This Powershell code works fine when run locally as either administrator or as user (which is in local administrators group), but refuses to work from Octopus, either as a Step Template or Script:
Write-Host "Adding users to localgroup administrators group..."
$users = ("INFRACAST\sam.kompfner", "INFRACAST\Support_Group", "INFRACAST\Dev & Staging Servers - Admin", "INFRACAST\Test & Sandbox Servers - Admin")
$group = "Administrators"
$members = Get-LocalGroupMember -Name $group | Select -ExpandProperty Name
ForEach ($user in $users)
{
If ($members -contains $user) {
Write-Host "$user already exists in the group - not adding"
} Else {
Add-LocalGroupMember -Group $group -Member $user
Write-Host "$user added to localgroup administrators group successfully"
}
May 13th 2019 16:56:03Info
Adding users to localgroup administrators group...
May 13th 2019 16:56:04Error
Get-LocalGroupMember : Group "Administrators" was not found.
May 13th 2019 16:56:04Error
At E:\Octopus\Work\20190513155601-36486-28\Script.ps1:8 char:12
May 13th 2019 16:56:04Error
+ $members = Get-LocalGroupMember -Name $group | Select -ExpandProperty ...
May 13th 2019 16:56:04Error
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
May 13th 2019 16:56:04Error
+ CategoryInfo : ObjectNotFound: ("Administrators":String) [Get-L
May 13th 2019 16:56:04Error
ocalGroupMember], GroupNotFoundException
May 13th 2019 16:56:04Error
+ FullyQualifiedErrorId : GroupNotFound,Microsoft.PowerShell.Commands.GetL
May 13th 2019 16:56:04Error
ocalGroupMemberCommand
May 13th 2019 16:56:04Error
May 13th 2019 16:56:04Fatal
The remote script failed with exit code 1
May 13th 2019 16:56:04Fatal
The action Setup Windows Server - Powershell Scripts on uemx-agnt-1 failed
Thanks for reaching out! When executed from Octopus, that script will run under the username that’s running the Tentacle Service. If that user doesn’t have enough rights to run that cmdlet, you’ll be getting errors like this one.
The easiest way to double check this would be to change the account running the Tentacle Service to the same Administrator account that you used to log into the VM and run that cmdlet.
I don’t even need to run Powershell and it still returns a correct result:
What doesn’t Octopus like about the script?
Write-Host "Adding users to local $group group..."
$members = Get-LocalGroupMember -Name $group | Select -ExpandProperty Name
ForEach ($user in $users)
{
If ($members -contains $user) {
Write-Host "$user already exists in the group - not adding"
} Else {
Add-LocalGroupMember -Group $group -Member $user
Write-Host "$user added to local $group group successfully"
}
}
@Dalmiro - never mind - I’ve altered my script to exclude the “Get-LocalGroupMember” command, and now it runs without failing:
$users = "INFRACAST\sam.kompfner"
$group = "Administrators"
Write-Host "Adding users to local $group group..."
ForEach ($user in $users)
{
Try
{
Add-LocalGroupMember -Group $group -Member $user -ErrorAction Stop
Write-Host "$user added to local $group group successfully"
}
Catch
{
Write-Host "Unable to add $user to the local $group group - ($_)"
}
}
Glad to hear you found a workaround. The fact that one cmdlet works and the other doesn’t definitely makes me think this is somehow related to permissions.
Just for the sake of testing, did you try running Get-LocalGroupMember without the -name argument to see if it returns groups at all?
