Ask Your Question

Revision history [back]

You should not need to use a class / exec to do this. The following manifest should be all that you need

group { 'Administrators':
  ensure   => present,
  members  => [ 'domain\netgroups' ],
  auth_membership => false

Note that prior to Puppet 3.8, the members property was considered authoritative and auth_membership didn't work properly - i.e. this would remove all the other members from the Administrators groups, instead of just making sure that Administrators includes domain\netgroups. The auth_membership support was fixed in 3.8, but still defaults to true to maintain backward compatibility in the 3.x line. In Puppet 4, the default for auth_membership was changed to false, and thus can be omitted from the manifest if you're using Puppet 4.

For more info on that old issue, please see and additional discussion at!topic/puppet-dev/NXfA0VwUblw