none
FIM 2010 R2. Run set-aduser from PowerShell Activity RRS feed

  • Question

  • Hello!

    I have WF with PowerShell Activity and I can't run command set-aduser. Problem with ActiveDirectory module PS.

    When I add

    <startup>
    <supportedRuntime version="v4.0"/>
    <supportedRuntime version="v2.0.50727"/>
    </startup>

    to Microsoft.ResourceManagement.Service.exe.config file, FimService does not start.

    How can I run PS Activity with ActiveDirectory module?

     


    Alex

    Friday, November 27, 2015 8:36 AM

All replies

  • Hi,

    can you tell us first which PS Activity you are using ?

    /Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Friday, November 27, 2015 9:21 AM
  • http://fimpowershellwf.codeplex.com/

    Alex

    Friday, November 27, 2015 9:23 AM
  • Hi!

    Did you make sure that the ActiveDirectory Powershell module is installed on the server you are trying to run the Set-ADUser command from?

    You can check by opening the Server Manager -> Add Roles and Features -> Features -> Remote Administration Tools -> AD DS and AD LDS Tools. 

    Once you have the ActiveDirectory module installed on the server, you will need to import it in your powershell script before you can use the AD cmdlets. You do this by adding "Import-Module ActiveDirectory" to the start of your script.

    Good luck!


    Wouter Landuyt | IS4U FIM/MIM Expert Blog: blog.is4u.be

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer. Thank you!


    • Edited by Wouter L Friday, November 27, 2015 10:34 AM
    Friday, November 27, 2015 10:30 AM
  • Yes, ActiveDirectory Powershell module is installed. I can run cmdlets ActiveDirectory without FIM.

    I tried add "Import-Module ActiveDirectory" to PowerShell Activity.


    Alex

    Friday, November 27, 2015 12:03 PM
  • Then it should work by adding "Import-Module ActiveDirectory" to your script. Can you share the code in your powershell activity/script?

    On a side note, I always write a script and reference the script + location in the workflow activity instaid of pasting my actual code in it. This way you will not lose code when you spend too much time troubleshooting the workflow activity which will result in a session timeout. On another note, some powershell activities don't like spaces (or double quotes) in the path of your script.

    Good luck!



    Wouter Landuyt | IS4U FIM/MIM Expert Blog: blog.is4u.be

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer. Thank you!

    Friday, November 27, 2015 2:41 PM
  • One thing to note here is that while this workaround results the possibility to run Active Directory cmdlets, it will also brake the password reset feature. I have tested and confirmed this in both FIM 2010 R2 and MIM 2016 environments that are running on Windows Server 2012.
    Monday, November 30, 2015 10:51 AM
  • Import-Module ActiveDirectory
    set-aduser -Identity $fimwf.WorkflowDictionary.Option1 -clear msExchMasterAccountSid


    Alex

    Monday, November 30, 2015 3:39 PM
  • Hi Alex,

    I'm pretty sure that you are using the WorkflowDictionary wrong, and that is causing the workflow to throw an error.

    This should work:

    $accountName = $fimwf.WorkflowDictionary['accountName'] Import-Module ActiveDirectory Set-ADUser -Identity $accountName -clear msExchMasterAccountSid

    Hope it helps!


    Wouter Landuyt | IS4U FIM/MIM Expert Blog: blog.is4u.be

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer. Thank you!


    • Edited by Wouter L Wednesday, December 9, 2015 1:04 PM
    Wednesday, December 9, 2015 1:04 PM
  • Hello!

    "$fimwf.WorkflowDictionary.Option1" with Exchange cmdlets and Lync cmdlets work fine.


    Alex

    Friday, December 11, 2015 3:20 PM