Subscribe
Accepted Solution

Can't get an AD cmdlet to execute in WFA

Attached is a very small WFA command that uses the Windows ServerManager ActiveDirectory commands to create an AD group. I can cut/paste the try/catch statement to a PoSH window and it executes as expected and creates the group. When I am in WFA and editing the command and use the [Test] button or execute it in a workflow it seems to do nothing and gives no error.

PS: the basic code is pasted below. When I cut/paste the logic to PoSH window I comment the  WFALogger command and use the write-output "$errMsg" instead. It runs, and when it runs twice it catches the error that the groupName already exists.

I presume the New-ADGroup cmdlet requires administrator privileges but I don't know what prig-level or account WFA command run under.

param (

  [parameter(Mandatory=$true, HelpMessage="Prefix String")]

  [string] $PrefixString

)

#   Description: Create AD Groups and ...

#

# Setup environment to use Active Directory modules

    Import-module servermanager

    Add-WindowsFeature -Name “RSAT-AD-Powershell” –includeAllSubFeature

    Import-Module activedirectory

#

{

try {

      New-ADGroup -name XYZZY-Group -GroupScope Universal

      } catch  [System.Exception] {

      $errMsg = "New-ADGroup: could not create group: $($_.Exception)"

      Get-WFALogger -message $errMsg -Error

      #write-output "$errMsg"

      }

}

Re: Can't get an AD cmdlet to execute in WFA

The command scope is the problem. You have a {} pair before your try-catch. They are marked in RED below and commented out. The below code works as expected.

=======

param (

  [parameter(Mandatory=$true, HelpMessage="Prefix String")]

  [string] $PrefixString

)

#   Description: Create AD Groups and ...

#

# Setup environment to use Active Directory modules

    Import-module servermanager

    Add-WindowsFeature -Name “RSAT-AD-Powershell” –includeAllSubFeature

    Import-Module activedirectory

#

#{

try {

      New-ADGroup -name XYZZY-Group -GroupScope Universal

      } catch  [System.Exception] {

      $errMsg = "New-ADGroup: could not create group: $($_.Exception)"

      Get-WFALogger -message $errMsg -Error

      #write-output "$errMsg"

      }

#}

=======

@ I presume the New-ADGroup cmdlet requires administrator privileges but I don't know what prig-level or account WFA command run under.

======

WFA command runs using local system account by default. This of course can be changed.


@

# Setup environment to use Active Directory modules

    Import-module servermanager

    Add-WindowsFeature -Name “RSAT-AD-Powershell” –includeAllSubFeature

------

I don't think this needs to be done at command level, every single time the command executes. RSAT loading could take time and its a one-time activity. So I suggest you do it from outside once and only use Import-module ActiveDirectory in the command.

sinhaa



Message was edited by: Abhishek Sinha

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: Can't get an AD cmdlet to execute in WFA

Thanks sinhaa,