I'm pursuing DSC as a lightweight solution for managing local user accounts on distributed Windows instances in favour of connecting said instances to Active Directory.
Adding and removing specified local users works as expected, but I also want to check that ONLY the specified accounts exist (or are enabled) on each configured node.
e.g. - If I were to create a new local admin account with 'xUser CreateUserAccount / Ensure = Present', if I were to remove the code from my DSC script, that user would still exist on the target node. Similarly, if someone were to create a local user account by some other means, there would be no warning of the unexpected configuration drift through the DSC server.
To remove any unexpected accounts, I would first need be made aware of these accounts by some other means, and then specify 'xUser RemoveUserAccount'.
I have not found a way around this with the first 100 Google results on the topic. Has anyone solved this apparent conundrum with DSC? Should I rather look to something else e.g. Terraform?
Related
I am using Azure Storage Explorer to read data from my Azure storage emulator.
I can create Containers just fine and even use them, until I turn off my machine. When I turn mt machine on and start using the explorer again, I keep getting this error:
If I try and create a container with the same name as the ones I cant see, I get an error saying container already exists so the container still exists somewhere, just that my explorer can't retrieve it. And the container names are all in lowercase so not sure whats happening!
Please check and make sure to have container name and blob names are
between 3 and 63 characters .
If you are usingt proxy settings in storage explorer to connect to your account, please
verify that proxy settings are properly formatted by checking as they can be
case sensitive.
If set to Use environment variablesmake sure to set HTTPS_PROXY or
HTTP_PROXY environment variables are set as given. If these are not
correct , then it may not connect to the server properly.
After that restart the explorer .
Also check the similar issue: Unable to retrieve child resources - "The specifed resource name contains invalid characters" · GitHub
I'm new to Azure AD. However, I observed a weired behaviour in Azure.
After adding / deleting the resource group. The notification says, its success. However, after checking again in few minutes:- (The deleted resources roles are added back into package and the added resources are getting removed as well. This is happening automatically.) I do't have any clue, Anyone faced similar issues? OR, could it be some seetings which is forcing group( sg-ag-rg* group) to stay intact to the access package?
Could anyone please clarify or give some clue? Thanks.
• It might be because they are getting deleted in background and when you check again instantaneously, you would be seeing them as being there itself again. Or else, it might be due to an Azure policy assignment to specific selected users due to which, even after deleting the resource group, the access package assigned to the user is not deleted and is recreated once again since it is a part of Azure AD Identity and Governance.
• I would suggest you to please remove all access package assignments for all the users, groups and applications or sites and their entitlements and then try deleting the access packages and subsequently, the resource group. Thus, in this way, the resource role related to access package will be deleted successfully and will not be recreated even after resource group deletion.
For more information regarding this, you can please refer to the documentation link below: -
https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-resources#remove-resource-roles
https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-edit#delete-an-access-package
I am using Apache Pulsar, and I'm trying to deploy a Pulsar function, but I'm getting this error:
org.apache.pulsar.broker.web.RestException: Policies not found for myTenant/myNamespace namespace
I've checked the code in my function, and everything looks fine.
I'm using Pulsar 2.6.0, but I've tried other versions and gotten the same result.
What's causing this issue? How do I resolve it?
You need to ensure that the tenant and namespace exist that you're trying to deploy the function/sink/source into.
If the tenant or namespace don't exist, then you will get this error because the policy doesn't yet exist. (The policy is created when the namespace is created.)
Try creating the tenant and namespace with the Admin CLI, like this:
bin/pulsar-admin tenants create myTenant
bin/pulsar-admin namespaces create myTenant/myNamespace
If you need to provide additional options, such as the roles or clusters that will be used, those need to be specified. (If you're just using Pulsar standalone, probably you won't need to worry about that.) If someone else manages the cluster (or if you don't have admin permission), you need to ensure that you're writing to the correct tenant/namespace. If you're still having issues, you will need to talk to your cluster admin.
You can find the docs here about how to use the Pulsar Admin CLI commands: http://pulsar.apache.org/docs/en/pulsar-admin/
More specifically, here for tenants create: http://pulsar.apache.org/docs/en/pulsar-admin/#create-4
and here for namespaces create: http://pulsar.apache.org/docs/en/pulsar-admin/#create-2
I am attempting to use dcpromo on a Windows 2008 R2 server. The command produces a warning and an error in the event log. Below are the print outs of those entries:
-Warning-
Ownership of the following FSMO role is set to a server which is deleted or does not exist.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: CN=Infrastructure,DC=DomainDnsZones,DC=XXX,DC=XXXX
FSMO Server DN: CN=NTDS Settings\0ADEL:xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx,CN=XXX-PDC01\0ADEL:xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=XXX,DC=XXXX
User Action:
Determine which server should hold the role in question.
Configuration view may be out of date. If the server in question has been promoted recently, verify that the Configuration partition has replicated from the new server recently. If the server in question has been demoted recently and the role transferred, verify that this server has replicated the partition (containing the latest role ownership) lately.
Determine whether the role is set properly on the FSMO role holder server. If the role is not set, utilize NTDSUTIL.EXE to transfer or seize the role. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.
Verify that replication of the FSMO partition between the FSMO role holder server and this server is occurring successfully.
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
-Error-
The operations master roles held by this directory server could not transfer to the following remote directory server.
Remote directory server:
\XXX-AWSDC2.CSI.local
This is preventing removal of this directory server.
User Action
Investigate why the remote directory server might be unable to accept the operations master roles, or manually transfer all the roles that are held by this directory server to the remote directory server. Then, try to remove this directory server again.
Additional Data
Error value:
5005 The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.
Extended error value:
0
Internal ID:
52498782
The following roles have been successfully transferred to the XXX-awsdc2 server
Schema master
Domain naming master
PDC
RID pool manager
Infrastructure master
How do I remove the CN=CSI-PDC01 object using ADSI? It looks like the XXX-PDC01 held the FSMO Server role at one point and then was removed from the domain with out being demoted properly. I've been unable to find any reference to the XXX-PDC01 server anywhere in the DNS, AD or ADSI.
I've also attempted to delete all the AD metadata. As a last resort, I could always use the dcpromo /forceremoval command but I'd prefer to work through the error and demote this domain controller using the dcpromo command without the forceremoval flag.
Thanks!
Has anyone run into this issue where you add an account (Azure), but no region is populated when creating a new security group or load balancer?
The azure account was added with no errors (even checked logs, clouddriver, echo, etc.). Since there is no region found, this essentially blocks adding any of these objects.
Just for reference I used the Azure quickstart template to do an initial Spinnaker installation
See image: https://imgur.com/hyQmzdM
Here's a workaround:
https://github.com/spinnaker/spinnaker/issues/2229#issuecomment-404161532
Apparently, you have to list the regions first in the Clouddriver config file...