Jira (PUP-9604) Group resource (with auth_membership) fails if local Windows group contains not resolvable Domain accounts (possible regression)

[Halim Wijaya (JIRA)]

Halim Wijaya updated an issue

Puppet / PUP-9604 Group resource (with auth_membership) fails if local Windows group contains not resolvable Domain accounts (possible regression) Change By: Halim Wijaya Summary: Group resource (with auth_membership) fails if local Windows group contains not resolvable Domain accounts (possible regression ) Add Comment

This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)

[Halim Wijaya (JIRA)]

Halim Wijaya updated an issue

Puppet / PUP-9604 Group resource (with auth_membership) fails if local Windows group contains not resolvable Domain accounts (possible regression) Change By: Halim Wijaya

* Puppet Version: * This is spin-off ticket of PUP-7326. *Puppet Server Version:* * OS Name/Version Steps to reproduce :* # Setup Active Directory with Domain Functional level 2016 Describe your issue # Spin up a Win2012R2 machine and connect to AD # Create a test user (e.q. testadmin1) in as much detail as possible… Active Directory Describe steps # Add testadmin1 user to reproduce… local administrators group in Win2012R2 # Delete testadmin1 user in AD *Desired Behavior # Run {code : * java} *Actual Behavior puppet apply -e "group {'Administrators' : * members => ['Administrator'], auth_membership => true }"{code} Please take Or # Setup Active Directory with Domain Functional level 2012 R2 # Spin up a moment Win2016 machine and attach any relevant log output and/or manifests connect to AD # Create a test user (e . This will help us immensely when troubleshooting the issue q . testadmin1) in Active Directory # Add testadmin1 user to local administrators group in Win2016 Examples: # Delete testadmin1 user in AD # Run puppet agent with --test --trace --debug {code:java} Relevant sections of puppet apply -e "group { 'Administrators': members => ['Administrator'], auth_membership => true } { /var/log/puppetlabs/puppetserver/puppetserver.log code } } or any applicable logs from the same directory Puppet apply returns error below !Screen Shot 2019-04-03 at 11 . 44.28 AM.png! For more detailed information turn up Note the server logs by upping error occurs only on Windows client machine with condition its OS version is different with the log AD Domain Functional level in the server's logback . xml Relevant sections of configurations files (puppet E . conf, hiera q . conf, Server's conf Client OS Win2012R connected to AD Domain Functional level 2016 or Client OS Win2016 connected to AD Domain Functional level 2012R2 . d, defaults/sysconfig) For memory issues with server heap dumps are also helpful.

Add Comment

[Halim Wijaya (JIRA)]

Halim Wijaya updated an issue

Puppet / PUP-9604 Group resource (with auth_membership) fails if local Windows group contains not resolvable Domain accounts (possible regression)

Change By: Halim Wijaya Attachment: image-2019-04-05-10-41-13-985.png

Add Comment

[Halim Wijaya (JIRA)]

Halim Wijaya updated an issue

Puppet / PUP-9604 Group resource (with auth_membership) fails if local Windows group contains not resolvable Domain accounts (possible regression) Change By: Halim Wijaya

**This is spin-off ticket of PUP-7326. *Steps to reproduce:*

# Setup Active Directory with Domain Functional level 2016

# Spin up a Win2012R2 machine and connect to AD

# Create a test user (e.q. testadmin1) in Active Directory # Add testadmin1 user to local administrators group in Win2012R2

# Delete testadmin1 user in AD

# Run {code:java} puppet apply -e "group {'Administrators': members => ['Administrator'], auth_membership => true }"{code}

Or # Setup Active Directory with Domain Functional level 2012 R2

# Spin up a Win2016 machine and connect to AD # Create a test user (e.q. testadmin1) in Active Directory

# Add testadmin1 user to local administrators group in Win2016

# Delete testadmin1 user in AD # Run

{code:java} puppet apply -e "group {'Administrators': members => ['Administrator'], auth_membership => true }{code}

Puppet apply returns error below

! Screen Shot image- 2019-04- 03 at 11 05-10-41-13-985 . 44.28 AM. png! Note the error occurs only on Windows client machine with condition its OS version is different with the AD Domain Functional level. E.q. Client OS Win2012R connected to AD Domain Functional level 2016 or Client OS Win2016 connected to AD Domain Functional level 2012R2.

