Seth's questions

I'm currently using the CertificateDSC CertReq resource to generate a certificate request within a DSC configuration. I'm pretty new to DSC, I'm checking it out using a push approach and my workflow consists of generating the mof and either running Start-DscConfiguration or Update-DscConfiguration afterwards.

Whenever I run the DSC configuration or update it a new certificate is being requested from the CA. Obviously that's not really what my intention is. How would you add a PowerShell DSC block that's evaluated on the node and dynamically check whenever a resource block needs to be applied?

The idea is to have block that checks for a suitable certificate and generates some kind of flag that's evaluated before the CertReq block.

In pseudo code it would be similar to the following. Doing that in a DSC doesn't seem to work.

Configration X {
    Import-DscResource -ModuleName CertificateDSC

    if((Get-ChildItem Cert:\LocalMachine\My | Where $condition).count -gt 0){
        CertReq psCert {
            # Data
        }
    }

}

We do have a case where we would like to setup an Exchange distribution group (created using New-DistributionGroup with closed joining and leaving) in order to easily reach multiple teams. Adding users directly works just fine but using the security groups of those teams doesn't seem to work. The security groups are not mail enabled but each individual user object within the security group has a mailbox.

Would anyone happen to know if there is a way to make this work? It looks like distribution groups only check their direct members? Could it be because the distribution group is a universal group while the security groups are just global? I do know the revers doesn't work.

One question I came across mentioned this technet article citing the general definition of a distribution group as an answer but that doesn't answer the question.