PowerShell Desired State Configuration User Resource

Having problems getting the DSC User Resource working.  Has anybody been able to get this resource working?  If so then I can just assume I have to bang my keyboard some more.

As I understand it, the User resource takes a Credential as its parameter, and in order to pass a credential you need to do a couple of things:

1. Set PSDscAllowPlainTextPassword = $true (disarms the error when you try to use a Credential)

2. Supply a Certificate to DSC (encrypts and decrypts the credential)

In the sample code below I am able to get the Credential object through to the resource (MSFT_UserResource.psm1).  To troubleshoot I put the following line into the psm1 file:

Write-Verbose "Password: $($Password.GetNetworkCredential().Password)"

When I run the DSC configuration I get the following in my Verbose output:

VERBOSE: [MYBOX]:                            [[User]SomeUser] Password: eXC6VFtHJ4vTRMgRBZHEWLT2CumH+3DkYXJDPmVzxWasV8lgLQRCEw7MqEspKX9D2iIU/qYleeyS2xD+

I expected the decrypted password there, but that string is the encrypted password (Base64 encoded). 

Here is the repro script I am using: 

Set-Location c:\dsccm

### Create the Credential
$cred = Get-Credential (Get-Credential hoofhearted\icemelted)
#$cred.GetNetworkCredential().Password

### Get the certificate to encrypt/decrypt the credential
$certificate = dir cert:\LocalMachine\My | where {$_.Subject -eq "CN=hoofhearted"}

### Create the Configuration
Configuration LocalConfigurationManager {    
    Node ("localhost") {  
        LocalConfigurationManager 
        {
            CertificateID = $certificate.Thumbprint            
        }
        User UserExample
        {
            Ensure   = "Present"  # To ensure the user account does not exist, set Ensure to "Absent"
            UserName = "SomeName"
            Password = $cred
        } 
    }                   
}

$Global:AllNodes=
@{
    AllNodes = @( 
                    @{  
                    NodeName                    = "localhost"
                    CertificateID               = $certificate.Thumbprint
                    PSDscAllowPlainTextPassword = $true                   
                    }
                )
}

LocalConfigurationManager -ConfigurationData $Global:AllNodes

Set-DscLocalConfigurationManager -path "C:\dsccm\LocalConfigurationManager"

###
Start-DscConfiguration -Wait -Verbose:$true -Path C:\dsccm\LocalConfigurationManager -Force 
###

BTW - I think this is a bug, so I filed a bug on Connect.  Please vote it up if you have the same problem.

UPDATE: October 21 - can repro using RTM bits of Windows Server 2012 R2

CraigMartin – Edgile, Inc. – http://identitytrench.com