Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Any cmdlet or resource using ConvertTo-DSCObject may not provide intended results #3980

Closed
ricmestre opened this issue Nov 30, 2023 · 11 comments
Assignees
Labels
Bug Something isn't working Core Engine DSCParser Issues related to DSCParser

Comments

@ricmestre
Copy link
Contributor

Description of the issue

ConvertTo-DSCObject seems to be tripping on some kind of resources, I've seen so far at least on IntuneDeviceConfigurationKioskPolicyWindows10 and IntuneSettingCatalogCustomPolicyWindows10, and I already reported this on microsoft/DSCParser#34 several months ago.

The issue here is not only do I need to invoke it from our own internal solution (it's critical that this works 100%), it's also being invoked within M365DSC itself on resource M365DSCRuleEvaluation and cmdlets Get-M365DSCConfigurationConflict, Assert-M365DSCBlueprint and Initialize-M365DSCReporting so if any of these use the affected resources with the conditions found in the attached blueprint then ConvertTo-DSCObject will not be able to convert the blueprint objects to powershell objects correctly.

At first glance it looks like it doesn't understand when within a complex object right afterwards there's one of its subproperties that itself is another complex object so it seems to be missing some recursive calling in DSCParser module.

Microsoft 365 DSC Version

1.23.1122.1

Which workloads are affected

other

The DSC configuration

IntuneDeviceConfigurationKioskPolicyWindows10 "IntuneDeviceConfigurationKioskPolicyWindows10-IntuneDeviceConfigurationKioskPolicyWindows10_1"
        {
            Assignments                         = @(
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    dataType = '#microsoft.graph.groupAssignmentTarget'
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    groupId = 'b0b8fd3f-af2a-453b-be57-80182d599f02'
                }
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    dataType = '#microsoft.graph.exclusionGroupAssignmentTarget'
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    groupId = '053dc89a-be83-411a-bad3-909904b7239e'
                }
            );
            Credential                          = $Credscredential;
            DisplayName                         = "IntuneDeviceConfigurationKioskPolicyWindows10_1";
            EdgeKioskEnablePublicBrowsing       = $False;
            Ensure                              = "Present";
            Id                                  = "7fea73fd-20d3-439a-9fa4-73955e082dc5";
            KioskBrowserDefaultUrl              = "http://bing.com";
            KioskBrowserEnableEndSessionButton  = $False;
            KioskBrowserEnableHomeButton        = $True;
            KioskBrowserEnableNavigationButtons = $False;
            KioskProfiles                       = @(
                MSFT_MicrosoftGraphwindowsKioskProfile{
                    AppConfiguration = MSFT_MicrosoftGraphWindowsKioskAppConfiguration{
                        odataType = '#microsoft.graph.windowsKioskSingleWin32App'
                        Win32App = MSFT_MicrosoftGraphWindowsKioskWin32App{
                            AppType = 'unknown'
                            AutoLaunch = $False
                            ClassicAppPath = 'msedge.exe'
                            EdgeKiosk = 'https://domain.com'
                            EdgeKioskType = 'publicBrowsing'
                            EdgeNoFirstRun = $True
                            StartLayoutTileSize = 'hidden'
                        }
                    }
                    ProfileId = '17f9e980-3435-4bd5-a7a1-ca3c06d0bf2c'
                    ProfileName = 'profile'
                    UserAccountsConfiguration = @(
                        MSFT_MicrosoftGraphWindowsKioskUser{
                            odataType = '#microsoft.graph.windowsKioskAutologon'
                        }
                    )
                }
            );
            WindowsKioskForceUpdateSchedule     = MSFT_MicrosoftGraphwindowsKioskForceUpdateSchedule{
                RunImmediatelyIfAfterStartDateTime = $False
                StartDateTime = '2023-04-15T23:00:00.0000000+00:00'
                DayofMonth = 1
                Recurrence = 'daily'
                DayofWeek = 'sunday'
            };
        }
        IntuneSettingCatalogCustomPolicyWindows10 "IntuneSettingCatalogCustomPolicyWindows10-TEST"
        {
            Assignments          = @();
            Credential           = $Credscredential;
            Description          = "Test";
            Ensure               = "Present";
            Id                   = "495a239d-4367-474f-86e8-225d9f6bbe11";
            Name                 = "Setting Catalogue- Block MS Edge Shortcuts";
            Platforms            = "windows10";
            Settings             = @(
                MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{
                    SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
                        choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
                            Value = 'device_vendor_msft_policy_config_updatev83diff~policy~cat_edgeupdate~cat_applications_pol_defaultcreatedesktopshortcut_0'
                        }
                        SettingDefinitionId = 'device_vendor_msft_policy_config_updatev83diff~policy~cat_edgeupdate~cat_applications_pol_defaultcreatedesktopshortcut'
                        odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
                    }
                }
            );
            Technologies         = "mdm";
        }

