Create AD Orchestration stripping escape characters?

robpickering
ServiceNow Employee
ServiceNow Employee

All,

 

Having an issue with the "Create AD Object" orchestration activity. Specifically, I'm trying to add a Manager to the User object I'm creating. My understanding of PowerShell (which is what the Orchestration Activities use underneath) is that the comma in the CN needs to be escaped, as such:

 

CN=Lastname\, Firstname,OU=Blue,OU=Information Services,OU=Employees,DC=MyCompany,DC=com

 

Within my script, I'm printing out my variable being passed:

 

workflow.scratchpad.managerDN: LDAP://10.100.69.202/CN=Lastname\, Firstname,OU=Blue,OU=Information Services,OU=Employees,DC=MyCompany,DC=com


I then use that string in my AD Object Creation activity, as such:


{
   "givenName" : "${workflow.scratchpad.firstname}",
   "SN" : "${workflow.scratchpad.lastname}",
   "title" : "${workflow.scratchpad.title}",
   "department" : "${workflow.scratchpad.department}",
   "departmentNumber" : "${workflow.scratchpad.accountNumber}",
   "physicalDeliveryOfficeName" : "${workflow.scratchpad.location}",
   "description" : "${workflow.scratchpad.description}",
   "displayName" : "${workflow.scratchpad.displayname}",
   "name" : "${workflow.scratchpad.displayname}",
   "manager" : "${workflow.scratchpad.managerDN}",
   "company" : "${workflow.scratchpad.company}",
   "streetaddress" : "${workflow.scratchpad.streetaddr}",
   "l" : "${workflow.scratchpad.city}",
   "st" : "${workflow.scratchpad.state}",
   "postalCode" : "${workflow.scratchpad.zip}",
   "co" : "${workflow.scratchpad.country}"
}

 

Everything appears to be working fine, but then the Create AD Object explodes in a stack trace. Looking at the ECC Queue output I see the following XML (snippet) that was sent:

 

`nmanager=LDAP://10.100.69.202/CN=Lastname, Firstname,OU=Blue,OU=Information Services,OU=Employees,DC=MyCompany,DC=com

 

I'm concerned that the comma between Lastname and Firstname isn't staying escaped, I also believe this is what is causing the stack trace. The specific error I'm seeing is:

 

A constraint violation occurred.Stack Trace:at System.DirectoryServices.DirectoryEntry.CommitChanges()at CommitChanges(Object , Object[] )at System.Management.Automation.DotNetAdapter.AuxiliaryMethodInvoke(Object target, Object[] arguments, MethodInformation methodInformation, Object[] originalArguments)

 

As such, I cannot create the AD User as the Manager object causes the stack trace. If I remove the manager in the Create AD user activity, it works fine.

 

Is anyone using this and seeing something similar? Any idea why the output in the ECC Queue is stripping the escape character?

How do I escape that comma if the ECC Queue is just stripping it?

 

-Rob

 


1 ACCEPTED SOLUTION

DrewW
Mega Sage
Mega Sage

If memory serves you have to use more than one \, so \\ or \\\\, I forget which.   The reason is that two \\ escape down to one \ and then I think there is a second round of escaping that happens which is why you mite need \\\\.   But I would try \\ first.


View solution in original post

9 REPLIES 9

mamann
Mega Guru

Drew is correct, you need four (4) backslashes for escaping.


We actually discussed this same scenario with Service Now in the past few weeks and they're looking for ways to possible improve this in future releases.


robpickering
ServiceNow Employee
ServiceNow Employee

Sigh, when I use 4, I get two in the ECC Queue, when I use three, or two, I get none.


robpickering
ServiceNow Employee
ServiceNow Employee

Okay, four slashes worked!



I was still getting a constraint violation because I was using an "adspath" instead of the "distinguished name".



adspath:   LDAP://10.100.69.202/CN=Lastname\\\\, Firstname,OU=Blue,OU=Information Services,OU=Employees,DC=MyCompany,DC=com




distinguishedname: CN=Lastname\\\\, Firstname,OU=Blue,OU=Information Services,OU=Employees,DC=MyCompany,DC=com




The "manager" attribute needs a distinguished name (thank you Mark for the blog post, as that had that answer as well!)


opencrest
Giga Contributor

Can you please help me with this?? Pass User Objects in AD Create Object - Orchestration