Getting Errors when adding User to an AD Group

EricG · ‎07-09-2024

Our group just got Integration Hub Professional and installed it to our environment.

I'm using the Microsoft AD SpokeV2 to add users to an existing AD Group.

It looks like this

In summation, I'm

1. Looking for the User in AD

1.a Lookup Group in AD

2. Once both are found, i then check if the are already a member of the Required Group.

2.a If Yes, then update ticket and close

2.b If Not, at the user to the group

3 If successful, then i close the ticket

4. Otherwise i assign the ticket to the appropriate group to complete manually.

Simple enough.

I've followed the On line documents and have my 4 domain credentials entered

along with my 3 domain connections. ( we have 3 different companies in out org.)

I'm using connection 1 to get to my TEST AD environment.

I'm able to find the user in Test AD, Validate the are not in the Group I've select.

But when I go to add them in the group, i get error message

The output message is as follows

{
"body":  "Cannot find an object with identity: \u0027ba65ed77-b8c1-4bbd-8469-34f7e5d2a3f1]\u0027 under: \u0027DC=XXXXXX,DC=Global\u0027.",
"status":  "Error"
}

My action is set as follows:

I've tried using a String for User Name and Group Name.

As well as using the AD Lookup GUID's and a combination of both.

Not sure why i can't add to the group (Permissions?) or what "Invalid Resource Name" means.

The support tech i opened a case with wasn't very helpful, as this seems to fall under the "Customization" rules.

Can anyone provide some guidance on this. Or anything more i should provide to clarify.

James Chun · ‎07-09-2024

Hi @EricG,

Cannot find an object with identity simply means there is no object in AD with the provided identifier.

I can see a square bracket in the error message after the GUID - 0027ba65ed77-b8c1-4bbd-8469-34f7e5d2a3f1]

This makes me wonder if you are passing incorrect inputs but you also mentioned that you have hardcoded the inputs with a string type.

Which object does the GUID in the error log refer to? Is it the user or the group object?

Can you share a screenshot of how you configured the Add users to group action when you hardcoded the inputs?

I am not sure if this is permission related issue but have a read at this article as well - https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0829224

Cheers

Community Alums · ‎07-09-2024

Hi @EricG ,

The error message "Cannot find an object with identity" says that the provided GUID does not correspond to an existing object in Active Directory. This could mean the GUID is incorrect or does not exist.

Also ensure that the GUIDs are being treated as strings. Any extra characters or wrong data types could cause issues.- as we can see that an extra closing square brackets ] which seems inappropriate and could lead to this issue.

If my response has resolved your query, please consider giving it a thumbs up ‌‌ and marking it as the correct answer‌‌!

Thanks & Regards,

Sanjay Kumar

edosky · ‎10-24-2024

Hi @EricG,

Have you determined the fix for the issue? We are also experiencing the same issue wherein the user_name gets appended with "]" a closing bracket, which throws the powershell script off as there are no records for the user with the closing bracket, as we are using an OOB spoke and has not updated anything I wonder if this is an existing issue or do you have any workarounds, thank you.

Matt Brennan1 · ‎10-26-2024

I have also been experiencing this issue for the last 3 weeks. Automation which has been working for a year suddenly broke and is failing constantly, appending a ] to the sAMAccountName and causing Powershell to fail.

Since it clear appears to not be something we did (multiple complaints) I have just opened a case with support.

For us it seems to have started when they applied Xandu Patch 1 Hot Fix 2 to our instance. Our test instance is still on Washington DC Patch 7, and that one is unaffected. Mentioning in case that helps.