and more in a single search tool across platforms. Read the announcement here. |
01/29/2024 12:08 PM - edited 01/29/2024 12:10 PM
I'm currently working on a project where I need to use the REST connector to enable Active Directory mailboxes on an Exchange server. I've written a script that works perfectly in PowerShell and through Postman API calls. However, I'm facing issues when trying to integrate it with Saviynt, particularly with the use of Saviynt variables.
Previously tried WINCONNECTOR with no luck as well (here: Re: Error in using the WIN-PS Connector to enable ... - Saviynt Forums - 71205).
The script works fine with hardcoded values (which I've indicated in bold in the code below), but I'm having trouble figuring out how to correctly call Saviynt variables within this context. When I try to use Saviynt variables, I receive the following error.
Error:
"call1":{"headers":null,"message":{"responseMessage":"\"Exception: Failed error streamThe operation couldn\\u0027t be performed because object \\u0027${user.systemUserName}\\u0027 couldn\\u0027t be found on \\u0027<exchange server>.<domain>.com\\u0027. System.Exception: Failed error streamThe operation couldn\\u0027t be performed because object \\u0027${user.systemUserName}\\u0027 couldn\\u0027t be found on \\u0027<exchange server>.<domain>.com\\u0027.\\r\\n at MVC_FIM.Services.PowerShellService.fnExecuteScript(String ScriptName) System.Exception: Failed error streamThe operation couldn\\u0027t be performed because object \\u0027${user.systemUserName}\\u0027 couldn\\u0027t be found on \\u0027<exchange server>.<domain>.com\\u0027. System.Exception: Failed error streamThe operation couldn\\u0027t be performed because object \\u0027${user.systemUserName}\\u0027 couldn\\u0027t be found on \\u0027<exchange server>.<domain>.com\\u0027.\\r\\n at MVC_FIM.Services.PowerShellService.fnExecuteScript(String ScriptName)\\r\\n at MVC_FIM.Services.PowerShellService.fnExecuteScript(String ScriptName)\""},"statusCode":500,"description":null,"status":"Failed"}}
Connection JSON:
{
"authentications": {
"acctAuth": {
"authType": "Basic",
"url": "<URL>",
"httpMethod": "POST",
"httpParams": {},
"httpHeaders": {},
"httpContentType": "text/html",
"properties": {
"userName": "<<USERNAME>>/token",
"password": "<<PASSWORD>>"
},
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"timeOutError": "Read timed out",
"PS_Password": "<password>",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Basic",
"accessToken": "Basic <<TOKEN>>",
"apiRateLimitConfig": {
"retryAfterCalls": 100,
"retryWaitSeconds": 60
}
}
}
}
Createaccount JSON:
{
"accountIdPath": "accountName",
"responseColsToPropsMap": {},
"call": [{
"name": "call1",
"connection": "acctAuth",
"url": https://<hostname>/PS/ExecutePSScript,
"httpMethod": "POST",
"httpParams": "{\"Script\":\"$username = '<serviceAccount>'; $password = '${connection.PS_Password}' | ConvertTo-SecureString -AsPlainText -Force; $mycred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ('<domain>.com\\\\<serviceAccount>', $password); $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'http://exchangeServerPlaceholder.domainPlaceholder.com/PowerShell/' -Credential $mycred -Authentication kerberos; Import-PSSession $Session -AllowClobber; $systemUserName = '${user.customproperty20}'; Enable-RemoteMailbox -Identity $systemUserName -RemoteRoutingAddress \\\"$systemUserName@<domain>.mail.onmicrosoft.com\\\" -PrimarySmtpAddress \\\"$systemUserName@<domain>.com\\\"\"}",
"httpHeaders": {
"Authorization": "Basic ________________"
},
"httpContentType": "application/x-www-form-urlencoded",
"SuccessResponses": {
"": [
"Success"
]
},
"unsuccessResponses": {
"responseMessage": [
"\"Failed\"",
"\"Powershell script taking too long Sample input: Invoke-Command -ComputerName \\\"<computer name>\\\" -ScriptBlock {command to execute} -Credential $Cred\""
]
}
}]
}
From the error, it seems like the ${user.systemUserName} variable isn't being recognized or properly passed through the script. This is crucial for dynamically setting up mailboxes based on user data.
Has anyone encountered a similar issue or knows how to correctly integrate Saviynt variables with the REST connector in this context? Any insights or suggestions would be greatly appreciated!
Thank you in advance for your help!
Solved! Go to Solution.
01/29/2024 12:11 PM - edited 01/29/2024 12:15 PM
try ${user.systemUserName}
if you are above 23.10 then
${usersObj?.systemUserName} |
01/29/2024 04:14 PM - edited 01/29/2024 04:15 PM
I tried $systemUserName = ${user.systemUserName} and \\u0024{user.systemUserName} and
${usersObj?.systemUserName}, they all returned the same error. But I think we are close! Any chance we can use the accountName? Just to brainstorm.
