Saviynt Forums

So I have the connection configured and test connection works. But how do i configure an update rule to actually call the SCRIPT_TO_EXECUTE? I don't need to create accounts or anything, just run a couple PS commands to enable mailboxes.

I've reviewed that documentation already but did not see anything that would answer my questions. I have SCRIPT_TO_EXECUTE populated with the script to run. I don't an appropriate action in the user update rules to trigger that SCRIPT_TO_EXECUTE though. Do I need to configure the createAccountJson with my script instead? Or is there some other action option to select?

So I should be using one of the create/enable/disable/update JSON configs instead of the SCRIPT_To_Execute? In this case likely enable config.

So I guess I don't understand what the script_to_execute json is used for then nor how its triggered? I should be using say enable in this instance? 

Does this config look correct for enableaccountjson? {
"ENABLEACC": [
"Script=Enable-RemoteMailbox -Identity '${account.accountID}' -RemoteRoutingAddress '${user.systemusername}@blah.mail.onmicrosoft.com'", "Script=Enable-RemoteMailbox -Identity '${user.systemusername}' -Archive"
]
}

Or Do I need to list multiple commands differently?

You can try putting the powershell script under WINCONNECTOR,
"SCRIPT_TO_EXECUTE_JSON"

[ "Script=\$pw = convertto-securestring 'password1234' -asplaintext -force;\$mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist 'khalid.akhter',\$pw;Invoke-Command -ComputerName 'saviyntdc01' -Credential \$mycred -ScriptBlock {Get-WmiObject -Class Win32_UserAccount | select -First 100}"]

https://forums.saviynt.com/t5/identity-governance/exchange-reconciliation-using-win-ps-connector/m-p...

I guess I don't understand what Script_To_Execute is being used for nor how to actually trigger it. Is that code just executed during import? I am not trying to create accounts, recon users/accounts. I jsut want to run a couple enable-remote mailbox commands on new AD accounts that are being provisioned via an AD connection. Its sounding like I just need to put the config into enable account json and write a user update rule to enable the account(that does not exist in winps but in AD). I don't see any option in the user update rule actions list that will trigger the code in Script_To_Execute json. Is that a fair assumption?

Script_To_Execute  is called during import to fetch data using command provided. You can' trigger same user update rule as its import.

Ok, got it, that part is clear now. So I will need to put the code in say EnableAccountJson to trigger it via user update rule.

First you need to create application import data further you can enable mailbox.

Not sure I follow. Why do I need to create the configs to import accounts if there are no accounts to import? They will all just exist in AD on prem.

If you don't have account then on which data you will trigger enable account json from win connector ?

Am I not able to just call the enable account json even if there is no associated account? The systemusername on the user record would be passed to these scripts so I don't actually need any account related values. Will that not work how I think? If not, I am not seeing how I can just use the connector to run some PS commands. I don't want to import any accounts or create anything like that.

You need account to process tasks.

You can refer documentation on detailed on how to import.

Ok so, it looks like there is no way to just have the connector execute some PS commands or trigger a script remotely without either creating an account or having an account associated with this connection/endpoint?

There are no accounts to manage unless the expectation is to import all the on prem AD accounts using this connector as well to then be able perform any operations?

yes u need account and on prem data