Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Microsoft Azure Ad Custom action

Akshaya14
Tera Contributor

‎07-20-2023 11:50 PM

HI Team,

 

I'm now creating the custom action for add managed by attributes in AD. While I trying to run the powershell script is running fine managed by name is added but while I try to do via custom action it shows the following error.

Insufficient access rights to perform the operation
HRESULT: [8344]

Stack Trace:    at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowExceptionForExtendedError(String extendedErrorMessage, Exception innerException)
at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowExceptionForErrorCode(String message, String errorCode, String extendedErrorMessage, Exception innerException)
at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowExceptionForFaultDetail(FaultDetail faultDetail, FaultException faultException)
at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowException(AdwsFault adwsFault, FaultException faultException)
at Microsoft.ActiveDirectory.Management.AdwsConnection.Modify(ADModifyRequest request)
at Microsoft.ActiveDirectory.Management.ADWebServiceStoreAccess.Microsoft.ActiveDirectory.Management.IADSyncOperations.Modify(ADSessionHandle handle, ADModifyRequest request)
at Microsoft.ActiveDirectory.Management.ADActiveObject.Update()
at Microsoft.ActiveDirectory.Management.Commands.ADSetCmdletBase`3.SetFromIdentity(O identity)
at Microsoft.ActiveDirectory.Management.Commands.ADSetCmdletBase`3.ADSetCmdletBaseProcessCSRoutine()
at Microsoft.ActiveDirectory.Management.CmdletSubroutinePipeline.Invoke()
at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.ProcessRecord()

Powershell Script:

# Import the Active Directory module
Import-Module "$executingScriptDirectory\ADSpoke\ActiveDirectoryMain"

$groupname = $env:SNC_groupname -replace "%27", "'"
$managedby = $env:SNC_managedby -replace "%27", "'"

#SNCLog-ParameterInfo @("Running AddManagedByToADGroup", $groupName, $managedby)

# Retrieve the group object
$group = Get-ADGroup -Filter {Name -eq $groupName}

if ($group) {
# Retrieve the manager object
$manager = Get-ADUser -Identity $managedby

if ($manager) {
# Add the ManagedBy attribute to the group
Set-ADGroup -Identity $group.DistinguishedName -ManagedBy $manager.DistinguishedName
Write-Output "The group '$groupName' is now managed by '$managedby'."
} else {
Write-Output "Manager '$managedby' not found."
}
} else {
Write-Output "Group '$groupName' not found."
}

0 Helpfuls
  • 480 Views
0 REPLIES 0