Trouble with special characters and powershell orchestration

adamrasmussen
Giga Contributor

Inside our AD environment we have several users that have special characters, such as commas or apostrophes in their distinguished names.  I've tried using .replace and .split, and various other methodologies of inserting the backslash as an escape character before these values (e.g. "\," or "\'", but everytime it appears as if ServiceNow is stripping them out before sending them over to the midserver for execution.

For example, when attempting a rename-adobject via Run Powershell activitity, what I need to send is:

rename adobject -Identity "CN=Test\, Bob,OU=Users,OU=domain,OU=com" -NewName "Bob Test"

 

What actually gets sent to the ECC queue is:

rename adobject -Identity "CN=Test, Bob,OU=Users,OU=domain,OU=com" -NewName "Bob Test"

 

Notice the missing slash before the common in the DN.  This leads to the ECC Queue error of:  

Cannot find an object with identity: 'CN=Bob, Test,OU=Users,OU=Users,DC=domain,DC=com' under: 'DC=domain,DC=com'.Stack Trace: at   Microsoft.ActiveDirectory.Management.Commands.ADFactoryUtil.GetADObjectSearcherFromIdentity(ADEntity identityObj, String searchRoot, Boolean showDeleted, IADOPathNode structuralObjectFilter, IADOPathNode identityFilter, IdentityResolverDelegate[] identityResolvers, CmdletSessionInfo cmdletSessionInfo)at   Microsoft.ActiveDirectory.Management.Commands.ADFactory`1.GetDirectoryObjectFromIdentity(T identityObj, String searchRoot, Boolean showDeleted)at Microsoft.ActiveDirectory.Management.Commands.ADRenameCmdletBase`3.ADRenameCmdletBaseProcessC SRoutine()at Microsoft.ActiveDirectory.Management.CmdletSubroutinePipeline.Invoke()at   Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.ProcessRecord()

 

Issuing the command via Powershell directly and inserting the appropriate backslash works fine.

 

I have the same issue with someone whose last name is O'Conner.

 

Any help would be appreciated.

1 ACCEPTED SOLUTION

adamrasmussen
Giga Contributor

Here was my final code solution... since .slice() method didn't seem to be supported, I had to resort to a lot of splits.   I'll move this to internal variables since nothing needs to be available outside this condition except the workflow.scratchpad.emp_dn.   This assume's that you have already run your QueryAD to find your employee record and have sanitized the .path value from that query into the workflow.scratchpad.emp_dn variable.



var fIdx = workflow.scratchpad.emp_dn.indexOf(",");


var lIdx = workflow.scratchpad.emp_dn.indexOf(",OU=");




if (fIdx < lIdx){


        // comma found in name


        workflow.scratchpad.foundComma = 'yes';


        workflow.scratchpad.oName = workflow.scratchpad.emp_dn.split(",OU=")[0];


        workflow.scratchpad.oPath = workflow.scratchpad.emp_dn.split(workflow.scratchpad.oName)[1];


        workflow.scratchpad.fPart = workflow.scratchpad.oName.split(", ")[0];


        workflow.scratchpad.lPart = workflow.scratchpad.oName.split(", ")[1];


        workflow.scratchpad.emp_dn = workflow.scratchpad.fPart + "\\, " + workflow.scratchpad.lPart + workflow.scratchpad.oPath + "";


}


View solution in original post

11 REPLIES 11

Valor1
Giga Guru

you typically have to "double-escape" when adding backslashes since JavaScript's escape character is also a \.


You'll want this effective output:



rename adobject -Identity "CN=Test\\, Bob,OU=Users,OU=domain,OU=com" -NewName "Bob Test"



Assuming your source is a workflow activity and you're passing in the DN with Javascript, you'll end up with something like:


var bobTestDN = "CN=Test, Bob,OU=Users,OU=domain,OU=com"


function doubleEscapeCommas (str){


  return str.replace(', ', '\\, ');


}



You may have to triple or quadruple escape the \ characters -- all the more reason to make a function like I did above, so you don't have to redo all usages.



[EDIT] If you're following along at home, the .replace() method doesn't treat this correctly.


Solution found by OP: Re: Trouble with special characters and powershell orchestration


I've already tried up to \\\\\\ to "double escape", they're still being stripped.


If that's the case, then I'd call this a bug and submit a HI ticket.



Related Q: If you modify the ECC Queue output record does it work?


Definitely looks like it's the .replace method that's stripping the backslashes.   Modifying the ECC queue manually executes the powershell command perfectly.



I've moved to splitting the array manually and concatenating the escaped text and I believe I've now solved it.   I'll add a reply to the main topic with my final code.