# Revision history [back]

You should not need to use a class / exec to do this. The following manifest should be all that you need

group { 'Administrators':
ensure   => present,
members  => [ 'domain\netgroups' ],
auth_membership => false
}


Note that prior to Puppet 3.8, the members property was considered authoritative and auth_membership didn't work properly - i.e. this would remove all the other members from the Administrators groups, instead of just making sure that Administrators includes domain\netgroups. The auth_membership support was fixed in 3.8, but still defaults to true to maintain backward compatibility in the 3.x line. In Puppet 4, the default for auth_membership was changed to false, and thus can be omitted from the manifest if you're using Puppet 4.