Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Mailbox provisioning CreateAccountJson for Winconnector

Chirag_Gupta
New Contributor III
New Contributor III

Hi Everyone,

We are provisioning mailboxes using the out-of-the-box Winconnector. Below is the `CREATEACC` JSON that we are invoking by passing parameters to a PowerShell script. The script is being invoked, but the parameters are not being replaced with their respective values. Instead, they are appearing exactly as they are passed in the script.

For example, `${user.username}` should be replaced with the user's username, but this is not happening.

```json
{
"CREATEACC": [
"script=$pw = convertto-securestring '${PSSCRIPT_PASSWORD}' -asplaintext -force;$mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist 'username',$pw;D:/Scripts/PS-Enable-RemoteMailbox.ps1 -cred $mycred -samAccountName '${user.username}'"
],
"SuccessResponses": [
"Objectreturned",
"List",
"Success",
"TRUE",
"True",
"SUCCESS"
]
}

Could someone please share a working version of the `CREATEACC` JSON to invoke a PowerShell script that enables a mailbox on the Exchange server?

Thanks,

Chirag Gupta

10 REPLIES 10

NM
Honored Contributor II
Honored Contributor II

@Chirag_Gupta , is the connection working fine ?

Window IIS server setup??

Chirag_Gupta
New Contributor III
New Contributor III

Yes, the test connection is working fine, and the CreateAccountJSON is successfully invoking the PowerShell script on the Windows server. However, the parameters being passed from Saviynt to the script are not being replaced with their actual values when we print them in PowerShell.

NM
Honored Contributor II
Honored Contributor II

@Chirag_Gupta can you pass the password once hard-coded value??

rushikeshvartak
All-Star
All-Star

Use below 

{
"CREATEACC": ["Script=\$pw = convertto-securestring '${PSSCRIPT_PASSWORD}' -asplaintext -force;\$mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist 'Hi\\\\svc_saviynt_win',\$pw;Invoke-Command -ComputerName 'localhost' -Credential \$mycred -ScriptBlock {C:/Saviynt/SAVPSScript/EnableMailUser.ps1 ${user.username}}"],
"SuccessResponses": ["isMailboxEnabled"]
}


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Chirag_Gupta
New Contributor III
New Contributor III

Hello @rushikeshvartak 

As per your suggestion I tried below JSON:

{
"CREATEACC": ["Script=\$pw = convertto-securestring '${PSSCRIPT_PASSWORD}' -asplaintext -force;\$mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist 'username',\$pw;Invoke-Command -ComputerName 'localhost' -Credential \$mycred -ScriptBlock {D:/Scripts/PS-Enable-RemoteMailbox.ps1 ${user.username}}"],
"SuccessResponses": ["isMailboxEnabled"]
}

We are getting below error

"2024-08-14T12:19:41.294+00:00","ecm-worker","services.WindowsConnectorService","quartzScheduler_Worker-10-bd8vd","ERROR","Error occured in webservice call"
"2024-08-14T12:19:41.678+00:00","ecm-worker","","null-bd8vd","","java.lang.RuntimeException: Failed : HTTP error code : 500  at com.saviynt.ecm.services.WindowsConnectorService.callRestWebService(WindowsConnectorService.groovy:162)  at com.saviynt.ecm.services.WindowsConnectorService$_executeTask_closure22_closure45.doCall(WindowsConnectorService.groovy:1318)  at com.saviynt.ecm.services.WindowsConnectorService$_executeTask_closure22.doCall(WindowsConnectorService.groovy:1311)  at com.saviynt.ecm.services.WindowsConnectorService.executeTask(WindowsConnectorService.groovy:1306)  at com.saviynt.ecm.services.WindowsConnectorService$_createAccount_closure17.doCall(WindowsConnectorService.groovy:843)  at com.saviynt.ecm.services.WindowsConnectorService.createAccount(WindowsConnectorService.groovy:802)  at com.saviynt.ecm.services.ArsTaskService.createAccountTarget(ArsTaskService.groovy:11817)  at com.saviynt.ecm.services.ArsTaskHelperService$_whenTaskTypeIsThreeNewAccountAccess_closure50.doCall(ArsTaskHelperService.groovy:3079)  at com.saviynt.ecm.services.ArsTaskHelperService.whenTaskTypeIsThreeNewAccountAccess(ArsTaskHelperService.groovy:3070)  at com.saviynt.ecm.services.ArsTaskHelperService$_completeAutoProvTasksUpgraded_closure1.doCall(ArsTaskHelperService.groovy:175)  at com.saviynt.ecm.services.ArsTaskHelperService.completeAutoProvTasksUpgraded(ArsTaskHelperService.groovy:160)  at MultipleProvisioningJob.execute(MultipleProvisioningJob.groovy:222)  at org.quartz.core.JobRunShell.run(JobRunShell.java:199)  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)"
