Get-TargetResource fails for AADGroup resource #6796
Description
Description of the issue
There is an issue with the Get-TargetResource function for the AADGroup resource. When getting the current configuration for a resource being managed by LCM, the Get-DscConfiguration command fails with a CimException error.
This is due to the returned hash table not matching the schema.
For example, the below example will return the following JSON (converted from the original $result hashtable for visibility):
{
"MembershipRule": null,
"TenantId": "kenahs.melbourne",
"Owners": [
],
"DisplayName": "TestGroup",
"Ensure": "Present",
"AccessTokens": null,
"Members": [
],
"Visibility": null,
"MailNickname": "False",
"IsAssignableToRole": false,
"AssignedToRole": [
],
"Description": "Test Group.",
"Id": "92cb297a-7622-4d55-8e7a-43b447f76bc4",
"GroupTypes": [
],
"SecurityEnabled": true,
"MemberOf": [
],
"MailEnabled": false,
"CertificateThumbprint": "[Redacted]",
"ApplicationId": "[Redacted]",
"GroupAsMembers": [
],
"ManagedIdentity": false,
"MembershipRuleProcessingState": null,
"AssignedLicenses": [
],
"Credential": null,
"ApplicationSecret": null
}
Reviewing the Desired State Configuration event log shows that the issue is that the LCM is "Unable to cast object of type 'System.String' to type 'System.Collections.IList'."
The Owners, Members, GroupAsMembers, MemberOf, GroupTypes, AssignedToRRole, AssignedLicenses properties are all defined as [System.String[]] in the schema and need to be cast as such to work.
Additionally, the 'AssignedLicenses' property is a multiple layers deep and has the same issue as issue 6092.
Microsoft 365 DSC Version
v1.25.1203.2
Which workloads are affected
Azure Active Directory (Entra ID)
The DSC configuration
$ConfigurationData = [Hashtable]@{
'AllNodes' = @()
'OrganizationName' = $TenantName
'TenantId' = $TenantId
'Credentials' = [Hashtable]@{
'ApplicationId' = $ApplicationId
'CertificateThumbprint' = $DeployCert.Thumbprint
}
}
Configuration TestGroup
{
Import-DscResource -ModuleName 'Microsoft365DSC'
Node localhost
{
AADGroup TestGroup
{
ApplicationId = $ConfigurationData.Credentials.ApplicationId;
CertificateThumbprint = $ConfigurationData.Credentials.CertificateThumbprint;
TenantId = $ConfigurationData.OrganizationName;
Description = "Test Group.";
DisplayName = 'TestGroup';
Ensure = 'Present';
GroupTypes = @();
MailEnabled = $False;
MailNickname = 'False';
SecurityEnabled = $True;
}
}
}
. TestGroup -ConfigurationData $ConfigurationData -OutputPath .\ | Out-Null
Start-DscConfiguration .\ -Force -Wait
Start-Sleep 10
$Results = Get-DscConfigurationVerbose logs showing the problem
<img width="1177" height="124" alt="Image" src="https://github.com/user-attachments/assets/b2649e99-162b-47a9-8bdd-dce8137cd803" />