Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Set AD account expiration date via orchestration

Go to solution
Shannon Burns
Kilo Sage

‎07-20-2017 09:35 AM

I tried setting the account expiration date of an AD account via orchestration, but am getting an error

find_real_file.png

I can confirm via workflow context that the userid field is the username in AD and the 'end' variable is set to a date in MM/DD/YYYY format.

Anyone know what I'm doing wrong?   The error I'm getting is

find_real_file.png

Thanks,
Shannon

Labels:
Preview file
41 KB
Preview file
42 KB
  • 5,753 Views
1 ACCEPTED SOLUTION

Go to solution
Shannon Burns
Kilo Sage
In response to Steven Parker

‎08-24-2017 11:38 AM

I was not able to do it with the built in update AD object.   I was able to set it using the custom Powershell script object.



The things to note for that are:


  • You have to run the custom powershell with a target OTHER THAN the MID server
  • When I did that I was still having trouble because my account didn't have access to connect to the domain controller to run the command
    • I was able to perform the actions using an account that was a domain admin.   We hope to revisit this and scale back those permissions, but it was the fastest solution for our compressed implementation timeframe


find_real_file.png


Hope that helps


Shannon


View solution in original post

Preview file
76 KB
0 Helpfuls
8 REPLIES 8

Go to solution
Mihir Mohanta
Kilo Sage

‎07-20-2017 09:45 AM

Please go through the below link



Runbook Automation - RBA - Setting the AccountExpires Date field in AD


0 Helpfuls

Go to solution
Shannon Burns
Kilo Sage
In response to Mihir Mohanta

‎07-20-2017 10:24 AM

OK, that makes sense as to why I'm getting the syntax error.



I figured out how to make the custom powershell activity, but the output is always null.   So I guess I made some mistake there as well. I tried using the scratchpad as the input and tried just entering a date manually.   No errors were returned, but both still evaluate to null.



Thanks,


Shannon


0 Helpfuls

Go to solution
Shannon Burns
Kilo Sage
In response to Shannon Burns

‎08-04-2017 01:12 PM

I've now got syntax that works when I paste it into the server iteself.   But when I do it from the custom powershell activity, it tells me invalid credentials.   But considering I'm using the same credentials that I successfully use to add/remove from groups and to disable accounts, it's not that the password is wrong.



Anyone know why I might successfully use those activities that are built in for Powershell, but then not be able to use the same credentials for a custom Powershell?



Thanks,


Shannon


0 Helpfuls

Go to solution
Steven Parker
Giga Sage
In response to Shannon Burns

‎08-24-2017 11:25 AM

Did you figure this out?   I really don't want to have to run Powershell just to convert a date to a Windows File Time, but is that the only option?



Please mark this response as correct and/or helpful if it assisted you with your question.
Steven
0 Helpfuls