Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IntuneRoleDefinition: Can be deployed, updated and deleted, but upon deletion Test-TargetResource returns $false #3897

Closed
ricmestre opened this issue Nov 14, 2023 · 2 comments · Fixed by #4257
Closed

IntuneRoleDefinition: Can be deployed, updated and deleted, but upon deletion Test-TargetResource returns $false #3897

ricmestre opened this issue Nov 14, 2023 · 2 comments · Fixed by #4257
Labels
Bug Something isn't working Intune

Comments

@ricmestre
Copy link
Contributor

Description of the issue

Resource IntuneRoleDefinition can be deployed, updated, and deleted, but upon deletion Test-TargetResource returns $false which means it stays in not desired state even though the resource was actually correctly deleted.

PS C:\temp\dsc\IntuneRoleDefinition> Start-DscConfiguration -Wait -Verbose -Force -Path .

VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' =
root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer REDACTED with user sid REDACTED.
VERBOSE: [REDACTED]: LCM:  [ Start  Set      ]
VERBOSE: [REDACTED]: LCM:  [ Start  Resource ]  [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1]
VERBOSE: [REDACTED]: LCM:  [ Start  Test     ]  [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1]
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Testing the Intune Role Definition {IntuneRoleDefinition_1}
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Checking for the Intune Role Definition {IntuneRoleDefinition_1}
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Nothing with id {ced63c02-d670-4b3f-baa9-fc36899ca180} was found
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Nothing with displayname {IntuneRoleDefinition_1} was found
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Current Values: DisplayName=IntuneRoleDefinition_1
Ensure=Absent
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Target Values:
allowedResourceActions=(Microsoft.Intune_Organization_Read,Microsoft.Intune_MobileApps_Create,Microsoft.Intune_MobileApps_Read,Microsoft.Intune_MobileApps_Update,Microsoft.Intune_MobileApps_Delete,Microsoft.Int
une_MobileApps_Assign,Microsoft.Intune_MobileApps_Relate,Microsoft.Intune_ManagedDevices_Read,Microsoft.Intune_ManagedApps_Create,Microsoft.Intune_ManagedApps_Read,Microsoft.Intune_ManagedApps_Update,Microsoft.
Intune_ManagedApps_Delete,Microsoft.Intune_ManagedApps_Assign,Microsoft.Intune_ManagedApps_Wipe,Microsoft.Intune_AndroidSync_Read,Microsoft.Intune_AndroidSync_UpdateApps,Microsoft.Intune_DeviceConfigurations_Re
ad,Microsoft.Intune_PolicySets_Assign,Microsoft.Intune_PolicySets_Create,Microsoft.Intune_PolicySets_Delete,Microsoft.Intune_PolicySets_Read,Microsoft.Intune_PolicySets_Update,Microsoft.Intune_AssignmentFilter_
Create,Microsoft.Intune_AssignmentFilter_Delete,Microsoft.Intune_AssignmentFilter_Read,Microsoft.Intune_AssignmentFilter_Update,Microsoft.Intune_MicrosoftDefenderATP_Read,Microsoft.Intune_MicrosoftStoreForBusin
ess_Read,Microsoft.Intune_WindowsEnterpriseCertificate_Read,Microsoft.Intune_PartnerDeviceManagement_Read,Microsoft.Intune_MobileThreatDefense_Read,Microsoft.Intune_CertificateConnector_Read,Microsoft.Intune_De
rivedCredentials_Read,Microsoft.Intune_Customization_Read,Microsoft.Intune_CloudAttach_ResourceExplorer,Microsoft.Intune_CloudAttach_ClientDetails,Microsoft.Intune_CloudAttach_Timeline,Microsoft.Intune_CloudAtt
ach_Collections,Microsoft.Intune_CloudAttach_Applications,Microsoft.Intune_CloudAttach_ApplicationActions,Microsoft.Intune_CloudAttach_SoftwareUpdates)
Description=This is a test!!!
DisplayName=IntuneRoleDefinition_1
IsBuiltIn=False
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Test-TargetResource returned False
VERBOSE: [REDACTED]: LCM:  [ End    Test     ]  [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1]  in 15.6800 seconds.
VERBOSE: [REDACTED]: LCM:  [ Start  Set      ]  [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1]
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Setting the Intune Role Definition {IntuneRoleDefinition_1}
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Checking for the Intune Role Definition {IntuneRoleDefinition_1}
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Nothing with id {ced63c02-d670-4b3f-baa9-fc36899ca180} was found
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Nothing with displayname {IntuneRoleDefinition_1} was found
VERBOSE: [REDACTED]: LCM:  [ End    Set      ]  [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1]  in 0.9350 seconds.
VERBOSE: [REDACTED]: LCM:  [ End    Resource ]  [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1]
VERBOSE: [REDACTED]: LCM:  [ End    Set      ]
VERBOSE: [REDACTED]: LCM:  [ End    Set      ]    in  17.0580 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 17.154 seconds

