How to set MID Server and Credential used for Orchestration Active Directory Activities

Adarsh18 · ‎06-29-2022

Hi team,

I'm new to Orchestration and I was wondering where and how the MID Server and Credential are set for Orchestration Active Directory Activities. In IntegrationHub Microsoft AD Spoke, the credentials are set based on the connection/credential configured for the AD Spoke connection alias.

On using the 'Add User to Group' activity in Orchestration, I noticed the credential 'Windows MID Server Service Account'. being used for the activity.

Is there any way to manually set the connection/credential for the Orchestration Active Directory Activities?

Thanks in advance

Adarsh18 · ‎08-11-2022

Sorry for getting back late. I raised a ServiceNow support ticket on this and they confirmed that we cannot manually specify the MID Server for the AD Orchestration activity like we can do in IntegrationHub AD Spoke.

View solution in original post

suvro · ‎06-29-2022

There is a module called Credentials in Servicenow. There you can create all the required credentials.

And when you see Windows MID Server Service Account. It is the credential of the service account created for MID Server the service account which has local admin privilege on the MID Server and has access to domain controller.

This service account credential is configured directly on the MID Servers service properties under Log on As tab. On the credential table you need to have a record configured for MID Server Service Account. It will refer the credentials of the MID Server service

Adarsh18 · ‎06-30-2022

Thanks suvro. I have a better idea on how Windows MID Server Service Account works now.

The reason I asked the question is because I faced 'Authentication failure with the user null' error a few times on the Add User to Group AD Activity. When I opened the Windows MID Server Service Account credential, I noticed that two MID Servers have the same ip address in the 'Discovery IP Affinity' related list. I assume this might be one of the reasons why I faced the authentication failure issue so I was thinking if there's any way to manually set a different Credential for the AD Activities.

suvro · ‎06-30-2022

See since there is no credentials created in the discovery_credentials

It tries to use the MID Server Service Account. Create a windows credentials which has enough access to add a user to the group.

Also make sure if there are two MID Servers installed on the same server

GO to services -> find out there must be two service for mid server

go to the properties of those services and check what is configured in Logon As tab.

Check this for both the services. Service Account must be configured in both of them

Adarsh18 · ‎06-30-2022

I have already created a Windows Credential created which is only for the specific MID Server installed on the AD Server which I also use for the Microsoft AD Spoke in IntegrationHub but the Orchestration only uses Windows MID Server Service Account credentials.

Sorry I wasn't clear on the MID Server part. They are installed on different servers but for the same instance. They just happen to share the same ip address so I think there might be a conflict on which MID Server is chosen for this AD activity during runtime.