Get-LocalGroupMember not working

(Samuel Kompfner) #1

This Powershell code works fine when run locally as either administrator or as user (which is in local administrators group), but refuses to work from Octopus, either as a Step Template or Script:

Write-Host "Adding users to localgroup administrators group..."
$users = ("INFRACAST\sam.kompfner", "INFRACAST\Support_Group", "INFRACAST\Dev & Staging Servers - Admin", "INFRACAST\Test & Sandbox Servers - Admin")
$group = "Administrators"
$members = Get-LocalGroupMember -Name $group | Select -ExpandProperty Name
ForEach ($user in $users)
{
    If ($members -contains $user) {
          Write-Host "$user already exists in the group - not adding"
     } Else {
            Add-LocalGroupMember -Group $group -Member $user
            Write-Host "$user added to localgroup administrators group successfully"
    }
    May 13th 2019 16:56:03Info
    Adding users to localgroup administrators group... 
    May 13th 2019 16:56:04Error
    Get-LocalGroupMember : Group "Administrators" was not found. 
    May 13th 2019 16:56:04Error
    At E:\Octopus\Work\20190513155601-36486-28\Script.ps1:8 char:12 
    May 13th 2019 16:56:04Error
    + $members = Get-LocalGroupMember -Name $group | Select -ExpandProperty ... 
    May 13th 2019 16:56:04Error
    +            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    May 13th 2019 16:56:04Error
    + CategoryInfo          : ObjectNotFound: ("Administrators":String) [Get-L  
    May 13th 2019 16:56:04Error
       ocalGroupMember], GroupNotFoundException 
    May 13th 2019 16:56:04Error
    + FullyQualifiedErrorId : GroupNotFound,Microsoft.PowerShell.Commands.GetL  
    May 13th 2019 16:56:04Error
       ocalGroupMemberCommand 
    May 13th 2019 16:56:04Error
     
    May 13th 2019 16:56:04Fatal
    The remote script failed with exit code 1 
    May 13th 2019 16:56:04Fatal
    The action Setup Windows Server - Powershell Scripts on uemx-agnt-1 failed
(Dalmiro Grañas) #3

Hi Sam,

Thanks for reaching out! When executed from Octopus, that script will run under the username that’s running the Tentacle Service. If that user doesn’t have enough rights to run that cmdlet, you’ll be getting errors like this one.

The easiest way to double check this would be to change the account running the Tentacle Service to the same Administrator account that you used to log into the VM and run that cmdlet.

Let me know how that goes.

Best regards,
Dalmiro

(Samuel Kompfner) #4

Hi @Dalmiro so, I changed the account the tentacle runs as to be the same local system administrator account:

CurrentUser: uemx-loadtest\uemxadmin

It still fails:

I don’t even need to run Powershell and it still returns a correct result:
image
What doesn’t Octopus like about the script?

Write-Host "Adding users to local $group group..."
$members = Get-LocalGroupMember -Name $group | Select -ExpandProperty Name
ForEach ($user in $users)
{
    If ($members -contains $user) {
          Write-Host "$user already exists in the group - not adding"
     } Else {
            Add-LocalGroupMember -Group $group -Member $user
            Write-Host "$user added to local $group group successfully"
    }
}
(Samuel Kompfner) #5

@Dalmiro - never mind - I’ve altered my script to exclude the “Get-LocalGroupMember” command, and now it runs without failing:

$users = "INFRACAST\sam.kompfner"
$group = "Administrators"

Write-Host "Adding users to local $group group..."

ForEach ($user in $users)
{
    Try
    {           
        Add-LocalGroupMember -Group $group -Member $user -ErrorAction Stop
        Write-Host "$user added to local $group group successfully"
    }
    Catch
    {
        Write-Host "Unable to add $user to the local $group group - ($_)"
    }
}

(Dalmiro Grañas) #6

Glad to hear you found a workaround. The fact that one cmdlet works and the other doesn’t definitely makes me think this is somehow related to permissions.

Just for the sake of testing, did you try running Get-LocalGroupMember without the -name argument to see if it returns groups at all?