Test after deletion:

PS C:\temp\dsc\IntuneRoleDefinition> Test-DscConfiguration -ReferenceConfiguration .\localhost.mof -Verbose

VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' =
root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer REDACTED with user sid REDACTED.
VERBOSE: [REDACTED]: LCM:  [ Start  Set      ]
VERBOSE: [REDACTED]: LCM:  [ Start  Resource ]  [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1]
VERBOSE: [REDACTED]: LCM:  [ Start  Test     ]  [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1]
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Testing the Intune Role Definition {IntuneRoleDefinition_1}
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Checking for the Intune Role Definition {IntuneRoleDefinition_1}
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Nothing with id {ced63c02-d670-4b3f-baa9-fc36899ca180} was found
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Nothing with displayname {IntuneRoleDefinition_1} was found
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Current Values: DisplayName=IntuneRoleDefinition_1
Ensure=Absent
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Target Values:
allowedResourceActions=(Microsoft.Intune_Organization_Read,Microsoft.Intune_MobileApps_Create,Microsoft.Intune_MobileApps_Read,Microsoft.Intune_MobileApps_Update,Microsoft.Intune_MobileApps_Delete,Microsoft.Int
une_MobileApps_Assign,Microsoft.Intune_MobileApps_Relate,Microsoft.Intune_ManagedDevices_Read,Microsoft.Intune_ManagedApps_Create,Microsoft.Intune_ManagedApps_Read,Microsoft.Intune_ManagedApps_Update,Microsoft.
Intune_ManagedApps_Delete,Microsoft.Intune_ManagedApps_Assign,Microsoft.Intune_ManagedApps_Wipe,Microsoft.Intune_AndroidSync_Read,Microsoft.Intune_AndroidSync_UpdateApps,Microsoft.Intune_DeviceConfigurations_Re
ad,Microsoft.Intune_PolicySets_Assign,Microsoft.Intune_PolicySets_Create,Microsoft.Intune_PolicySets_Delete,Microsoft.Intune_PolicySets_Read,Microsoft.Intune_PolicySets_Update,Microsoft.Intune_AssignmentFilter_
Create,Microsoft.Intune_AssignmentFilter_Delete,Microsoft.Intune_AssignmentFilter_Read,Microsoft.Intune_AssignmentFilter_Update,Microsoft.Intune_MicrosoftDefenderATP_Read,Microsoft.Intune_MicrosoftStoreForBusin
ess_Read,Microsoft.Intune_WindowsEnterpriseCertificate_Read,Microsoft.Intune_PartnerDeviceManagement_Read,Microsoft.Intune_MobileThreatDefense_Read,Microsoft.Intune_CertificateConnector_Read,Microsoft.Intune_De
rivedCredentials_Read,Microsoft.Intune_Customization_Read,Microsoft.Intune_CloudAttach_ResourceExplorer,Microsoft.Intune_CloudAttach_ClientDetails,Microsoft.Intune_CloudAttach_Timeline,Microsoft.Intune_CloudAtt
ach_Collections,Microsoft.Intune_CloudAttach_Applications,Microsoft.Intune_CloudAttach_ApplicationActions,Microsoft.Intune_CloudAttach_SoftwareUpdates)
Description=This is a test!!!
DisplayName=IntuneRoleDefinition_1
IsBuiltIn=False
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Test-TargetResource returned False
VERBOSE: [REDACTED]: LCM:  [ End    Test     ]  [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1]  in 15.6800 seconds.
VERBOSE: [REDACTED]: LCM:  [ Start  Set      ]  [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1]
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Setting the Intune Role Definition {IntuneRoleDefinition_1}
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Checking for the Intune Role Definition {IntuneRoleDefinition_1}
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Nothing with id {ced63c02-d670-4b3f-baa9-fc36899ca180} was found
VERBOSE: [REDACTED]:                            [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1] Nothing with displayname {IntuneRoleDefinition_1} was found
VERBOSE: [REDACTED]: LCM:  [ End    Set      ]  [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1]  in 0.9350 seconds.
VERBOSE: [REDACTED]: LCM:  [ End    Resource ]  [[IntuneRoleDefinition]IntuneRoleDefinition-IntuneRoleDefinition_1]
VERBOSE: [REDACTED]: LCM:  [ End    Set      ]
VERBOSE: [REDACTED]: LCM:  [ End    Set      ]    in  17.0580 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 17.154 seconds

