When a new user is created in Active Directory, they are automatically added to a primary AD group called "Domain Users". This automation is done outside of any ServiceNow processing. However, for a certain type of users their primary group needs to be "No Access" and they need to be removed from the group "Domain Users". I've tried creating a custom PowerShell activity which is then used in the workflow to add the new user to the 'No Access' group and remove them from the 'Domain Users' group, but it doesn't work, I'm getting an error that the person is not in the group, but I can verify the person is in the group. I don't know how to create a PowerShell script, it was given to me by someone else. The PowerShell script that was given to me works perfectly fine in PowerShell, just not from the workflow.
Can someone help me out with this, please? Or provide a better way to change the primary group from a workflow?
Here is the custom PowerShell activity:
And the test workflow:
This is the Run Script:
And finally, the inputs to the custom PowerShell activity:
When I run the workflow, this is the error message I get, but I know the user is a member of the two groups.
