Orchestration - Add user to AD Group getting Authentication Errors

garyopela · ‎10-09-2014

Hey guys, I've set up orchestration to add a user to a group in AD but am getting weird errors.

I have verified the following:

1) I am using the correct DC

2) The group and the account both exist which I'm using

3) The service-account under which my mid server service is running has sufficient rights to add the user I'm testing with to the group I'm testing with. (I used ADUC and was able to manually add the account to the group

Yet, even trying two different ways, I still get the same error.

The first way I tried was using a Run - Powershell activity:

Add-ADGroupMember -Identity "group SAM Name" -Members "user SAM Name"

The second way was using what Chris posted:

ServiceNOW RBA (Orchestration) — Add an Active Directory user to an AD group — workflow activity. | ...

Unfortunately, the error I'm getting is:

Authentication failure with the local MID server service credential.

Failed to access target system. Please check credentials and firewall settings on the target system to ensure accessibility: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Any suggestions are appreciated. I'm not sure why I'm getting access denied. The account has the proper authority, I even logged in as that account and was able to update AD. I can still query AD, just not Update. For instance, If I put in a check to see if an account is locked or not, that works.

garyopela · ‎10-15-2014

Holy cow that worked.

Okay, i'll try to update my blog on how to get all this to work when I get time. Thanks for all the help guys, it is much easier now that we have powershell version2!!!

View solution in original post

chinnaprince · ‎02-01-2017

Hi jim,

how we can pass the credentials of that orchestration at the end of ${cred} can you please elaborate we have urgent requirement on this we will get the same error "authentication failure with the local MID server service credential.\n"

Thanks & Regards,

Dasthagiri K

dugarj · ‎02-21-2017

Hi GAry,

I am facing the same issue as you mentioned in your original post; Using the below code in powershell activity;

Hostname : ${workflow.scratchpad.domain_controller}

Command;

Import-Module ActiveDirectory

$a = "${workflow.scratchpad.group}".split(',')

for($i =0; $i -lt $a.length; $i++)

{

try

{

Add-ADGroupMember -Identity $a[$i] -Members "${workflow.scratchpad.user}"

$a[$i] + " - Success"

}

catch

{

$a[$i] + " - Failure:`n"

$_.Exception.Message +"`n`n"

}

Getting the below error :

Authentication failure with the local MID server service credential. *** Failed to access target system. Please check credentials and firewall settings on the target system to ensure accessibility: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))Stack Trace: at System.Management.ManagementScope.Initialize()at System.Management.ManagementObjectSearcher.Initialize()at System.Management.ManagementObjectSearcher.Get()at Microsoft.PowerShell.Commands.GetWmiObjectCommand.BeginProcessing()at System.Management.Automation.Cmdlet.DoBeginProcessing()at System.Management.Automation.CommandProcessorBase.DoBegin()

Please help!!!

Thanks in advance!!!

Jayshree

souren0071 · ‎09-04-2017

Hi Gary,

Could you please me out, we are using the same code referred the link you mentioned earlier:

ServiceNOW RBA (Orchestration) — Add an Active Directory user to an AD group — workflow activity. | ...

We are getting an error in same activity with message " Authentication failure(s) with available Windows credentials from the instance. Credentials tried: <credential name>".

Please provide procedure how you able to success.

Thanks in advance.

Regards,

Souren