Add Comment

[Halim Wijaya (JIRA)]

Halim Wijaya updated an issue

Puppet / PUP-9604 Group resource (with auth_membership) fails if local Windows group contains not resolvable Domain accounts (possible regression) Change By: Halim Wijaya

**This is spin-off ticket of PUP-7326. *Steps to reproduce:* # Setup Active Directory with Domain Functional level 2016 # Spin up a Win2012R2 machine and connect to AD # Create a test user (e.q. testadmin1) in Active Directory # Add testadmin1 user to local administrators group in Win2012R2 # Delete testadmin1 user in AD # Run {code:java}puppet apply -e "group {'Administrators': members => ['Administrator'], auth_membership => true }"{code} Or # Setup Active Directory with Domain Functional level 2012 R2 # Spin up a Win2016 machine and connect to AD # Create a test user (e.q. testadmin1) in Active Directory # Add testadmin1 user to local administrators group in Win2016 # Delete testadmin1 user in AD # Run {code:java}puppet apply -e "group {'Administrators': members => ['Administrator'], auth_membership => true }{code} Puppet apply returns error below

!image- 2019-04-05-10-41- 13-985.png!

Note the error occurs only on Windows client machine with condition its OS version is different with the AD Domain Functional level. E.q. Client OS Win2012R connected to AD Domain Functional level 2016 or Client OS Win2016 connected to AD Domain Functional level 2012R2.

Add Comment

[Halim Wijaya (JIRA)]

Halim Wijaya updated an issue

Puppet / PUP-9604 Group resource (with auth_membership) fails if local Windows group contains not resolvable Domain accounts (possible regression) Change By: Halim Wijaya

**This is spin-off ticket of PUP-7326. *Steps to reproduce:* # Setup Active Directory with Domain Functional level 2016 # Spin up a Win2012R2 machine and connect to AD # Create a test user (e.q. testadmin1) in Active Directory # Add testadmin1 user to local administrators group in Win2012R2 # Delete testadmin1 user in AD # Run {code:java}puppet apply -e "group {'Administrators': members => ['Administrator'], auth_membership => true }"{code} Or # Setup Active Directory with Domain Functional level 2012 R2 # Spin up a Win2016 machine and connect to AD # Create a test user (e.q. testadmin1) in Active Directory # Add testadmin1 user to local administrators group in Win2016 # Delete testadmin1 user in AD # Run {code:java}puppet apply -e "group {'Administrators': members => ['Administrator'], auth_membership => true }{code} Puppet apply returns error below

!image- 2019-04-05-10-41- 13-985.png |thumbnail !

Note the error occurs only on Windows client machine with condition its OS version is different with the AD Domain Functional level. E.q. Client OS Win2012R connected to AD Domain Functional level 2016 or Client OS Win2016 connected to AD Domain Functional level 2012R2.

Add Comment

[Halim Wijaya (JIRA)]

Halim Wijaya updated an issue

Puppet / PUP-9604 Group resource (with auth_membership) fails if local Windows group contains not resolvable Domain accounts (possible regression)

Change By: Halim Wijaya CS Priority: Needs Priority

**This is spin-off ticket of PUP-7326. *Steps to reproduce:* # Setup Active Directory with Domain Functional level 2016 # Spin up a Win2012R2 machine and connect to AD # Create a test user (e.q. testadmin1) in Active Directory # Add testadmin1 user to local administrators group in Win2012R2 # Delete testadmin1 user in AD # Run {code:java}puppet apply -e "group {'Administrators': members => ['Administrator'], auth_membership => true }"{code} Or # Setup Active Directory with Domain Functional level 2012 R2 # Spin up a Win2016 machine and connect to AD # Create a test user (e.q. testadmin1) in Active Directory # Add testadmin1 user to local administrators group in Win2016 # Delete testadmin1 user in AD # Run {code:java}puppet apply -e "group {'Administrators': members => ['Administrator'], auth_membership => true }{code} Puppet apply returns error below !image- 2019-04-05-10-41- 13-985.png|thumbnail! Note the error occurs only on Windows client machine with condition its OS version is different with the AD Domain Functional level. E.q. Client OS Win2012R connected to AD Domain Functional level 2016 or Client OS Win2016 connected to AD Domain Functional level 2012R2.   Add Comment

