Bicep - DSC script - Joining Storage account to AD domain - running bicep code for second time, overwrites the settings
SetarehStarMS opened this issue · 3 comments
What happened? Provide a clear and concise description of the bug, including deployment details.
It looks like if we run the bicep code twice, in the second round if storage accounts (fslogix or msix) computer objects exist in the AD, it overwrite the directory service setup and makes it to unconfigured! Attached is the log for DSC script. August 22th, 2024 is when the script ran again while the storage accounts were domain joined already.
ManualDscStorageScriptsLog.log
Please provide the correlation id associated with your error or bug.
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
What was the expected outcome?
No response
Relevant log output
No response
thanks for your feedback, we are investigating.
We are also experiencing issues with this when using AD DS set up. If we have a working set-up with storage accounts that are domain joined, if we redeploy the bicep deployment later, the DSC script triggers and attempts to domain join the storage account(the log file says it succeeds). But after the deployment completes without errors, and I check the storage account in the portal, it says "not configured" on fileshare 'Identity-based access'. If I delete the storage accounts computer object from AD DS, and redeploy again, the deployment succeeds, and the fileshare gets domain joined(the portal states "configured" on identity-based access).
Worth mentioning also that to be able to redeploy the AVD accellerator without it generating duplicate storage accounts and key vaults, we modify the uniquestring variable(remove time variable).
@bfond82 thanks for your feedback.
The logic of the baseline is meant to be greenfield only, if you want to use it for continuous deployment/updates, we recommend forking/cloning the repo and update the code to avoid running the deployments that are not capable of running incremental updates (VM extensions, AD objects, etc.)
@swathibhat1 let's add this item as feature request to modify the logic and enable for continuous incremental deployments.