PSComputerName  ResourcesInDesiredState        ResourcesNotInDesiredState     InDesiredState
--------------  -----------------------        --------------------------     --------------
localhost                                      {[IntuneRoleDefinition]Intu... False

Microsoft 365 DSC Version

1.23.1108.1

Which workloads are affected

other

The DSC configuration

Configuration IntuneRoleDefinition
{
    $IntuneApplicationId = "REDACTED"
    $IntuneCertThumbprint = "REDACTED"
    $OrganizationName = "REDACTED.onmicrosoft.com"

    Import-DscResource -ModuleName 'Microsoft365DSC'

    Node localhost
    {
        IntuneRoleDefinition "IntuneRoleDefinition-IntuneRoleDefinition_1"
        {
            allowedResourceActions = @("Microsoft.Intune_Organization_Read","Microsoft.Intune_MobileApps_Create","Microsoft.Intune_MobileApps_Read","Microsoft.Intune_MobileApps_Update","Microsoft.Intune_MobileApps_Delete","Microsoft.Intune_MobileApps_Assign","Microsoft.Intune_MobileApps_Relate","Microsoft.Intune_ManagedDevices_Read","Microsoft.Intune_ManagedApps_Create","Microsoft.Intune_ManagedApps_Read","Microsoft.Intune_ManagedApps_Update","Microsoft.Intune_ManagedApps_Delete","Microsoft.Intune_ManagedApps_Assign","Microsoft.Intune_ManagedApps_Wipe","Microsoft.Intune_AndroidSync_Read","Microsoft.Intune_AndroidSync_UpdateApps","Microsoft.Intune_DeviceConfigurations_Read","Microsoft.Intune_PolicySets_Assign","Microsoft.Intune_PolicySets_Create","Microsoft.Intune_PolicySets_Delete","Microsoft.Intune_PolicySets_Read","Microsoft.Intune_PolicySets_Update","Microsoft.Intune_AssignmentFilter_Create","Microsoft.Intune_AssignmentFilter_Delete","Microsoft.Intune_AssignmentFilter_Read","Microsoft.Intune_AssignmentFilter_Update","Microsoft.Intune_MicrosoftDefenderATP_Read","Microsoft.Intune_MicrosoftStoreForBusiness_Read","Microsoft.Intune_WindowsEnterpriseCertificate_Read","Microsoft.Intune_PartnerDeviceManagement_Read","Microsoft.Intune_MobileThreatDefense_Read","Microsoft.Intune_CertificateConnector_Read","Microsoft.Intune_DerivedCredentials_Read","Microsoft.Intune_Customization_Read","Microsoft.Intune_CloudAttach_ResourceExplorer","Microsoft.Intune_CloudAttach_ClientDetails","Microsoft.Intune_CloudAttach_Timeline","Microsoft.Intune_CloudAttach_Collections","Microsoft.Intune_CloudAttach_Applications","Microsoft.Intune_CloudAttach_ApplicationActions","Microsoft.Intune_CloudAttach_SoftwareUpdates");
            ApplicationId          = $IntuneApplicationId;
            CertificateThumbprint  = $IntuneCertThumbprint;
            Description            = "This is a test.";
            DisplayName            = "IntuneRoleDefinition_1";
            Ensure                 = "Present";
            Id                     = "ced63c02-d670-4b3f-baa9-fc36899ca180";
            IsBuiltIn              = $False;
            TenantId               = $OrganizationName;
        }
    }
}

Verbose logs showing the problem

See description

Environment Information + PowerShell Version

OsName               : Microsoft Windows 11 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage           : en-US
OsMuiLanguages       : {en-US, pt-PT}

Name                           Value
----                           -----
PSVersion                      5.1.22621.1778
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.22621.1778
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
@andikrueger andikrueger added Bug Something isn't working Intune labels Nov 15, 2023
@andikrueger
Copy link
Collaborator

Just to get it right: By Deletion you mean Ensure ="Absent" ?

@ricmestre
Copy link
Contributor Author

Yes, I should have been more specific.

@ricmestre ricmestre mentioned this issue Jan 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working Intune
Projects
None yet
Milestone
No milestone
2 participants
@andikrueger @ricmestre