none
MIMWAL: Powershell Add-ADGroupMember RRS feed

  • Question

  • Hi, 

    I'm currently trying to add new users to some default AD groups (that i haven't yet imported into MIM fully), so i'm looking at using the MIMWAL Powershell activity. 

    I've written and tested the following script which works when i run it from the server:

    param
    (
    	[parameter(mandatory = $true)] $user
    )
    
    $group1 = "Group1"
    $group2 = "Group2"
    $group3 = "Group3"
    $group4 = "Group4" 
    $group5 = "Group5"
    
    
    Add-ADGroupMember -Identity $group1 -Members $user
    Add-ADGroupMember -Identity $group2 -Members $user
    Add-ADGroupMember -Identity $group3 -Members $user
    Add-ADGroupMember -Identity $group4 -Members $user
    Add-ADGroupMember -Identity $group5 -Members $user

    but when i try run it in the MIMWAL workflow (flowing [//Target/AccountName] to $user), i get the following error:

    WAL (2.18.0318.0): 08/20/2019 15:31:00.1703: <>c : <SetupStreamEventHandlers>b__68_0: The term 'Add-ADGroupMember' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

    I've read somewhere that MIMWAL uses powershell 2.0 commands, but i thought (perhaps wrongly) that Add-ADGroupMember was added in 2.0.

    I have tried adding "import-module activedirectory" to the scriptblock in the workflow,but that gives the following error:WAL

    (2.18.0318.0): 08/20/2019 15:38:46.0605: <>c : <SetupStreamEventHandlers>b__68_0: The 'C:\windows\system32\WindowsPowerShell\v1.0\Modules\activedirectory\activedirectory.psd1' module cannot be imported because its manifest contains one or more members that are not valid. The valid manifest members are ('ModuleToProcess', 'NestedModules', 'GUID', 'Author', 'CompanyName', 'Copyright', 'ModuleVersion', 'Description', 'PowerShellVersion', 'PowerShellHostName', 'PowerShellHostVersion', 'CLRVersion', 'DotNetFrameworkVersion', 'ProcessorArchitecture', 'RequiredModules', 'TypesToProcess', 'FormatsToProcess', 'ScriptsToProcess', 'PrivateData', 'RequiredAssemblies', 'ModuleList', 'FileList', 'FunctionsToExport', 'VariablesToExport', 'AliasesToExport', 'CmdletsToExport'). Remove the members that are not valid ('HelpInfoUri'), then try to import the module again.

    At line:1 char:14     + import-module <<<<  activedirectory

    Has anyone else come across this issue before?

    mercredi 21 août 2019 07:42

Réponses

  • That is correct what you have read about MIM used .NET 3.5 and is locked to Powershell 2. This is documented on the MIMWAL Wiki:

    "All MIM/FIM workflows run in a .NET Framework 3.5 runtime. This is a product limitation. This .NET runtime environment cannot execute scripts and cmdlets that need PowerShell 3.0 or above runtime. If there is a need to execute a script containing PowerShell 3.0+ cmdlets (e.g. ActiveDirectory module on Windows Server 2012), they can be made to run in a separate process to avoid the product limitation. e.g. using PowerShell Remoting or launching a new "powershell.exe" session using Start-Process cmdlet."

    The ActiveDirectory module requires powershell 3.0 or newer to run. Examples on the wiki page shows how you can work around this limit.

    • Marqué comme réponse atonyg mercredi 21 août 2019 11:27
    mercredi 21 août 2019 10:33

Toutes les réponses

  • That is correct what you have read about MIM used .NET 3.5 and is locked to Powershell 2. This is documented on the MIMWAL Wiki:

    "All MIM/FIM workflows run in a .NET Framework 3.5 runtime. This is a product limitation. This .NET runtime environment cannot execute scripts and cmdlets that need PowerShell 3.0 or above runtime. If there is a need to execute a script containing PowerShell 3.0+ cmdlets (e.g. ActiveDirectory module on Windows Server 2012), they can be made to run in a separate process to avoid the product limitation. e.g. using PowerShell Remoting or launching a new "powershell.exe" session using Start-Process cmdlet."

    The ActiveDirectory module requires powershell 3.0 or newer to run. Examples on the wiki page shows how you can work around this limit.

    • Marqué comme réponse atonyg mercredi 21 août 2019 11:27
    mercredi 21 août 2019 10:33
  • Hi Fredrik,

    Thanks for your reply, I've had a look over the examples and have been able to implement the work around. I think i'd missed them when i was looking at the wiki before.

    All working now :) 

    mercredi 21 août 2019 11:27