Click HERE to see how Saviynt Intelligence is transforming the industry. |
07/30/2024 04:54 AM
Hi Team,
In Exchange integration for mailbox management, we are inovking the following script as a httpParams via REST. The requirement is
1. Scan the given folder and remove any files older than 30 days
2. Check if mailbox already exists if not enable mailbox
3. Generate logs for the transactions
With below script, i am seeing following error,
{"message":"Unrecognized character escape '$' (code 36)\n at [Source: {\"script\":\"\\$systemDate = Get-Date; \\$systemDateString = (Get-Date).ToString('yyyy-MM-dd'); \\$LogFileDirectory = 'D:\\\\\\Logs\\\\\\ps'; \\$AgeLimit = 30; \\$LogFiles = Get-ChildItem -Path \\$LogFileDirectory -File; foreach (\\$LogFile in \\$LogFiles) { \\$FileAge = \\$SystemDate - \\$LogFile.LastWriteTime; if (\\$FileAge.TotalDays -gt \\$AgeLimit) { Remove-Item -Path \\$LogFile.FullName -Force; } };\\$Password = '${connection.PS_Password}' | ConvertTo-SecureString -AsPlainText -Force; \\$mycred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ('${connection.PS_Username}', \\$Password); \\$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'http://exchange/PowerShell/' -Authentication Kerberos -Credential \\$mycred; Import-PSSession -Session \\$Session -DisableNameChecking -AllowClobber;\\$samAccountName = '${user?.systemUserName}';if (\\$Session) { \\$LogFile = \\$LogFileDirectory + '\\\\ExecutionLog_' + \\$systemDateString + '.log'; \\$mailbox = Get-RemoteMailbox -Identity \\$samAccountName -ErrorAction SilentlyContinue; \\$startTime = Get-Date -Format 'MM/dd/yyyy HH:mm K'; \\$Logs = if (\\$mailbox) { 'Mailbox already exists for: ' + \\$samAccountName; } else { 'User RemoteRoutingAddress: ' + \\$RemoteRoutingAddress; 'User Primary SMTP Address: ' + \\$PrimarySMTP; 'Mailbox does not exist for: ' + \\$samAccountName; Enable-RemoteMailbox -Identity '${user?.systemUserName}' -RemoteRoutingAddress '${user?.email}.Split('@')[0]@Domain.mail.onmicrosoft.com'; if (\\$?) { 'Success::Enabled mailbox for user: ' + \\$samAccountName; } else { 'ERROR::while enabling mailbox for user: ' + \\$samAccountName; } }; Write-Output \\\"\\$startTime, \\$samAccountName, \\$Logs\\\" | Out-File -FilePath \\$LogFile -Append;Remove-PSSession -Session \\$Session;}\"}; line: 1, column: 14]","status":"Failed"}
{
"accountIdPath": "accountName",
"responseColsToPropsMap": {},
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "https://Windowser:443/Saviynt/PS/ExecutePSScript",
"httpMethod": "POST",
"httpParams": "{\"script\":\"\\$systemDate = Get-Date; \\$systemDateString = (Get-Date).ToString('yyyy-MM-dd'); \\$LogFileDirectory = 'D:\\\\Logs\\\\ps'; \\$AgeLimit = 30; \\$LogFiles = Get-ChildItem -Path \\$LogFileDirectory -File; foreach (\\$LogFile in \\$LogFiles) { \\$FileAge = \\$SystemDate - \\$LogFile.LastWriteTime; if (\\$FileAge.TotalDays -gt \\$AgeLimit) { Remove-Item -Path \\$LogFile.FullName -Force; } };\\$Password = '${connection.PS_Password}' | ConvertTo-SecureString -AsPlainText -Force; \\$mycred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ('${connection.PS_Username}', \\$Password); \\$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'http://Exchange/PowerShell/' -Authentication Kerberos -Credential \\$mycred; Import-PSSession -Session \\$Session -DisableNameChecking -AllowClobber;\\$samAccountName = '${user?.systemUserName}';if (\\$Session) { \\$LogFile = \\$LogFileDirectory + '\\\\ExecutionLog_' + \\$systemDateString + '.log'; \\$mailbox = Get-RemoteMailbox -Identity \\$samAccountName -ErrorAction SilentlyContinue; \\$startTime = Get-Date -Format 'MM/dd/yyyy HH:mm K'; \\$Logs = if (\\$mailbox) { 'Mailbox already exists for: ' + \\$samAccountName; } else { 'User RemoteRoutingAddress: ' + \\$RemoteRoutingAddress; 'User Primary SMTP Address: ' + \\$PrimarySMTP; 'Mailbox does not exist for: ' + \\$samAccountName; Enable-RemoteMailbox -Identity '${user?.systemUserName}' -RemoteRoutingAddress '${user?.email}.Split('@')[0]@domain.mail.onmicrosoft.com'; if (\\$?) { 'Success::Enabled mailbox for user: ' + \\$samAccountName; } else { 'ERROR::while enabling mailbox for user: ' + \\$samAccountName; } }; Write-Output \\\"\\$startTime, \\$samAccountName, \\$Logs\\\" | Out-File -FilePath \\$LogFile -Append;Remove-PSSession -Session \\$Session;}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"response[9].Objectreturned": [
"Success"
]
},
"unsuccessResponses": {
"response[9].Objectreturned": [
"Failure"
]
}
}
]
}
Wanted to understand, if it is feasible to have the complext PowerShell script in httpParams ? Thanks for help
Thanks,
Chirag Gupta
07/31/2024 10:49 PM
Hello @Chirag_Gupta,
Yes, this should be feasible, you need to check in the target if you are able to execute this powershell script in your end before running on the saviynt.
Thanks.
07/31/2024 11:38 PM
Hello @sudeshjaiswal
We're successfully running our PowerShell script as expected, but now we aim to execute the entire script as a parameter within a single payload. Can you please share a sample with a complex logic executed as a command? Your assistance would be greatly appreciated.
Thanks,
Chirag Gupta