- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2018 11:22 AM
How to Add a cross-domain AD, active directory, member to a different domain AD group?
Trying to add a global AD member to a local AD group, meaning the AD group is in the same domain as the MID server.
Add User to AD Group works but only for 'local' members, members of the same domain as the group domain. Global members log error, "(&(objectClass=User)(samaccountname=<theuserid>)) could not be found"
Trying to use a Custom Powershell Activity I get an error logged, "Cannot find function info in object."
"Powershell Activity(b2c3a767136a57c0858150782244b0da): Cannot find function info in object 996ee9cb13431b84802a5d422244b005."
Solved! Go to Solution.
- Labels:
-
Orchestration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2018 02:23 PM
A lot of dependencies is there on your AD Infrastructure and Design. I tried this in my environment and I got similar errors. It came down to new User objects to be created. We also created an HI ticket but they were quite unhelpful.
Best Regards,
Rahul
Please mark this as Correct / Helpful if it resolved your query.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2018 02:23 PM
A lot of dependencies is there on your AD Infrastructure and Design. I tried this in my environment and I got similar errors. It came down to new User objects to be created. We also created an HI ticket but they were quite unhelpful.
Best Regards,
Rahul
Please mark this as Correct / Helpful if it resolved your query.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-25-2018 12:05 PM
Thanks but that is basically what I'm doing. I guess my problem is really about the Powershell activity designer. I can't get ServiceNow to read my custom PowerShell command script.
I keep getting a "Cannot find function info in object" in my PowerShell activity.
I also cannot Test Inputs it just hour-glasses indefinitely.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-23-2018 04:58 PM
I ran into a similar issue. We have a global catalog here so I used that to find both the user and the group object and then use add-adgroupmemeber against the DC of the user record to add them to the group. I did this with a custom PowerShell activity. The inputs are the address of the domain controller ($DC) the address of the global catalog ($GC), the group name ($group) and the sAMAccountName($sam). Then you just need some basic lines of PowerShell:
$user = Get-ADUser -Filter {sAMAccountName -eq $sam} -Server $GC
$ADGroup = Get-ADGroup -LDAPFilter "(name=$group)" -Server $GC
Add-ADGroupMember -Identity $ADGroup -Member $user -Server $DC
You'll want to put some error handling in there too.
-Ted
