Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Integrating Saviynt Variables with REST Connector for AD Mailbox Enablement on Exchange Server

Go to solution
kelp984
New Contributor III
New Contributor III

‎01/29/2024 12:08 PM - edited ‎01/29/2024 12:10 PM

I'm currently working on a project where I need to use the REST connector to enable Active Directory mailboxes on an Exchange server. I've written a script that works perfectly in PowerShell and through Postman API calls. However, I'm facing issues when trying to integrate it with Saviynt, particularly with the use of Saviynt variables.

Previously tried WINCONNECTOR with no luck as well (here: Re: Error in using the WIN-PS Connector to enable ... - Saviynt Forums - 71205).

The script works fine with hardcoded values (which I've indicated in bold in the code below), but I'm having trouble figuring out how to correctly call Saviynt variables within this context. When I try to use Saviynt variables, I receive the following error.

Error:

"call1":{"headers":null,"message":{"responseMessage":"\"Exception: Failed error streamThe operation couldn\\u0027t be performed because object \\u0027${user.systemUserName}\\u0027 couldn\\u0027t be found on \\u0027<exchange server>.<domain>.com\\u0027. System.Exception: Failed error streamThe operation couldn\\u0027t be performed because object \\u0027${user.systemUserName}\\u0027 couldn\\u0027t be found on \\u0027<exchange server>.<domain>.com\\u0027.\\r\\n at MVC_FIM.Services.PowerShellService.fnExecuteScript(String ScriptName) System.Exception: Failed error streamThe operation couldn\\u0027t be performed because object \\u0027${user.systemUserName}\\u0027 couldn\\u0027t be found on \\u0027<exchange server>.<domain>.com\\u0027. System.Exception: Failed error streamThe operation couldn\\u0027t be performed because object \\u0027${user.systemUserName}\\u0027 couldn\\u0027t be found on \\u0027<exchange server>.<domain>.com\\u0027.\\r\\n at MVC_FIM.Services.PowerShellService.fnExecuteScript(String ScriptName)\\r\\n at MVC_FIM.Services.PowerShellService.fnExecuteScript(String ScriptName)\""},"statusCode":500,"description":null,"status":"Failed"}}

Connection JSON:

{
"authentications": {
"acctAuth": {
"authType": "Basic",
"url": "<URL>",
"httpMethod": "POST",
"httpParams": {},
"httpHeaders": {},
"httpContentType": "text/html",
"properties": {
"userName": "<<USERNAME>>/token",
"password": "<<PASSWORD>>"
},
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"timeOutError": "Read timed out",
"PS_Password": "<password>", 
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Basic",
"accessToken": "Basic <<TOKEN>>",
"apiRateLimitConfig": {
"retryAfterCalls": 100,
"retryWaitSeconds": 60
}
}
}
}

 

Createaccount JSON:

{
"accountIdPath": "accountName",
"responseColsToPropsMap": {},
"call": [{
"name": "call1",
"connection": "acctAuth",
"url": https://<hostname>/PS/ExecutePSScript,
"httpMethod": "POST",
"httpParams": "{\"Script\":\"$username = '<serviceAccount>'; $password = '${connection.PS_Password}' | ConvertTo-SecureString -AsPlainText -Force; $mycred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ('<domain>.com\\\\<serviceAccount>', $password); $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'http://exchangeServerPlaceholder.domainPlaceholder.com/PowerShell/' -Credential $mycred -Authentication kerberos; Import-PSSession $Session -AllowClobber; $systemUserName = '${user.customproperty20}'; Enable-RemoteMailbox -Identity $systemUserName -RemoteRoutingAddress \\\"$systemUserName@<domain>.mail.onmicrosoft.com\\\" -PrimarySmtpAddress \\\"$systemUserName@<domain>.com\\\"\"}",
"httpHeaders": {
"Authorization": "Basic ________________"
},
"httpContentType": "application/x-www-form-urlencoded",
"SuccessResponses": {
"": [
"Success"
]
},
"unsuccessResponses": {
"responseMessage": [
"\"Failed\"",
"\"Powershell script taking too long Sample input: Invoke-Command -ComputerName \\\"<computer name>\\\" -ScriptBlock {command to execute} -Credential $Cred\""
]
}
}]
}

From the error, it seems like the ${user.systemUserName} variable isn't being recognized or properly passed through the script. This is crucial for dynamically setting up mailboxes based on user data.

Has anyone encountered a similar issue or knows how to correctly integrate Saviynt variables with the REST connector in this context? Any insights or suggestions would be greatly appreciated!

Thank you in advance for your help!

Labels:
0 Kudos
9 REPLIES 9

Go to solution
rushikeshvartak
All-Star
All-Star

‎01/29/2024 12:11 PM - edited ‎01/29/2024 12:15 PM

try ${user.systemUserName}

if you are above 23.10 then 

${usersObj?.systemUserName}

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
kelp984
New Contributor III
New Contributor III
In response to rushikeshvartak

‎01/29/2024 04:14 PM - edited ‎01/29/2024 04:15 PM

I tried $systemUserName = ${user.systemUserName} and \\u0024{user.systemUserName} and 
${usersObj?.systemUserName}, they all returned the same error. But I think we are close! Any chance we can use the accountName? Just to brainstorm. 

