Custom Orchestration Activity - Query AD for Groups User is a Member Of

Go to solution
Steven Parker
Giga Sage

‎01-02-2019 07:30 AM

So we use Orchestration for a few things in our instance.  We use the out of the box Add User to Group, Update AD Object, another custom activity, etc...

What I am trying to do now is a custom Powershell command to pull back the names of the groups a user belongs to in AD.  Here is what I'm trying:

find_real_file.png

I've tried the following as well:

Get-ADPrincipalGroupMembership ${activityInput.username} | select name

Get-ADPrincipalGroupMembership -server ldap.*****.******* -identity ${activityInput.username} | select name

 

I keep getting "The RPC Server is unavailable".  We are using the same Orchestration server we use for everything else...the same credentials for AD that we use for everything else.  Why am I getting "The RPC Server is unavailable"?  Below is the error, and it is using the correct service account for credentials:

find_real_file.png


Please mark this response as correct and/or helpful if it assisted you with your question.
Steven
Preview file
63 KB
Preview file
51 KB
0 Helpfuls
  • 3,601 Views
1 ACCEPTED SOLUTION

Go to solution
Community Alums
Not applicable
In response to Steven Parker

‎01-07-2019 08:05 AM

On the Outputs screen you define the output variable as activityOutput.Output1, so you will probably need to use: 

var ADGroupOutput = data.get(16).Output1;
workflow.scratchpad.ADActivityOutput = ADGroupOutput;
gs.log("Run Script Log: " + workflow.scratchpad.ADActivityOutput);

 

If you navigate to the Data tab on the top right of the Workflow Editor, you should be able to confirm the databus number and output variables there.  For example, for the below custom Orchestration activity, I get the output using data.get(88).answer.  

find_real_file.png

View solution in original post

Preview file
3 KB
0 Helpfuls
18 REPLIES 18

Go to solution
Community Alums
Not applicable

‎01-02-2019 08:11 AM

Try running it with "Use MID Service Account" checked.  

0 Helpfuls

Go to solution
Steven Parker
Giga Sage
In response to Community Alums

‎01-02-2019 12:58 PM

I can't do that because the Mid Server Service account won't be able to access AD.  I tried it and it can't even access the AD Server.  The activity is attempting to use the correct credential account we use for all other AD orchestration, but I am getting "RPC Server unavailable.." which I don't know what that means.


Please mark this response as correct and/or helpful if it assisted you with your question.
Steven
0 Helpfuls

Go to solution
SanjivMeher
Kilo Patron
Kilo Patron

‎01-02-2019 02:22 PM

But which domain controller you are running it on? I think it is trying to say is the Remote computer is not available.


Please mark this response as correct or helpful if it assisted you with your question.
0 Helpfuls

Go to solution
codycotulla
Tera Guru

‎01-02-2019 04:09 PM

Hi Steven,

Try using Invoke-Command

Invoke-Command -ScriptBlock {Get-ADPrincipalGroupMembership -identity ${activityInput.username} | select name}

 

I saw a comment on StackOverflow where someone said that this had solved a problem for them. Might not help you, but should only take a little time to test. 

 

Good luck!

 

Thanks,

 

Cody

 

0 Helpfuls