"2024-08-14T12:19:41.295+00:00","ecm-worker","services.WindowsConnectorService","quartzScheduler_Worker-10-bd8vd","ERROR","Error occured "
"2024-08-14T12:19:41.678+00:00","ecm-worker","","null-bd8vd","","java.lang.RuntimeException: Failed : HTTP error code : 500  at com.saviynt.ecm.services.WindowsConnectorService.callRestWebService(WindowsConnectorService.groovy:162)  at com.saviynt.ecm.services.WindowsConnectorService$_executeTask_closure22_closure45.doCall(WindowsConnectorService.groovy:1318)  at com.saviynt.ecm.services.WindowsConnectorService$_executeTask_closure22.doCall(WindowsConnectorService.groovy:1311)  at com.saviynt.ecm.services.WindowsConnectorService.executeTask(WindowsConnectorService.groovy:1306)  at com.saviynt.ecm.services.WindowsConnectorService$_createAccount_closure17.doCall(WindowsConnectorService.groovy:843)  at com.saviynt.ecm.services.WindowsConnectorService.createAccount(WindowsConnectorService.groovy:802)  at com.saviynt.ecm.services.ArsTaskService.createAccountTarget(ArsTaskService.groovy:11817)  at com.saviynt.ecm.services.ArsTaskHelperService$_whenTaskTypeIsThreeNewAccountAccess_closure50.doCall(ArsTaskHelperService.groovy:3079)  at com.saviynt.ecm.services.ArsTaskHelperService.whenTaskTypeIsThreeNewAccountAccess(ArsTaskHelperService.groovy:3070)  at com.saviynt.ecm.services.ArsTaskHelperService$_completeAutoProvTasksUpgraded_closure1.doCall(ArsTaskHelperService.groovy:175)  at com.saviynt.ecm.services.ArsTaskHelperService.completeAutoProvTasksUpgraded(ArsTaskHelperService.groovy:160)  at MultipleProvisioningJob.execute(MultipleProvisioningJob.groovy:222)  at org.quartz.core.JobRunShell.run(JobRunShell.java:199)  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)"

I can confirm that there is no issue with Win PS agent deployment as we can run below JSON (direct enable-remote mailbox command) without any issues 

{
"CREATEACC": [
"script=\$pw=convertto-securestring '${PSSCRIPT_PASSWORD}' -asplaintext -force;\$mycred=new-object -typename System.Management.Automation.PSCredential-argumentlist '',\$pw;\$Session=New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://hostname/PowerShell/ -Authentication Kerberos -Credential \$mycred;Invoke-Command -Session \$Session -ScriptBlock{enable-remotemailbox -Identity '${user?.systemUserName}' -remoteroutingaddress '${user?.customproperty5}@domain.com'}"
],
"SuccessResponses": [
"Objectreturned",
"List",
"Success",
"TRUE",
"True",
"SUCCESS"
]
}

Thanks,

Chirag

{
"CREATEACC": [
"Script=\$pw = convertto-securestring '${PSSCRIPT_PASSWORD}' -asplaintext -force; \$mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist 'username',\$pw; Invoke-Command -ComputerName 'localhost' -Credential \$mycred -ScriptBlock { & { D:/Scripts/PS-Enable-RemoteMailbox.ps1 -UserName '${user.username}' } }"
],
"SuccessResponses": [
"isMailboxEnabled",
"Objectreturned",
"List",
"Success",
"TRUE",
"True",
"SUCCESS"
]
}


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Chirag_Gupta
New Contributor III
New Contributor III

The script ran successfully in Saviynt. I will verify if the values were passed correctly once I check the logs on the Windows server (though I currently don't have access).

Thanks.

Chirag Gupta

Run recon meanwhile to validate same,


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Chirag_Gupta
New Contributor III
New Contributor III

{
  "CREATEACC": [
    "Script=\$pw = convertto-securestring '${PSSCRIPT_PASSWORD}' -asplaintext -force;\$mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist 'username',\$pw;D:/Scripts/PS-Enable-RemoteMailbox.ps1 -samAccountName '${user.systemUserName}' -Email '${user.email}' -cred \$mycred"
  ],
  "SuccessResponses": [
"Objectreturned",
"List",
"Success",
"TRUE",
"True",
"SUCCESS"
]
}

the mentioned JSON is working as expected, successfully invoking the PowerShell script and passing the actual values but it isn't invoking the script on the target system.

Thanks,

Chirag Gupta

Is the path and all correct?

  • Please share logs

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.