Error:
{"call1":{"headers":null,"message":{"responseMessage":"\"Exception: Failed error streamCannot bind argument to parameter \\u0027Identity\\u0027 because it is null. System.Exception: Failed error streamCannot bind argument to parameter \\u0027Identity\\u0027 because it is null.\\r\\n at MVC_FIM.Services.PowerShellService.fnExecuteScript(String ScriptName) System.Exception: Failed error streamCannot bind argument to parameter \\u0027Identity\\u0027 because it is null. System.Exception: Failed error streamCannot bind argument to parameter \\u0027Identity\\u0027 because it is null.\\r\\n at MVC_FIM.Services.PowerShellService.fnExecuteScript(String ScriptName)\\r\\n at MVC_FIM.Services.PowerShellService.fnExecuteScript(String ScriptName)\""},"statusCode":500,"description":null,"status":"Failed"}}
01/29/2024 04:20 PM
Try
user.systemusername
01/29/2024 04:34 PM
Error:
"call1":{"headers":null,"message":{"responseMessage":"\"Exception: Failed error streamThe term \\u0027user.systemUserName\\u0027 is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.Cannot bind argument to parameter \\u0027Identity\\u0027 because it is null. System.Exception: Failed error streamThe term \\u0027user.systemUserName\\u0027 is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.Cannot bind argument to parameter \\u0027Identity\\u0027 because it is null.\\r\\n at MVC_FIM.Services.PowerShellService.fnExecuteScript(String ScriptName) System.Exception: Failed error streamThe term \\u0027user.systemUserName\\u0027 is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.Cannot bind argument to parameter \\u0027Identity\\u0027 because it is null. System.Exception: Failed error streamThe term \\u0027user.systemUserName\\u0027 is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.Cannot bind argument to parameter \\u0027Identity\\u0027 because it is null.\\r\\n at MVC_FIM.Services.PowerShellService.fnExecuteScript(String ScriptName)\\r\\n at MVC_FIM.Services.PowerShellService.fnExecuteScript(String ScriptName)\""},"statusCode":500,"description":null,"status":"Failed"}}
01/29/2024 07:30 PM
${accountName}
01/30/2024 07:37 AM
Hi,
Thank you for your input. It still does not work. Since the code is excapsulated in 2 levels of escaped quotation marks, like this " \"<scriptcontent>\" ", is Saviynt passing the entire string to Powershell without detecting the binding variables?
01/29/2024 10:59 PM
Hi @kelp984
Please escape the $ which are not part of the binding variables.
example : $mycred = \\$mycred
$username = \\$username
Thank you,
Vedanth
01/30/2024 07:33 AM - edited 01/30/2024 07:33 AM
Hi Vedanth,
The rest of the code works with hardcoded systemUserName and Password, even without escaping the $.
01/30/2024 11:52 AM - edited 01/30/2024 02:33 PM
Hi,
After some trial and error, I've discovered that the key lies in the correct usage of escaping characters, particularly the dollar sign ($). Here's the updated code that worked for me (using the same Connection JSON as before):
Create Account JSON:
{
"accountIdPath": "accountName",
"responseColsToPropsMap": {},
"call": [{
"name": "call1",
"connection": "acctAuth",
"url": https://<hostname>/PS/ExecutePSScript,
"httpMethod": "POST",
"httpParams": "{\"Script\":\"\\$password = '${connection.PS_Password}' | ConvertTo-SecureString -AsPlainText -Force; $mycred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ('<DOMAIN>.com\\\\\\\\<SERVICEACCOUNT>', \\$password); \\$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'http://exchangeServerPlaceholder.domainPlaceholder.com/PowerShell/' -Credential $mycred -Authentication kerberos; Import-PSSession \\$Session -AllowClobber; \\$systemUserName = '${user.systemUserName}'; Enable-RemoteMailbox -Identity \\$systemUserName -RemoteRoutingAddress \\\"$systemUserName@<DOMAIN>.mail.onmicrosoft.com\\\" -PrimarySmtpAddress \\\"$systemUserName@<DOMAIN>.com\\\"\"}",
"httpHeaders": {
"Authorization": "Basic ________________"
},
"httpContentType": "application/x-www-form-urlencoded",
"SuccessResponses": {
"": [
"Success"
]
},
"unsuccessResponses": {
"responseMessage": [
"\"Failed\"",
"\"Powershell script taking too long Sample input: Invoke-Command -ComputerName \\\"<COMPUTERNAME>\\\" -ScriptBlock {command to execute} -Credential $Cred\""
]
}
}]
}
The crucial insight was this: When the dollar sign is not escaped, Saviynt seems to interpret the script as a plain string and passes it directly to PowerShell. This means that any Saviynt variables included without escaping are not recognized as dynamic variables, but it would work with hardcoded values.
However, it's important to note that every other double backsalsh (\\) also needs to be escaped with an additional double backslash (for example, escape '\\' using '\\\\', or escape '\\\\' using'\\\\\\\\'). This allows for the correct interpretation of the script and proper handling of Saviynt variables.
I hope this solution can help others who might be facing similar challenges. If anyone has further insights or suggestions, please feel free to share!