AU
  • Run Get-DscConfiguration -Verbose against this configuration

The Get-DscConfiguration process will fail with an error (see below). There are more detailed errors in the 'Desired State Configuration' 'Operational' event log - the underlying error appears to be HResult -2147024809 'Could not infer CimType from the provided .NET object.'

Appears to be something wrong with the ScopedRoleMembers for AADAdministrativeUnit? If you remove the Administrative Role assigned to the AU, then run Get-DscConfiguration, it works fine.

Verbose logs showing the problem

PS C:\Users\user.name\Documents> Get-DscConfiguration -verbose
VERBOSE: An LCM method call arrived from computer COMPUTERNAME with user sid REDACTED.
VERBOSE: [COMPUTERNAME]: LCM: [ Start Get ]
VERBOSE: [COMPUTERNAME]: [[AADUser]TestUser] Getting configuration of Office 365 User [email protected]
VERBOSE: [COMPUTERNAME]: [[AADUser]TestUser] Getting Office 365 User [email protected]
VERBOSE: [COMPUTERNAME]: [[AADUser]TestUser] Found User [email protected]
VERBOSE: [COMPUTERNAME]: LCM: [ End Get ] [[AADUser]TestUser] in 3.4290 seconds.
VERBOSE: [COMPUTERNAME]: [[AADAdministrativeUnit]TestUnit] Found AU with id {REDACTED}, DisplayName {Test-Unit}
VERBOSE: [COMPUTERNAME]: [[AADAdministrativeUnit]TestUnit] GET https://graph.microsoft.com/v1.0/directoryObjects/REDACTED
with 0-byte payload
VERBOSE: [COMPUTERNAME]: [[AADAdministrativeUnit]TestUnit] received 389-byte response of content type application/json
Get-DscConfiguration : GetConfiguration did not succeed.
At line:1 char:1

  • Get-DscConfiguration -verbose
  •   + CategoryInfo          : NotSpecified: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Get-DscConfiguration], CimException                             
  + FullyQualifiedErrorId : MI RESULT 1,Get-DscConfiguration

Log Name: Microsoft-Windows-DSC/Operational
Source: Microsoft-Windows-DSC
Date: 12/01/2023 16:12:05
Event ID: 4250
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: COMPUTERNAME
Description:
Job {D63FAE93-9293-11ED-877B-28DFEBB56E21} :
Message Could not infer CimType from the provided .NET object.
HResult -2147024809
StackTrack at Microsoft.Management.Infrastructure.CimConverter.GetCimTypeFromDotNetValueOrThrowAnException(Object dotNetValue)
at Microsoft.PowerShell.DesiredStateConfiguration.Internal.ResourceProviderAdapter.ConvertEmbeddedInstanceToCimInstanc(Object propertyValue, String classNameOfEmbeddedInstance)
at System.Linq.Enumerable.WhereSelectArrayIterator2.MoveNext() at System.Collections.Generic.List1..ctor(IEnumerable1 collection) at System.Linq.Enumerable.ToList[TSource](IEnumerable1 source)
at Microsoft.PowerShell.DesiredStateConfiguration.Internal.ResourceProviderAdapter.GetPropertyInstanceValue(CimType cimType, Object propertyValue, String classNameOfEmbeddedInstance)
at Microsoft.PowerShell.DesiredStateConfiguration.Internal.ResourceProviderAdapter.GetTargetResource(IntPtr resourceConfigurationInstanceHandle, IntPtr nonResourcePropetiesHandle, IntPtr metaConfigHandle, IntPtr regInstanceHandle, IStreamHandler plugInStreamsHandler, IntPtr& outputInstanceHandle, IntPtr& errorInstanceHandle)
at Microsoft.PowerShell.DesiredStateConfiguration.Internal.DscPluginManagedEntryWrapper.Get(IntPtr provContext, IntPtr instance, IntPtr nonResourcePropeties, IntPtr metaConfig, IntPtr regInstance, IntPtr outputInstance, IntPtr extendedError)

Log Name: Microsoft-Windows-DSC/Operational
Source: Microsoft-Windows-DSC
Date: 12/01/2023 16:12:05
Event ID: 4097
Task Category: Send configuration scenario for Local configuration manager
Level: Error
Keywords:
User: SYSTEM
Computer: COMPUTERNAME
Description:
Job {D63FAE93-9293-11ED-877B-28DFEBB56E21} :
This event indicates that failure happens when LCM is processing the configuration. Error Id is 0x1. Error Detail is The SendConfigurationApply function did not succeed.. Resource Id is [AADAdministrativeUnit]TestUnit and Source Info is C:\Users\user.name\Documents\MAFINT Azure AD Automation\DscConfigurations\Example.ps1::19::9::AADAdministrativeUnit. Error Message is NULL.

Log Name: Microsoft-Windows-DSC/Operational
Source: Microsoft-Windows-DSC
Date: 12/01/2023 16:12:05
Event ID: 4252
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: COMPUTERNAME
Description:
Job {D63FAE93-9293-11ED-877B-28DFEBB56E21} :
MIResult: 1
Error Message: GetConfiguration did not succeed.
Message ID: MI RESULT 1
Error Category: 0
Error Code: 1
Error Type: MI

Suggested solution to the issue

Fix ScopedRoleMembers attribute since something is broken there at present.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

$credsCredential = Get-Credential

Configuration Example
{
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        AADUser 'TestUser'
        {
            Credential = $credsCredential;
            UserPrincipalName = "[email protected]"
            FirstName = "Test"
            LastName = "User"
            DisplayName = "Test User"
            Ensure = "Present"
        }
        AADAdministrativeUnit 'TestUnit'
        {
            Credential = $credsCredential;
            DisplayName = "Test-Unit";
            Ensure = "Present";
            ScopedRoleMembers             = @(
                MSFT_MicrosoftGraphScopedRoleMembership
                {
                    RoleName = "User Administrator"
                    RoleMemberInfo = MSFT_MicrosoftGraphIdentity
                    {
                        Identity = "[email protected]"
                        Type = "User"
                    }
                }
            )
        }
    }
}

$cd = @{
    AllNodes = @(
        @{
            NodeName = 'localhost'
            PSDscAllowPlainTextPassword = $true
        }
    )
}

Example -ConfigurationData $cd

The operating system the target node is running

OsName : Microsoft Windows 11 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture : 64-bit
WindowsVersion : 2009
WindowsBuildLabEx : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage : en-GB
OsMuiLanguages : {en-GB, en-US}

Version of the DSC module that was used ('dev' if using current dev branch)

1.23.111.1
@Borgquite Borgquite mentioned this issue Jan 12, 2023
Closed
@andikrueger andikrueger added Bug Something isn't working Entra ID V1.23.111.1 Version 1.23.111.1 labels Jan 16, 2023
@salbeck-sit
Copy link
Contributor

I believe that #2786 adress the issues. Please have a look

@Borgquite Borgquite mentioned this issue Jan 17, 2023
Closed
@salbeck-sit salbeck-sit mentioned this issue Jan 17, 2023
Merged
@ykuijs ykuijs mentioned this issue Mar 9, 2023
Merged
@Borgquite
Copy link
Contributor Author

Now working fine :)

This was referenced Mar 18, 2024
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working Entra ID V1.23.111.1 Version 1.23.111.1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes issues discussed in #2786 salbeck-sit/Microsoft365DSC
Release 1.23.308.1
3 participants
@andikrueger @Borgquite @salbeck-sit