Set AD account expiration date via orchestration

Go to solution
Shannon Burns
Kilo Sage

‎07-20-2017 09:35 AM

I tried setting the account expiration date of an AD account via orchestration, but am getting an error

find_real_file.png

I can confirm via workflow context that the userid field is the username in AD and the 'end' variable is set to a date in MM/DD/YYYY format.

Anyone know what I'm doing wrong?   The error I'm getting is

find_real_file.png

Thanks,
Shannon

Labels:
Preview file
41 KB
Preview file
42 KB
  • 5,057 Views
1 ACCEPTED SOLUTION

Go to solution
Shannon Burns
Kilo Sage
In response to Steven Parker

‎08-24-2017 11:38 AM

I was not able to do it with the built in update AD object.   I was able to set it using the custom Powershell script object.



The things to note for that are:


  • You have to run the custom powershell with a target OTHER THAN the MID server
  • When I did that I was still having trouble because my account didn't have access to connect to the domain controller to run the command
    • I was able to perform the actions using an account that was a domain admin.   We hope to revisit this and scale back those permissions, but it was the fastest solution for our compressed implementation timeframe


find_real_file.png


Hope that helps


Shannon


View solution in original post

Preview file
76 KB
0 Helpfuls
8 REPLIES 8

Go to solution
Mihir Mohanta
Kilo Sage

‎07-20-2017 09:45 AM

Please go through the below link



Runbook Automation - RBA - Setting the AccountExpires Date field in AD


0 Helpfuls

Go to solution
Shannon Burns
Kilo Sage
In response to Mihir Mohanta

‎07-20-2017 10:24 AM

OK, that makes sense as to why I'm getting the syntax error.



I figured out how to make the custom powershell activity, but the output is always null.   So I guess I made some mistake there as well. I tried using the scratchpad as the input and tried just entering a date manually.   No errors were returned, but both still evaluate to null.



Thanks,


Shannon


0 Helpfuls

Go to solution
Shannon Burns
Kilo Sage
In response to Shannon Burns

‎08-04-2017 01:12 PM

I've now got syntax that works when I paste it into the server iteself.   But when I do it from the custom powershell activity, it tells me invalid credentials.   But considering I'm using the same credentials that I successfully use to add/remove from groups and to disable accounts, it's not that the password is wrong.



Anyone know why I might successfully use those activities that are built in for Powershell, but then not be able to use the same credentials for a custom Powershell?



Thanks,


Shannon


0 Helpfuls

Go to solution
Steven Parker
Giga Sage
In response to Shannon Burns

‎08-24-2017 11:25 AM

Did you figure this out?   I really don't want to have to run Powershell just to convert a date to a Windows File Time, but is that the only option?



Please mark this response as correct and/or helpful if it assisted you with your question.
Steven
0 Helpfuls