[Bug] Creating Local Users Fails Test-DSCConfiguration if the Users are Disabled
I can successfully create a disabled local user account on a non-domain joined server which has a password policy enforced.
If I try to create the disabled account with out a password, or one in violation of the policy, the configuration fails. This is expected.
If I create a disabled local user account with a password that meets the requirements, the configuration applies. When I run Test-DSCConfiguration the test fails with:
PowerShell DSC resource MSFT_UserResource failed to execute Test-TargetResource functionality with error message:
There could be a possible connection error while trying to use the System.DirectoryServices API's.Exception calling
"ValidateCredentials" with "2" argument(s): "This user can't sign in because this account is currently disabled.
+ CategoryInfo : InvalidOperation: (root/Microsoft/...gurationManager:String) , CimException
+ FullyQualifiedErrorId : ProviderOperationExecutionFailure
+ PSComputerName : localhost
Wouldn't this lead to the configuration constantly running every cycle?
Sounds like a valid bug. Thanks for bringing it to our attention. I have opened a bug in our internal system to track this to resolution.
*** If I enable the account, the configuration reapplies and sets the account to disabled without issue.