Error:

{"call1":{"headers":null,"message":{"responseMessage":"\"Exception: Failed error streamCannot bind argument to parameter \\u0027Identity\\u0027 because it is null. System.Exception: Failed error streamCannot bind argument to parameter \\u0027Identity\\u0027 because it is null.\\r\\n at MVC_FIM.Services.PowerShellService.fnExecuteScript(String ScriptName) System.Exception: Failed error streamCannot bind argument to parameter \\u0027Identity\\u0027 because it is null. System.Exception: Failed error streamCannot bind argument to parameter \\u0027Identity\\u0027 because it is null.\\r\\n at MVC_FIM.Services.PowerShellService.fnExecuteScript(String ScriptName)\\r\\n at MVC_FIM.Services.PowerShellService.fnExecuteScript(String ScriptName)\""},"statusCode":500,"description":null,"status":"Failed"}}

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to kelp984

‎01/29/2024 04:20 PM

Try

user.systemusername


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
kelp984
New Contributor III
New Contributor III
In response to rushikeshvartak

‎01/29/2024 04:34 PM

Error:

"call1":{"headers":null,"message":{"responseMessage":"\"Exception: Failed error streamThe term \\u0027user.systemUserName\\u0027 is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.Cannot bind argument to parameter \\u0027Identity\\u0027 because it is null. System.Exception: Failed error streamThe term \\u0027user.systemUserName\\u0027 is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.Cannot bind argument to parameter \\u0027Identity\\u0027 because it is null.\\r\\n at MVC_FIM.Services.PowerShellService.fnExecuteScript(String ScriptName) System.Exception: Failed error streamThe term \\u0027user.systemUserName\\u0027 is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.Cannot bind argument to parameter \\u0027Identity\\u0027 because it is null. System.Exception: Failed error streamThe term \\u0027user.systemUserName\\u0027 is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.Cannot bind argument to parameter \\u0027Identity\\u0027 because it is null.\\r\\n at MVC_FIM.Services.PowerShellService.fnExecuteScript(String ScriptName)\\r\\n at MVC_FIM.Services.PowerShellService.fnExecuteScript(String ScriptName)\""},"statusCode":500,"description":null,"status":"Failed"}}

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to kelp984

‎01/29/2024 07:30 PM

${accountName}


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
kelp984
New Contributor III
New Contributor III
In response to rushikeshvartak

‎01/30/2024 07:37 AM

Hi,

Thank you for your input. It still does not work. Since the code is excapsulated in 2 levels of escaped quotation marks, like this " \"<scriptcontent>\" ", is Saviynt passing the entire string to Powershell without detecting the binding variables?

0 Kudos

Go to solution
Vedanth-BK
Regular Contributor
Regular Contributor

‎01/29/2024 10:59 PM

Hi @kelp984 

Please escape the $ which are not part of the binding variables. 
example : $mycred  =  \\$mycred
                   $username = \\$username
Thank you,

Vedanth 

Thank you
Vedanth B.K

Go to solution
kelp984
New Contributor III
New Contributor III
In response to Vedanth-BK

‎01/30/2024 07:33 AM - edited ‎01/30/2024 07:33 AM

Hi Vedanth,

The rest of the code works with hardcoded systemUserName and Password, even without escaping the $.

0 Kudos

Go to solution
kelp984
New Contributor III
New Contributor III

‎01/30/2024 11:52 AM - edited ‎01/30/2024 02:33 PM

Hi,

After some trial and error, I've discovered that the key lies in the correct usage of escaping characters, particularly the dollar sign ($). Here's the updated code that worked for me (using the same Connection JSON as before):

Create Account JSON:

{
"accountIdPath": "accountName",
"responseColsToPropsMap": {},
"call": [{
"name": "call1",
"connection": "acctAuth",
"url": https://<hostname>/PS/ExecutePSScript,
"httpMethod": "POST",
"httpParams": "{\"Script\":\"\\$password = '${connection.PS_Password}' | ConvertTo-SecureString -AsPlainText -Force; $mycred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ('<DOMAIN>.com\\\\\\\\<SERVICEACCOUNT>', \\$password); \\$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'http://exchangeServerPlaceholder.domainPlaceholder.com/PowerShell/' -Credential $mycred -Authentication kerberos; Import-PSSession \\$Session -AllowClobber; \\$systemUserName = '${user.systemUserName}'; Enable-RemoteMailbox -Identity \\$systemUserName -RemoteRoutingAddress \\\"$systemUserName@<DOMAIN>.mail.onmicrosoft.com\\\" -PrimarySmtpAddress \\\"$systemUserName@<DOMAIN>.com\\\"\"}",
"httpHeaders": {
"Authorization": "Basic ________________"
},
"httpContentType": "application/x-www-form-urlencoded",
"SuccessResponses": {
"": [
"Success"
]
},
"unsuccessResponses": {
"responseMessage": [
"\"Failed\"",
"\"Powershell script taking too long Sample input: Invoke-Command -ComputerName \\\"<COMPUTERNAME>\\\" -ScriptBlock {command to execute} -Credential $Cred\""
]
}
}]
}

The crucial insight was this: When the dollar sign is not escaped, Saviynt seems to interpret the script as a plain string and passes it directly to PowerShell. This means that any Saviynt variables included without escaping are not recognized as dynamic variables, but it would work with hardcoded values.

However, it's important to note that every other double backsalsh (\\) also needs to be escaped with an additional double backslash (for example, escape '\\' using '\\\\', or escape '\\\\' using'\\\\\\\\'). This allows for the correct interpretation of the script and proper handling of Saviynt variables.

I hope this solution can help others who might be facing similar challenges. If anyone has further insights or suggestions, please feel free to share!

 

Copyright © 2024 Khoros, LLC