[Halim Wijaya (JIRA)]

Halim Wijaya updated an issue

Puppet / PUP-9604 Group resource (with auth_membership) fails if local Windows group contains not resolvable Domain accounts (possible regression) Change By: Halim Wijaya

**This is spin-off ticket of PUP-7326. *Steps to reproduce:* # Setup Active Directory with Domain Functional level 2016 # Spin up a Win2012R2 machine and connect to AD # Create a test user (e.q. testadmin1) in Active Directory # Add testadmin1 user to local administrators group in Win2012R2 # Delete testadmin1 user in AD # Run {code:java}puppet apply -e "group {'Administrators': members => ['Administrator'], auth_membership => true }"{code} Or # Setup Active Directory with Domain Functional level 2012 R2 # Spin up a Win2016 machine and connect to AD # Create a test user (e.q. testadmin1) in Active Directory # Add testadmin1 user to local administrators group in Win2016 # Delete testadmin1 user in AD # Run {code:java}puppet apply -e "group {'Administrators': members => ['Administrator'], auth_membership => true }{code} Puppet apply returns error below !image- 2019-04-05-10-41- 13-985.png|thumbnail! Note the error occurs only on Windows client machine with condition its OS version is different with the AD Domain Functional level. E.q. Client OS Win2012R connected to AD Domain Functional level 2016 or Client OS Win2016 connected to AD Domain Functional level 2012R2.   Add Comment

[Halim Wijaya (JIRA)]

Halim Wijaya updated an issue

Puppet / PUP-9604 Group resource (with auth_membership) fails if local Windows group contains not resolvable Domain accounts (possible regression)

Change By: Halim Wijaya Priority: Normal Major

Add Comment

[Jorie Tappa (JIRA)]

Jorie Tappa updated an issue

Puppet / PUP-9604 Group resource (with auth_membership) fails if local Windows group contains not resolvable Domain accounts (possible regression)

Change By: Jorie Tappa Team: Windows

Add Comment

[Jorie Tappa (JIRA)]

Jorie Tappa commented on PUP-9604

Re: Group resource (with auth_membership) fails if local Windows group contains not resolvable Domain accounts (possible regression) ping William Hurt & Michael Lombardi

Add Comment

[Jarret Lavallee (JIRA)]

Jarret Lavallee updated an issue

Puppet / PUP-9604

Group resource (with auth_membership) fails if local Windows group contains not resolvable Domain accounts (possible regression)

Change By: Jarret Lavallee Method Found: Needs Assessment Customer Feedback

Add Comment

[Adam Bottchen (JIRA)]

Adam Bottchen updated an issue

Puppet / PUP-9604 Group resource (with auth_membership) fails if local Windows group contains not resolvable Domain accounts (possible regression)

Change By: Adam Bottchen CS Priority: Needs Priority Reviewed

Add Comment

[Usatenko Andrii (JIRA)]

Usatenko Andrii commented on PUP-9604

Re: Group resource (with auth_membership) fails if local Windows group contains not resolvable Domain accounts (possible regression) JANELLE JAMES Hi. You changed the status of this ticket to 'needs information'. We are experiencing this issue and I think i can provide all required information.

Add Comment

[Austin Boyd (JIRA)]

Austin Boyd updated an issue

Puppet / PUP-9604

Group resource (with auth_membership) fails if local Windows group contains not resolvable Domain accounts (possible regression)

Change By: Austin Boyd Zendesk Ticket IDs: 34399 Zendesk Ticket Count: 1

Add Comment

[Josh Cooper (Jira)]

Josh Cooper updated an issue

Puppet / PUP-9604 Group resource (with auth_membership) fails if local Windows group contains not resolvable Domain accounts (possible regression)

Change By: Josh Cooper Team: Windows Night's Watch

Add Comment

This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)