The transition to NetApp MS Azure AD B2C is complete. If you missed the pre-registration, you will be invited to register at next log in.
Please note that access to your NetApp data may take up to 1 hour.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

Active IQ Unified Manager Discussions

Can't get an AD cmdlet to execute in WFA

korns

Attached is a very small WFA command that uses the Windows ServerManager ActiveDirectory commands to create an AD group. I can cut/paste the try/catch statement to a PoSH window and it executes as expected and creates the group. When I am in WFA and editing the command and use the [Test] button or execute it in a workflow it seems to do nothing and gives no error.

PS: the basic code is pasted below. When I cut/paste the logic to PoSH window I comment the  WFALogger command and use the write-output "$errMsg" instead. It runs, and when it runs twice it catches the error that the groupName already exists.

I presume the New-ADGroup cmdlet requires administrator privileges but I don't know what prig-level or account WFA command run under.

param (

  [parameter(Mandatory=$true, HelpMessage="Prefix String")]

  [string] $PrefixString

)

#   Description: Create AD Groups and ...

#

# Setup environment to use Active Directory modules

    Import-module servermanager

    Add-WindowsFeature -Name “RSAT-AD-Powershell” –includeAllSubFeature

    Import-Module activedirectory

#

{

try {

      New-ADGroup -name XYZZY-Group -GroupScope Universal

      } catch  [System.Exception] {

      $errMsg = "New-ADGroup: could not create group: $($_.Exception)"

      Get-WFALogger -message $errMsg -Error

      #write-output "$errMsg"

      }

}

1 ACCEPTED SOLUTION

sinhaa

The command scope is the problem. You have a {} pair before your try-catch. They are marked in RED below and commented out. The below code works as expected.

=======

param (

  [parameter(Mandatory=$true, HelpMessage="Prefix String")]

  [string] $PrefixString

)

#   Description: Create AD Groups and ...

#

# Setup environment to use Active Directory modules

    Import-module servermanager

    Add-WindowsFeature -Name “RSAT-AD-Powershell” –includeAllSubFeature

    Import-Module activedirectory

#

#{

try {

      New-ADGroup -name XYZZY-Group -GroupScope Universal

      } catch  [System.Exception] {

      $errMsg = "New-ADGroup: could not create group: $($_.Exception)"

      Get-WFALogger -message $errMsg -Error

      #write-output "$errMsg"

      }

#}

=======

@ I presume the New-ADGroup cmdlet requires administrator privileges but I don't know what prig-level or account WFA command run under.

======

WFA command runs using local system account by default. This of course can be changed.


@

# Setup environment to use Active Directory modules

    Import-module servermanager

    Add-WindowsFeature -Name “RSAT-AD-Powershell” –includeAllSubFeature

------

I don't think this needs to be done at command level, every single time the command executes. RSAT loading could take time and its a one-time activity. So I suggest you do it from outside once and only use Import-module ActiveDirectory in the command.

sinhaa



Message was edited by: Abhishek Sinha

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

2 REPLIES 2

sinhaa

The command scope is the problem. You have a {} pair before your try-catch. They are marked in RED below and commented out. The below code works as expected.

=======

param (

  [parameter(Mandatory=$true, HelpMessage="Prefix String")]

  [string] $PrefixString

)

#   Description: Create AD Groups and ...

#

# Setup environment to use Active Directory modules

    Import-module servermanager

    Add-WindowsFeature -Name “RSAT-AD-Powershell” –includeAllSubFeature

    Import-Module activedirectory

#

#{

try {

      New-ADGroup -name XYZZY-Group -GroupScope Universal

      } catch  [System.Exception] {

      $errMsg = "New-ADGroup: could not create group: $($_.Exception)"

      Get-WFALogger -message $errMsg -Error

      #write-output "$errMsg"

      }

#}

=======

@ I presume the New-ADGroup cmdlet requires administrator privileges but I don't know what prig-level or account WFA command run under.

======

WFA command runs using local system account by default. This of course can be changed.


@

# Setup environment to use Active Directory modules

    Import-module servermanager

    Add-WindowsFeature -Name “RSAT-AD-Powershell” –includeAllSubFeature

------

I don't think this needs to be done at command level, every single time the command executes. RSAT loading could take time and its a one-time activity. So I suggest you do it from outside once and only use Import-module ActiveDirectory in the command.

sinhaa



Message was edited by: Abhishek Sinha

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

korns

Thanks sinhaa,

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public