PARTNERS - Please join us for our upcoming webinar:
Leveraging Intelligent Recommendations for Operational Transformation.
AMS Partners Click HERE | EMEA/APJ Click HERE

Exchange Integration - Insufficient Access Error

PratikPokale
New Contributor
New Contributor
We've installed the Saviynt IIS Agent on the IIS server to execute commands on the Exchange server through Saviynt. We configured a REST connector to execute the script on the IIS server and set up the Security System, Endpoint, and Rules to create the task. Once the task is created, we run the provisioning job.
 
We are able to create, update, enable, and disable the RemoteUserMailbox, , and we have imported all the RemoteUserMailboxes into Saviynt.
Now we are trying to execute this "Set-ADUser K.AD.TEST47 -remove @{proxyaddresses = 'SMTP:K.AD.TEST40@domain.org'}" script on the IIS server through Saviynt REST Connector, and we are facing the Insufficient Access Right Permission Error, but when we execute this script directly on the IIS server, it executes successfully, and the service account has the appropriate Read and Write permission.
 
We are using the following JSON for script Execution:
{
   "call":[
      {
         "name":"call1",
         "connection":"acctAuth",
         "url":"https://<IIS Server Domain Name>/SaviyntApp/PS/ExecutePSScript",
         "httpMethod":"POST",
         "httpParams":"{\"SCRIPT\": \"Set-ADUser K.AD.TEST40 -remove @{proxyaddresses = 'SMTP:K.AD.TEST40@domain.org'} \"}",
         "httpHeaders":{
            "Authorization":"${accessToken}"
         },
         "httpContentType":"application/json",
         "successResponses":{
            "response":[
               {
                  "Objectreturned":"Success"
               }
            ]
         },
         "unsuccessResponses":{
            "response":[
               {
                  "Objectreturned":"Failure"
               }
            ]
         }
      }
   ]
}
 
We have checked the IIS Server logs we find the following Information:
Pipeline execution details for command line: Set-ADUser K.AD.TEST42 -remove @{proxyaddresses = 'SMTP:K.AD.TEST42@domain.org'} .
 
Context Information: 
DetailSequence=1
DetailTotal=1 
SequenceNumber=985
UserId=IIS APPPOOL\SaviyntAppPool
HostName=Default Host
HostVersion=5.1.20348.2400
HostId=f3c541f3-0e63-4600-94cc-2871185495fc
HostApplication=c:\windows\system32\inetsrv\w3wp.exe -ap SaviyntAppPool -v v4.0 -l webengine4.dll -a \\.\pipe\iisipmda48f7d4-1272-47ac-ab91-23372cfadce1 -h C:\inetpub\temp\apppools\SaviyntAppPool\SaviyntAppPool.config -w  -m 0
EngineVersion=5.1.20348.2400
RunspaceId=0146ce77-f121-44ca-8eef-b40fd277313f
PipelineId=1
ScriptName=
CommandLine=Set-ADUser K.AD.TEST42 -remove @{proxyaddresses = 'SMTP:K.AD.TEST42@Domian.org'}  
 
Details: 
CommandInvocation(Set-ADUser): "Set-ADUser"
ParameterBinding(Set-ADUser): name="Remove"; value="System.Collections.Hashtable"
ParameterBinding(Set-ADUser): name="Identity"; value="K.AD.TEST42"
TerminatingError(Set-ADUser): "Insufficient access rights to perform the operation"
 
We have configured everything as per the Saviynt documentation, but we are still facing this issue. Can you please check how we can solve this kind of issue?
5 REPLIES 5

rushikeshvartak
All-Star
All-Star
"Authorization":"${access_token} change above line

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

I have tried this, but issue is still same.

Could you kindly provide a detailed snapshot of the information extracted from the logs, encompassing errors and other pertinent functionality details encountered during the execution of this process? Your assistance in furnishing this information would greatly aid in the analysis and resolution of any issues .



‼️‼️⚠️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.⚠️‼️‼️


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Please find attachment for Script JSON, Pending task Comment and Saviynt Log viewer logs.

Is this working from postman ?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.