and more in a single search tool across platforms. Read the announcement here. |
10/13/2022 11:20 AM
Greetings. I'm trying to get my Azure AD Rest calls to split for the WinPS actions per this document:
https://saviynt.freshdesk.com/support/solutions/articles/43000463699-azure-ad-connector-guide
I've tried so many variations of this but cannot get anything to happen. The WinPS server is hosted at Saviynt, so I don't have access to logs there.
I'm wondering if anyone discovered anything wrong in the documentation that I need to tweak to make this work? I have other connections calling to my WinPS via a straight REST integration. Since the AzureAD connection is double-layering this, I'm not sure what to try next. I even tried stripping out the IF logic bifurcation to see if I could make the entire call goto WinPS but still don't get any meaningful output. The debug application logs don't have any errors, they just say it performed 1 rest call.
Here's the example for the RemoveAccessJSON:
{ "name": "AADGroup", "connection": "${entitlementValue.customproperty8.trim().equals('true') && entitlementValue.customproperty10.trim().equals('false') && entitlementValue.customproperty11==null? 'acctAuth' : 'userAuth'}", "url": "${entitlementValue.customproperty8.trim().equals('true') && entitlementValue.customproperty10.trim().equals('false') && entitlementValue.customproperty11==null? 'https://HostComputer.com/Saviynt/PS/ExecutePSscript':'https://graph.microsoft.com/v1.0/groups/'+entitlementValue.entitlementID+'/members/'+account.accountID+'/\\$ref'}", "httpMethod": "${entitlementValue.customproperty8.trim().equals('true') && entitlementValue.customproperty10.trim().equals('false') && entitlementValue.customproperty11==null? 'POST' : 'DELETE'}", "httpParams": "${entitlementValue.customproperty8.trim().equals('true') && entitlementValue.customproperty10.trim().equals('false') && entitlementValue.customproperty11==null?'{\"Script\": \"\\$pw = convertto-securestring \\\\\"'+connection.properties.password+'\\\\\" -asplaintext -force;\\$mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist \\\\\"'+connection.properties.userName+'\\\\\",\\$pw;Invoke-Command -ComputerName \\\\\"<<Computer-Name>>\\\\\" -Credential \\$mycred -scriptblock {\\$User = \\\\\"'+connection.user+'\\\\\";\\$PWord = ConvertTo-SecureString -String \\\\\"'+connection.pass+'\\\\\" -AsPlainText -Force;\\$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList \\$User, \\$PWord;\\$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential \\$Credential -Authentication Basic -AllowRedirection;Import-PSSession \\$Session -DisableNameChecking -verbose:\\$false | Out-Null;Remove-DistributionGroupMember -Identity \\\\\"'+entitlementValue.entitlement_value+'\\\\\" -Member \\\\\"'+ +'\\\\\" -Confirm:\\$false;Remove-PSSession \\$Session}\"}' : '{}'}", "httpHeaders": { "Authorization": "${access_token}" }, "httpContentType": "${entitlementValue.customproperty8.trim().equals('true') && entitlementValue.customproperty10.trim().equals('false') && entitlementValue.customproperty11==null?'application/x-www-form-urlencoded' : 'application/json'}", "successResponses": { "statusCode": [ 200, 201, 204, 205 ] } },
10/13/2022 07:48 PM
I hope you have updated below information
Specify this parameter to add access for a user. To define this parameter, use a format similar to the following:
Note:
HostComputer - Replace HostComputer with the host domain of the IIS Server.
Computer-Name - Replace Computer-Name with the ComputerName of the IIS Server. Sample: WIN-QJ3E7AO9ED7
10/14/2022 06:30 AM
Yes, it's all replaced. As I mentioned, I have WinPS working just fine on other connections that are WinPS only. The AzureAD is a layered call to WinPS so I'm not sure how to troubleshoot it further.
10/28/2022 01:39 PM
Any suggestions? I also put a support ticket in (https://saviynt.freshdesk.com/support/tickets/1541969) and they told me to open an enhancement request.. uhhh..
10/28/2022 02:49 PM
Then you need to create ticket on ideas portal