Ask Your Question

Revision history [back]

You should not need to use a class / exec to do this. The following manifest should be all that you need

group { 'Administrators':
  ensure   => present,
  members  => [ 'domain\netgroups' ],
  auth_membership => false
}

Note that prior to Puppet 3.8, the members property was considered authoritative and auth_membership didn't work properly - i.e. this would remove all the other members from the Administrators groups, instead of just making sure that Administrators includes domain\netgroups. The auth_membership support was fixed in 3.8, but still defaults to true to maintain backward compatibility in the 3.x line. In Puppet 4, the default for auth_membership was changed to false, and thus can be omitted from the manifest if you're using Puppet 4.

For more info on that old issue, please see https://tickets.puppetlabs.com/browse/PUP-2628 and additional discussion at https://groups.google.com/forum/#!topic/puppet-dev/NXfA0VwUblw