Ask Your Question
0

Can't delete user(s) from a Windows local group

asked 2017-08-17 09:02:53 -0500

mightiepup gravatar image

Any ideas what the issue may be with deleting a user/member from a windows local group?

group {'remove from Administrators':
  name            => 'Administrators',
  ensure          => absent,
  auth_membership => false,
  members         => $mymembers,
}

This is the result. Almost seems like it's trying to remove the actual group?

Error: Could not set 'absent' on ensure: (in OLE method `Delete': ) OLE error code:8007055B in Active Directory Cannot perform this operation on built-in accounts.

HRESULT error code:0x80020009
  Exception occurred. at 25:/etc/puppetlabs/code/environments/production/modules/localgroup/manifests/fallback.pp

Wrapped exception: (in OLE method `Delete': ) OLE error code:8007055B in Active Directory Cannot perform this operation on built-in accounts.

HRESULT error code:0x80020009
  Exception occurred.

Error: /Stage[main]/localgroup::Fallback/Group[SPT Support remove from Administrators]/ensure: change from present to absent failed: Could not set 'absent' on ensure: (in OLE method `Delete': ) OLE error code:8007055B in Active Directory Cannot perform this operation on built-in accounts.

HRESULT error code:0x80020009
  Exception occurred. at 25:/etc/puppetlabs/code/environments/production/modules/localgroup/manifests/fallback.pp
edit retag flag offensive close merge delete

Comments

You _are_ trying to remove the actual group `Administrators'. As puppet-pirate already suggested you probably wanna utilize the `user` resource type. Unfortunately s*he didn't name the module (yet) `dsc_xgroup` originates from.

Kai Burghardt gravatar imageKai Burghardt ( 2017-08-27 10:53:36 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-08-26 15:40:09 -0500

There are 2 ways you can do this, first is using the membership attribute within the user resource ie. user resource
*if minimum is specified, Puppet will ensure that the user is a member of all specified groups, but will not remove any other groups that the user is a part of.

If inclusive is specified, Puppet will ensure that the user is a member of only specified groups.*

user { 'localuser':
  ensure     => present,
  groups     => ['array', 'of', 'groups'],
  membership => inclusive,
}

And the Second way would be managing the group itself with the dsc_xgroup seeing that you are managing Windows this example is more in line with what you were looking for in your post.

dsc_xgroup { 'Administrators':
  dsc_ensure           => 'present',
  dsc_groupname        => 'Administrators',
  dsc_memberstoexclude => ['localuser'],
}
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-08-17 09:02:53 -0500

Seen: 44 times

Last updated: Aug 26