Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AADPasswordRuleSettings - BannedPasswordCheckOnPremisesMode error #5414

Open
clement75000 opened this issue Nov 15, 2024 · 0 comments
Open

AADPasswordRuleSettings - BannedPasswordCheckOnPremisesMode error #5414

clement75000 opened this issue Nov 15, 2024 · 0 comments

Comments

@clement75000
Copy link

clement75000 commented Nov 15, 2024
edited
Loading

Description of the issue

When Trying to deploy AADPasswordRuleSettings configuration I get :

Verbose logs showing the problem

[Request_BadRequest] : The expected property 'BannedPasswordCheckOnPremisesMode' 
defined in template with SettingTemplateId '5cf42378-d67d-4f36-ba46-e8b86229381d' 
was not provided. paramName: BannedPasswordCheckOnPremisesMode, paramValue: 
System.String, objectType: 
Microsoft.Online.DirectoryServices.ObjectSettingTemplate
    + CategoryInfo          : InvalidOperation: ({ Headers = , b...ectorySetting  
   }:) [], CimException
    + FullyQualifiedErrorId : Request_BadRequest,Microsoft.Graph.Beta.PowerShell. 
   Cmdlets.NewMgBetaDirectorySetting_CreateExpanded
    + PSComputerName        : localhost

Problem was fixed by updating "C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.24.1016.1\DSCResources\MSFT_AADPasswordRuleSettings\MSFT_AADPasswordRuleSettings.psm1"

It appeared that $Policy was still empty after execution of

$Policy = New-MgBetaDirectorySetting -TemplateId '5cf42378-d67d-4f36-ba46-e8b86229381d' | Out-Null

Workaround (quick and dirty, to improve)

1- create "params" BodyParameter
2 - replace
$Policy = New-MgBetaDirectorySetting -TemplateId '5cf42378-d67d-4f36-ba46-e8b86229381d'
by
$Policy = New-MgBetaDirectorySetting -TemplateId $params.templateid -Values $params.values

    $params = @{
        templateId = "5cf42378-d67d-4f36-ba46-e8b86229381d"
            values = @(
                @{
                    name = "LockoutThreshold"
                    value = $LockoutThreshold
                },
                @{
                    name = "LockoutDurationInSeconds"
                    value = $LockoutDurationInSeconds
                },
                @{
                    name = "EnableBannedPasswordCheck"
                    value = [System.Boolean]$EnableBannedPasswordCheck
                },
                @{
                    name = "BannedPasswordList"
                    value = $BannedPasswordList -join "`t"
                },
                @{
                    name = "EnableBannedPasswordCheckOnPremises"
                    value = [System.Boolean]$EnableBannedPasswordCheckOnPremises
                },
                @{
                    name = "BannedPasswordCheckOnPremisesMode"
                    value = $BannedPasswordCheckOnPremisesMode
                }
        )
    }

    # Policy should exist but it doesn't
    $needToUpdate = $false
    if ($Ensure -eq 'Present' -and $currentPolicy.Ensure -eq 'Absent')
    {
        #$template = Get-MgBetaDirectorySettingTemplate -All | Where-Object -FilterScript {$_.Displayname -eq 'Password Rule Settings'}
        write-verbose -message "New-MgBetaDirectorySetting"
        $Policy = New-MgBetaDirectorySetting -TemplateId $params.templateid  -Values $params.values
        $needToUpdate = $true
    }

Microsoft 365 DSC Version

1.24.1016.1

Which workloads are affected

AADPasswordRuleSettings

Environment Information + PowerShell Version

OsName               : Microsoft Windows Server 2022 Standard
OsOperatingSystemSKU : StandardServerEdition
OsArchitecture       : 64-bit
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version          : 7.4.5
InstanceId       : d6fb8fed-d531-4c5b-81e3-6155644646c5
UI               : System.Management.Automation.Internal.Host.InternalHostUserInterface
CurrentCulture   : fr-FR
CurrentUICulture : en-US
PrivateData      : Microsoft.PowerShell.ConsoleHost+ConsoleColorProxy
DebuggerEnabled  : True
IsRunspacePushed : False
Runspace         : System.Management.Automation.Runspaces.LocalRunspace
@clement75000 clement75000 changed the title AADGroupsSettings - BannedPasswordCheckOnPremisesMode error AADPasswordRuleSettings - BannedPasswordCheckOnPremisesMode error Nov 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@clement75000