We've installed the Saviynt IIS Agent on the IIS server to execute commands on the Exchange server through Saviynt. We configured a REST connector to execute the script on the IIS server and set up the Security System, Endpoint, and Rules to create the task. Once the task is created, we run the provisioning job.
We are able to create, update, enable, and disable the RemoteUserMailbox, , and we have imported all the RemoteUserMailboxes into Saviynt.
Now we are trying to execute this "Set-ADUser K.AD.TEST47 -remove @{proxyaddresses = 'SMTP:K.AD.TEST40@domain.org'}" script on the IIS server through Saviynt REST Connector, and we are facing the Insufficient Access Right Permission Error, but when we execute this script directly on the IIS server, it executes successfully, and the service account has the appropriate Read and Write permission.
We are using the following JSON for script Execution:
{
"call":[
{
"name":"call1",
"connection":"acctAuth",
"url":"https://<IIS Server Domain Name>/SaviyntApp/PS/ExecutePSScript",
"httpMethod":"POST",
"httpParams":"{\"SCRIPT\": \"Set-ADUser K.AD.TEST40 -remove @{proxyaddresses = 'SMTP:K.AD.TEST40@domain.org'} \"}",
"httpHeaders":{
"Authorization":"${accessToken}"
},
"httpContentType":"application/json",
"successResponses":{
"response":[
{
"Objectreturned":"Success"
}
]
},
"unsuccessResponses":{
"response":[
{
"Objectreturned":"Failure"
}
]
}
}
]
}
We have checked the IIS Server logs we find the following Information:
Pipeline execution details for command line: Set-ADUser K.AD.TEST42 -remove @{proxyaddresses = 'SMTP:K.AD.TEST42@domain.org'} .
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=985
UserId=IIS APPPOOL\SaviyntAppPool
HostName=Default Host
HostVersion=5.1.20348.2400
HostId=f3c541f3-0e63-4600-94cc-2871185495fc
HostApplication=c:\windows\system32\inetsrv\w3wp.exe -ap SaviyntAppPool -v v4.0 -l webengine4.dll -a \\.\pipe\iisipmda48f7d4-1272-47ac-ab91-23372cfadce1 -h C:\inetpub\temp\apppools\SaviyntAppPool\SaviyntAppPool.config -w -m 0
EngineVersion=5.1.20348.2400
RunspaceId=0146ce77-f121-44ca-8eef-b40fd277313f
PipelineId=1
ScriptName=
CommandLine=Set-ADUser K.AD.TEST42 -remove @{proxyaddresses = 'SMTP:K.AD.TEST42@Domian.org'}
Details:
CommandInvocation(Set-ADUser): "Set-ADUser"
ParameterBinding(Set-ADUser): name="Remove"; value="System.Collections.Hashtable"
ParameterBinding(Set-ADUser): name="Identity"; value="K.AD.TEST42"
TerminatingError(Set-ADUser): "Insufficient access rights to perform the operation"
We have configured everything as per the Saviynt documentation, but we are still facing this issue. Can you please check how we can solve this kind of issue?