Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/14/2024 02:21 AM
Hi Everyone,
We are provisioning mailboxes using the out-of-the-box Winconnector. Below is the `CREATEACC` JSON that we are invoking by passing parameters to a PowerShell script. The script is being invoked, but the parameters are not being replaced with their respective values. Instead, they are appearing exactly as they are passed in the script.
For example, `${user.username}` should be replaced with the user's username, but this is not happening.
```json
{
"CREATEACC": [
"script=$pw = convertto-securestring '${PSSCRIPT_PASSWORD}' -asplaintext -force;$mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist 'username',$pw;D:/Scripts/PS-Enable-RemoteMailbox.ps1 -cred $mycred -samAccountName '${user.username}'"
],
"SuccessResponses": [
"Objectreturned",
"List",
"Success",
"TRUE",
"True",
"SUCCESS"
]
}
Could someone please share a working version of the `CREATEACC` JSON to invoke a PowerShell script that enables a mailbox on the Exchange server?
Thanks,
Chirag Gupta
08/14/2024 02:50 AM
@Chirag_Gupta , is the connection working fine ?
Window IIS server setup??
08/14/2024 03:00 AM
Yes, the test connection is working fine, and the CreateAccountJSON is successfully invoking the PowerShell script on the Windows server. However, the parameters being passed from Saviynt to the script are not being replaced with their actual values when we print them in PowerShell.
08/14/2024 03:24 AM
@Chirag_Gupta can you pass the password once hard-coded value??
08/14/2024 04:56 AM
Use below
{
"CREATEACC": ["Script=\$pw = convertto-securestring '${PSSCRIPT_PASSWORD}' -asplaintext -force;\$mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist 'Hi\\\\svc_saviynt_win',\$pw;Invoke-Command -ComputerName 'localhost' -Credential \$mycred -ScriptBlock {C:/Saviynt/SAVPSScript/EnableMailUser.ps1 ${user.username}}"],
"SuccessResponses": ["isMailboxEnabled"]
}
08/14/2024 05:27 AM
Hello @rushikeshvartak
As per your suggestion I tried below JSON:
{
"CREATEACC": ["Script=\$pw = convertto-securestring '${PSSCRIPT_PASSWORD}' -asplaintext -force;\$mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist 'username',\$pw;Invoke-Command -ComputerName 'localhost' -Credential \$mycred -ScriptBlock {D:/Scripts/PS-Enable-RemoteMailbox.ps1 ${user.username}}"],
"SuccessResponses": ["isMailboxEnabled"]
}
We are getting below error
"2024-08-14T12:19:41.294+00:00","ecm-worker","services.WindowsConnectorService","quartzScheduler_Worker-10-bd8vd","ERROR","Error occured in webservice call"
"2024-08-14T12:19:41.678+00:00","ecm-worker","","null-bd8vd","","java.lang.RuntimeException: Failed : HTTP error code : 500 at com.saviynt.ecm.services.WindowsConnectorService.callRestWebService(WindowsConnectorService.groovy:162) at com.saviynt.ecm.services.WindowsConnectorService$_executeTask_closure22_closure45.doCall(WindowsConnectorService.groovy:1318) at com.saviynt.ecm.services.WindowsConnectorService$_executeTask_closure22.doCall(WindowsConnectorService.groovy:1311) at com.saviynt.ecm.services.WindowsConnectorService.executeTask(WindowsConnectorService.groovy:1306) at com.saviynt.ecm.services.WindowsConnectorService$_createAccount_closure17.doCall(WindowsConnectorService.groovy:843) at com.saviynt.ecm.services.WindowsConnectorService.createAccount(WindowsConnectorService.groovy:802) at com.saviynt.ecm.services.ArsTaskService.createAccountTarget(ArsTaskService.groovy:11817) at com.saviynt.ecm.services.ArsTaskHelperService$_whenTaskTypeIsThreeNewAccountAccess_closure50.doCall(ArsTaskHelperService.groovy:3079) at com.saviynt.ecm.services.ArsTaskHelperService.whenTaskTypeIsThreeNewAccountAccess(ArsTaskHelperService.groovy:3070) at com.saviynt.ecm.services.ArsTaskHelperService$_completeAutoProvTasksUpgraded_closure1.doCall(ArsTaskHelperService.groovy:175) at com.saviynt.ecm.services.ArsTaskHelperService.completeAutoProvTasksUpgraded(ArsTaskHelperService.groovy:160) at MultipleProvisioningJob.execute(MultipleProvisioningJob.groovy:222) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)"
