Another Powershell Question

JYARBROUGH asked a question.

July 11, 2017 at 7:00 AM

The Powershell below works great when I run it straight from Powershell and prompt for the inputs. However when I run inside of the App Store I get the following error.

Failed to run expression: . 'C:\Program Files\Snow Software\Snow Automation Platform\Activities\migrategroupmembership\2\migrategroupmembership.ps1' -identity 'CNCLCFZLHC2' -target 'STLVDBUS029'. Row number: 110. Error: Cannot validate argument on parameter 'MemberOf'. The argument is or empty. Provide an argument that is not or empty, and then try the command again.

It appears to be passing the parameter but from some reason the MemborOf is but I don't get that error when I run manually.

Thanks for you help!

Jerry

Param(

$identity,

$target

)

Function Get-MyModule

{

Param([string]$name)

if(-not(Get-Module -name $name))

{

if(Get-Module -ListAvailable |

Where-Object { $_.name -eq $name })

{

Import-Module -Name $name

$true

} #end if module available then import

else { $false } #module not available

} # end if not module

else { $true } #module already loaded

} #end function get-MyModule

Function Get-GroupsToMigrate

{

Param($identity)

$array = @()

$groups = Get-AdComputer -Identity $identity -property “MemberOf”

Foreach($group in $groups.memberOf)

{

#$reply = Read-Host -Prompt “add group $($group) `r`ny / n”

#if($reply -match “y”) {$array +=$group}

} #end foreach

Return $array

} #end Get-GroupsToMigrate

# *** ENTRY POINT TO SCRIPT ***

If(-not (Get-MyModule -name “ActiveDirectory”)) { exit }

$array = Get-GroupsToMigrate -identity $identity

Get-ADComputer -Identity $target | Add-ADPrincipalGroupMembership -MemberOf $array

#testing making a change

Community Manager (Flexera Software)
9 years ago
Hi! I would try running the script logged in as the workflowengine account (or runas). It could be that your own account has permissions to read the memberOf property but the service account does not. //Joakim
Expand Post
- JYARBROUGH
  9 years ago
  Thanks again for the help. I again switched to my personal account and the memberOf error went away. I'm now getting a new error that seems to be a issue with the App Store and not the Powershell? Error running activity with id:534. Filename: C:\Program Files\Snow Software\Snow Automation Platform\Activities\migrategroupmembership\2\migrategroupmembership.ps1. Error: System.ComponentModel.Win32Exception (0x80004005): The stub received bad data at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo) at Snow.SnowAutomationPlatform.WorkflowEngine.WorkflowEngine.ExecuteActivity(RequestActivity ra, ProcessStartInfo startInfo, Boolean logRequestActivityResult) Thanks! Jerry
  Expand Post
  - Community Manager (Flexera Software)
    9 years ago
    I did some googling on this one and it seems to be authentication related. I think you should try to run the activity in AP without running it as your account and instead give the normal workflow account permissions in AD to read the memberOf property. See if that works.
    Expand Post
    JYARBROUGH
    9 years ago
    I was running it under the AP service account and that's when I couldn't read the memberOf property. When I change to my account, I do not get the MemberOf error but I get the more AP related error I pasted above. Actually this is the same error I get with the ServiceNow Powershell you helped me with in the other string. My guess is I don't have something correct in AP or missing something required to run Powershell in AP since I'm getting the same for two different Powershell's that both run successfully manually. Jerry
    Expand Post
    Community Manager (Flexera Software)
    9 years ago
    Hey Yes, but try to change so that you do not run it as your account. Instead use the workflow engine account and give the workflow engine account the required permissions. That way we can rule out that there is something strange going on when ap tries to run the activity as somebody else
    Expand Post
    JYARBROUGH
    9 years ago
    Thanks for all your! I'm working on getting the permissions for our ServiceAccount but it will most likely take a few weeks. I was hoping to make sure we don't have another issue by running it under my account temporarily. Jerry
    Expand Post
    Community Manager (Flexera Software)
    9 years ago
    I see! Sometimes you wish that the ad guys would trust that you know what you are doing And in your servicenow script, you have the same situation?
    Expand Post
    JYARBROUGH
    9 years ago
    Very true! Yes the ServiceNow script is receiving the same error. Thanks! Jerry
    Expand Post
    Community Manager (Flexera Software)
    9 years ago
    And you cant give the workflow engine account permissions without waiting a few weeks?
    Expand Post
    JYARBROUGH
    9 years ago
    I have the request into IT security but not sure how long it will take. I'm trying to escalate but don't know if that will work. Do you still think it permissions related running under my account? I'm able to run the scripts under my personal account outside of the Automation Platform. Jerry
    Expand Post

10 of 11