Custom Orchestration Activity - Query AD for Groups User is a Member Of

Steven Parker · ‎01-02-2019

So we use Orchestration for a few things in our instance. We use the out of the box Add User to Group, Update AD Object, another custom activity, etc...

What I am trying to do now is a custom Powershell command to pull back the names of the groups a user belongs to in AD. Here is what I'm trying:

I've tried the following as well:

Get-ADPrincipalGroupMembership ${activityInput.username} | select name

Get-ADPrincipalGroupMembership -server ldap.*****.******* -identity ${activityInput.username} | select name

I keep getting "The RPC Server is unavailable". We are using the same Orchestration server we use for everything else...the same credentials for AD that we use for everything else. Why am I getting "The RPC Server is unavailable"? Below is the error, and it is using the correct service account for credentials:

Please mark this response as correct and/or helpful if it assisted you with your question.
Steven

Community Alums · ‎01-07-2019

On the Outputs screen you define the output variable as activityOutput.Output1, so you will probably need to use:

var ADGroupOutput = data.get(16).Output1;
workflow.scratchpad.ADActivityOutput = ADGroupOutput;
gs.log("Run Script Log: " + workflow.scratchpad.ADActivityOutput);

If you navigate to the Data tab on the top right of the Workflow Editor, you should be able to confirm the databus number and output variables there. For example, for the below custom Orchestration activity, I get the output using data.get(88).answer.

View solution in original post

Steven Parker · ‎01-03-2019

So I figured out that the account I normally use isn't a Domain Admin and can't access the AD server to attempt to run powershell. I remediated that, but now I am getting this error:

Please mark this response as correct and/or helpful if it assisted you with your question.
Steven

Steven Parker · ‎01-03-2019

So I figured out that we were having an account issue. Got that resolved and I am now seeing this error:

Please mark this response as correct and/or helpful if it assisted you with your question.
Steven

Alberto Consonn · ‎01-03-2019

Hi,

have a look at these threads, it will help you to find out the solution to this error:

https://social.technet.microsoft.com/Forums/scriptcenter/en-US/1b2148c6-32b0-48e8-9c92-0a3cd1da7b4d/...

https://stackoverflow.com/questions/17548523/the-term-get-aduser-is-not-recognized-as-the-name-of-a-...

Please, remember to mark Correct or Helpful if you find my response useful.

Cheers
Alberto

SanjivMeher · ‎01-03-2019

Did you also do import active directory module, before running the command?

import-module activedirectory

Please mark this response as correct or helpful if it assisted you with your question.

Steven Parker · ‎01-04-2019

We did that today on the Mid Server and it's working now, but...ServiceNow doesn't seem to like the "| select name" portion of the command. If I remove it, it pulls back all kinds of data, which is accurate, but I don't need all that data. I just want the name field. I ran this script on the Midserver itself and it worked fine and returned what I was looking for. But when I run it in ServiceNow, it returns this:

Take that "| select name" out and it returns a lot of data.

Please mark this response as correct and/or helpful if it assisted you with your question.
Steven