UnauthorizedException in CreateDefaultAssociatedGroups #95
Description
When creating the default associated groups for a site collection the first time, I get an UnauthorizedException. Fortunately, SharePointDsc already have a solution for this: use the system account.
Part of the script that throws:
Write-Host -ForegroundColor White " - Creating Site Collection `"$siteURL`"..."
$site = New-SPSite -Url $siteURL -OwnerAlias $ownerAlias -SecondaryOwner $env:USERDOMAIN\$env:USERNAME -ContentDatabase $siteDatabase -Description $siteCollectionName -Name $siteCollectionName -Language $LCID @templateSwitch @hostHeaderWebAppSwitch @CompatibilityLevelSwitch -ErrorAction Stop
# JDM Not all Web Templates create the default SharePoint Croups that are made by the UI
# JDM These lines will insure that the the approproprate SharePoint Groups, Owners, Members, Visitors are created
$primaryUser = $site.RootWeb.EnsureUser($ownerAlias)
$secondaryUser = $site.RootWeb.EnsureUser("$env:USERDOMAIN\$env:USERNAME")
$title = $site.RootWeb.title
if ($spYear -ne 2019) # This seems to cause an "access denied" error with SP2019, at least on the first attempt
{
Write-Host -ForegroundColor White " - Ensuring default groups are created..."
$site.RootWeb.CreateDefaultAssociatedGroups($primaryUser, $secondaryUser, $title)
}
My proposed change:
Write-Host -ForegroundColor White " - Creating Site Collection `"$siteURL`"..."
$site = New-SPSite -Url $siteURL -OwnerAlias $ownerAlias -SecondaryOwner $env:USERDOMAIN\$env:USERNAME -ContentDatabase $siteDatabase -Description $siteCollectionName -Name $siteCollectionName -Language $LCID @templateSwitch @hostHeaderWebAppSwitch @CompatibilityLevelSwitch -ErrorAction Stop
# Prevent UnauthorizedException when creating default groups for the first time
# https://github.com/dsccommunity/SharePointDsc/issues/898
$centralAdminWebApp = [Microsoft.SharePoint.Administration.SPAdministrationWebApplication]::Local
$centralAdminSite = Get-SPSite -Identity $centralAdminWebApp.Url
$site = New-Object "Microsoft.SharePoint.SPSite" -ArgumentList @($site.Id, $centralAdminSite.SystemAccount.UserToken)
# JDM Not all Web Templates create the default SharePoint Croups that are made by the UI
# JDM These lines will insure that the the approproprate SharePoint Groups, Owners, Members, Visitors are created
$primaryUser = $site.RootWeb.EnsureUser($ownerAlias)
$secondaryUser = $site.RootWeb.EnsureUser("$env:USERDOMAIN\$env:USERNAME")
$title = $site.RootWeb.title
if ($spYear -ne 2019) # This seems to cause an "access denied" error with SP2019, at least on the first attempt
{
Write-Host -ForegroundColor White " - Ensuring default groups are created..."
$site.RootWeb.CreateDefaultAssociatedGroups($primaryUser, $secondaryUser, $title)
}
About this line: if ($spYear -ne 2019) # This seems to cause an "access denied" error with SP2019, at least on the first attempt.
It is possible that this condition is not needed when using system account, but I do not have a 2019 farm to test on at the moment.