Verbose logs showing the problem

No response

Environment Information + PowerShell Version

OsName               : Microsoft Windows 11 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage           : en-US
OsMuiLanguages       : {en-US, pt-PT}

Name                           Value
----                           -----
PSVersion                      5.1.22621.2428
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.22621.2428
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
@andikrueger andikrueger added Bug Something isn't working Core Engine DSCParser Issues related to DSCParser labels Nov 30, 2023
@William-Francillette
Copy link
Contributor

William-Francillette commented Dec 8, 2023

That's the reason I've created those functions as the original were not able to manage complex objects

  • Get-M365DSCDRGComplexTypeToHashtable
  • Get-M365DSCDRGComplexTypeToString
  • Compare-M365DSCComplexObject
  • Convert-M365DSCDRGComplexTypeToHashtable

@andikrueger
Copy link
Collaborator

Is there any chance to port these functions to DSCParser or do they function entirely different?

@ricmestre
Copy link
Contributor Author

@William-Francillette They tackle different problems though, I require a cmdlet that can convert resources in a blueprint in a pure string format and that's what ConvertTo-DSCObject is for but it's just not working correctly, your cmdlets, which are literally required these days, on the other hand they take as input powershell objects instead of string am I wrong?

@William-Francillette
Copy link
Contributor

Get-M365DSCDRGComplexTypeToString will be able to convert cim objects to string

@ricmestre
Copy link
Contributor Author

I actually need the reverse :)

@William-Francillette
Copy link
Contributor

Oh my bad 😅 I misunderstood it
So no I haven't converted a string to complex

@andikrueger
Copy link
Collaborator

I already got the feeling, that the M365DSC native function would not work in DSCParser.

@NikCharlebois Could you have a look at this issue? Presumably, this might also break the M365DSCRuleEvaluation resource.

@NikCharlebois NikCharlebois self-assigned this Dec 12, 2023
@ricmestre
Copy link
Contributor Author

@NikCharlebois @andikrueger Did you have any luck with this?

I really need IntuneSettingCatalogCustomPolicyWindows10 to be working with ConvertTo-DSCObject since my application depends on it and right now I have it excluded from it.

@ricmestre
Copy link
Contributor Author

@ykuijs Awesome work on your fix microsoft/DSCParser#36! I've been testing ConvertTo-DSCObject for several hours and it works flawlessly for the resources that didn't work AND it still works for everything else so this issue can also be closed.

Thank you! Thank you! Thank you!

@jagatjb
Copy link

jagatjb commented Mar 8, 2024

Hi All, I suspect that the same issue is prevalent on Exchange Transport Rules. #4377 is the reference

@ricmestre
Copy link
Contributor Author

@jagatjb No, in this case you have a different issue than the one I reported here, as @andikrueger explained in the issue you've raised there's an escaping problem on a few properties.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug Something isn't working Core Engine DSCParser Issues related to DSCParser
Projects
None yet
Development

No branches or pull requests

5 participants