I've got a section in my DSC-configuration that creates new accounts in a specified OU.
(Input parameters are omitted in the example below.)
Please ignore that I'm currently handling passwords with -AsPlainText
Import-DscResource -ModuleName ActiveDirectoryDsc -ModuleVersion 6.0.1
$Count = 0
foreach ($Principal in $Node.Principals) {
$Count++
ADUser "Create_$($Principal.Name)_$Count" {
UserName = $Principal.Name
DomainName = $Node.DomainName
Path = (@($Principal.Path, $DistinguishedNameSuffix) |
where { ![string]::IsNullOrWhitespace($_) }
) -join ','
Password = New-Object System.Management.Automation.PSCredential(
"$($Node.DomainName)\$($Principal.Name)",
(ConvertTo-SecureString $Principal.Password -AsPlainText -Force)
)
PasswordNeverExpires = $true
Ensure = 'Present'
DependsOn = @('[WaitForADDomain]DscDomainWait')
}
}
But when trying to create users in the AD container Users (which is not an OU), the configuration will fail.
Is there a way to create accounts in that container using DSC?
Ok, the answer was pretty simple.
I just used search to find the Distinguished Name
of the Users
container...
So, using CN=
instead of OU=
in the Path
input parameter of the DSC-config did the trick :)
So the issue was with the very thing I omitted to include in my question.