Create AD Orchestration stripping escape characters?

robpickering · ‎07-01-2014

All,

Having an issue with the "Create AD Object" orchestration activity. Specifically, I'm trying to add a Manager to the User object I'm creating. My understanding of PowerShell (which is what the Orchestration Activities use underneath) is that the comma in the CN needs to be escaped, as such:

CN=Lastname\, Firstname,OU=Blue,OU=Information Services,OU=Employees,DC=MyCompany,DC=com

Within my script, I'm printing out my variable being passed:

workflow.scratchpad.managerDN: LDAP://10.100.69.202/CN=Lastname\, Firstname,OU=Blue,OU=Information Services,OU=Employees,DC=MyCompany,DC=com

I then use that string in my AD Object Creation activity, as such:

{
   "givenName" : "${workflow.scratchpad.firstname}",
   "SN" : "${workflow.scratchpad.lastname}",
   "title" : "${workflow.scratchpad.title}",
   "department" : "${workflow.scratchpad.department}",
   "departmentNumber" : "${workflow.scratchpad.accountNumber}",
   "physicalDeliveryOfficeName" : "${workflow.scratchpad.location}",
   "description" : "${workflow.scratchpad.description}",
   "displayName" : "${workflow.scratchpad.displayname}",
   "name" : "${workflow.scratchpad.displayname}",
   "manager" : "${workflow.scratchpad.managerDN}",
   "company" : "${workflow.scratchpad.company}",
   "streetaddress" : "${workflow.scratchpad.streetaddr}",
   "l" : "${workflow.scratchpad.city}",
   "st" : "${workflow.scratchpad.state}",
   "postalCode" : "${workflow.scratchpad.zip}",
   "co" : "${workflow.scratchpad.country}"
}

Everything appears to be working fine, but then the Create AD Object explodes in a stack trace. Looking at the ECC Queue output I see the following XML (snippet) that was sent:

`nmanager=LDAP://10.100.69.202/CN=Lastname, Firstname,OU=Blue,OU=Information Services,OU=Employees,DC=MyCompany,DC=com

I'm concerned that the comma between Lastname and Firstname isn't staying escaped, I also believe this is what is causing the stack trace. The specific error I'm seeing is:

A constraint violation occurred.Stack Trace:

at System.DirectoryServices.DirectoryEntry.CommitChanges()at CommitChanges(Object , Object[] )at System.Management.Automation.DotNetAdapter.AuxiliaryMethodInvoke(Object target, Object[] arguments, MethodInformation methodInformation, Object[] originalArguments)

As such, I cannot create the AD User as the Manager object causes the stack trace. If I remove the manager in the Create AD user activity, it works fine.

Is anyone using this and seeing something similar? Any idea why the output in the ECC Queue is stripping the escape character?

How do I escape that comma if the ECC Queue is just stripping it?

-Rob

DrewW · ‎07-01-2014

If memory serves you have to use more than one \, so \\ or \\\\, I forget which. The reason is that two \\ escape down to one \ and then I think there is a second round of escaping that happens which is why you mite need \\\\. But I would try \\ first.

View solution in original post

mamann · ‎07-01-2014

Drew is correct, you need four (4) backslashes for escaping.

We actually discussed this same scenario with Service Now in the past few weeks and they're looking for ways to possible improve this in future releases.

robpickering · ‎07-01-2014

Sigh, when I use 4, I get two in the ECC Queue, when I use three, or two, I get none.

mamann · ‎07-01-2014

Here is a blog article discussing the same issue.

https://community.servicenow.com/people/Christopher.Maloy/blog/2013/02/21/2590

robpickering · ‎07-01-2014

Okay, four slashes worked!

I was still getting a constraint violation because I was using an "adspath" instead of the "distinguished name".

adspath: LDAP://10.100.69.202/CN=Lastname\\\\, Firstname,OU=Blue,OU=Information Services,OU=Employees,DC=MyCompany,DC=com

distinguishedname: CN=Lastname\\\\, Firstname,OU=Blue,OU=Information Services,OU=Employees,DC=MyCompany,DC=com

The "manager" attribute needs a distinguished name (thank you Mark for the blog post, as that had that answer as well!)

opencrest · ‎08-11-2017

Can you please help me with this?? Pass User Objects in AD Create Object - Orchestration