"2024-08-14T12:19:41.295+00:00","ecm-worker","services.WindowsConnectorService","quartzScheduler_Worker-10-bd8vd","ERROR","Error occured "
"2024-08-14T12:19:41.678+00:00","ecm-worker","","null-bd8vd","","java.lang.RuntimeException: Failed : HTTP error code : 500 at com.saviynt.ecm.services.WindowsConnectorService.callRestWebService(WindowsConnectorService.groovy:162) at com.saviynt.ecm.services.WindowsConnectorService$_executeTask_closure22_closure45.doCall(WindowsConnectorService.groovy:1318) at com.saviynt.ecm.services.WindowsConnectorService$_executeTask_closure22.doCall(WindowsConnectorService.groovy:1311) at com.saviynt.ecm.services.WindowsConnectorService.executeTask(WindowsConnectorService.groovy:1306) at com.saviynt.ecm.services.WindowsConnectorService$_createAccount_closure17.doCall(WindowsConnectorService.groovy:843) at com.saviynt.ecm.services.WindowsConnectorService.createAccount(WindowsConnectorService.groovy:802) at com.saviynt.ecm.services.ArsTaskService.createAccountTarget(ArsTaskService.groovy:11817) at com.saviynt.ecm.services.ArsTaskHelperService$_whenTaskTypeIsThreeNewAccountAccess_closure50.doCall(ArsTaskHelperService.groovy:3079) at com.saviynt.ecm.services.ArsTaskHelperService.whenTaskTypeIsThreeNewAccountAccess(ArsTaskHelperService.groovy:3070) at com.saviynt.ecm.services.ArsTaskHelperService$_completeAutoProvTasksUpgraded_closure1.doCall(ArsTaskHelperService.groovy:175) at com.saviynt.ecm.services.ArsTaskHelperService.completeAutoProvTasksUpgraded(ArsTaskHelperService.groovy:160) at MultipleProvisioningJob.execute(MultipleProvisioningJob.groovy:222) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)"
I can confirm that there is no issue with Win PS agent deployment as we can run below JSON (direct enable-remote mailbox command) without any issues
{
"CREATEACC": [
"script=\$pw=convertto-securestring '${PSSCRIPT_PASSWORD}' -asplaintext -force;\$mycred=new-object -typename System.Management.Automation.PSCredential-argumentlist '',\$pw;\$Session=New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://hostname/PowerShell/ -Authentication Kerberos -Credential \$mycred;Invoke-Command -Session \$Session -ScriptBlock{enable-remotemailbox -Identity '${user?.systemUserName}' -remoteroutingaddress '${user?.customproperty5}@domain.com'}"
],
"SuccessResponses": [
"Objectreturned",
"List",
"Success",
"TRUE",
"True",
"SUCCESS"
]
}
Thanks,
Chirag
08/14/2024 05:32 AM
{
"CREATEACC": [
"Script=\$pw = convertto-securestring '${PSSCRIPT_PASSWORD}' -asplaintext -force; \$mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist 'username',\$pw; Invoke-Command -ComputerName 'localhost' -Credential \$mycred -ScriptBlock { & { D:/Scripts/PS-Enable-RemoteMailbox.ps1 -UserName '${user.username}' } }"
],
"SuccessResponses": [
"isMailboxEnabled",
"Objectreturned",
"List",
"Success",
"TRUE",
"True",
"SUCCESS"
]
}
08/14/2024 06:28 AM
The script ran successfully in Saviynt. I will verify if the values were passed correctly once I check the logs on the Windows server (though I currently don't have access).
Thanks.
Chirag Gupta
08/14/2024 06:34 AM
Run recon meanwhile to validate same,
08/20/2024 03:38 AM
{
"CREATEACC": [
"Script=\$pw = convertto-securestring '${PSSCRIPT_PASSWORD}' -asplaintext -force;\$mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist 'username',\$pw;D:/Scripts/PS-Enable-RemoteMailbox.ps1 -samAccountName '${user.systemUserName}' -Email '${user.email}' -cred \$mycred"
],
"SuccessResponses": [
"Objectreturned",
"List",
"Success",
"TRUE",
"True",
"SUCCESS"
]
}
the mentioned JSON is working as expected, successfully invoking the PowerShell script and passing the actual values but it isn't invoking the script on the target system.
Thanks,
Chirag Gupta
08/20/2024 06:09 AM
Is the path and all correct?