none
PostprocessingError when running workflow activity. RRS feed

  • Question

  • I've got a powershell workflow activity which adds members to a group.
    If I run this script manually (i.e. from a PS command line) it works. The member ID I provide is added to the group ID I provide. When this workflow activity is triggered it shows a PostProcessingError in the Search Request.

    I assume it has something to do with the fact that during the workflow the script is run with different credentials than when run manually.

    Search request shows 2 errors for this:
    1) Request Title: Update to set "x" - status PostProcessingError - operation Modify
    This has "Administration: Administrators control set resources" as the matching MPR.

    2) System Event REquest  - status PostProcessingError - operation System EventThis has ".Group SMPR: LDAP AD Group Provisioning" as the matching MPR (this is a set transition).

    If I remove " $ImportObject | Import-Fimconfig" from the script, all errors are gone.

    Where do I set the right permission / add permissiomn for the attribute.


    • Edited by JOTdude Thursday, January 22, 2015 5:57 AM
    Thursday, January 22, 2015 5:57 AM

All replies

  • Hi JOTdude,

    Well if you remove the line "$ImportObject | Import-Fimconfig", ppobably nothing happens in FIM...

    It's seems that you try to edit Set members ("Update to set") instead of group members.

    Can you check the MPR that contains the Set "X" (probably a Transition type). And look for the Wf?

    Regards,


    Sylvain

    Thursday, January 22, 2015 10:57 AM
  • Not sure what you mean. The WF is triggered on a group transitioning into a set. The Powershell activity does get triggered (I checked by writing some lines to a txt file). So the process works but it looks like a permissions thing. The WF activity creates the ImportChange and updates the ImportObject but at the point where it actually wants to "write" ($ImportObject | Import-Fimconfig)  the updated object it fails.
    Thursday, January 22, 2015 11:23 AM
  • Your explanation clear my mind :)

    Well, the Wf activity runs under the context of FIMService Service Account, so you have to solution:

    Regards,


    Sylvain



    • Edited by Sylvain.c Thursday, January 22, 2015 12:04 PM spelling
    Thursday, January 22, 2015 12:03 PM
  • FIM Service account is already setup as a user in FIM (using the script you linked to as well).

    Even providing the credentials in the script returns the same error.

    Friday, January 23, 2015 12:53 AM
  • Did you try to configure a "god" MPR? To give all rights to the Administrator Set?

    What are the changes of your powershell scripts?

    Do you also change configuration file of FIMService? http://fimpowershellwf.codeplex.com/workitem/972

    Do you have more detailed info in the request or in the event viewer?


    Sylvain

    Friday, January 23, 2015 9:05 AM