[servman] RE: powershell script in SCSM 2010 workflow

2015-01-12 Thread Costello, Michael 
Well I tried running  Get-ADGroup -LDAPFilter 
(member:1.2.840.113556.1.4.1941:=$ADUserDN) Through SCSM and outputting the 
result to a log file.  Nothing is outputted. The same script has no issue 
reading and manipulating Users but seems to have trouble with Groups.  It does 
sound like a permission problem but the Work Flow account and Service account 
can run the script through ISE.  I also tried running procmon and filtering on 
denied results but nothing came up.



From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Brandon Ryan
Sent: Friday, January 9, 2015 12:01 PM
To: servman@lists.myitforum.com
Subject: [servman] RE: powershell script in SCSM 2010 workflow

If all else fails, whenever I find an issue that has to do with context like 
this in PowerShell, sometimes I have gotten away with using New-PsSession and 
Invoke-Command to run the block of code in its own sandbox on the same machine 
or to run it remotely on a different machine.  I'd save that for a last resort, 
but it may be something to keep in your toolbelt.

Brandon Ryan

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Costello, Michael
Sent: Friday, January 9, 2015 11:55 AM
To: servman@lists.myitforum.commailto:servman@lists.myitforum.com
Subject: [servman] RE: powershell script in SCSM 2010 workflow

The script does work in ISE as the workflow account.  I also tried the service 
account just to be sure, and it also works in ISE for that user.



From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brandon Ryan
Sent: Friday, January 9, 2015 11:47 AM
To: servman@lists.myitforum.commailto:servman@lists.myitforum.com
Subject: [servman] RE: powershell script in SCSM 2010 workflow

One other thought, does the account you have defined as the Service Manager 
Workflow RunAs account have permissions on the active directory to get the 
groups of the user?  Try running the script in the ISE as the workflow account 
user and see if it has the same behavior.

Brandon Ryan
Software Engineer
ClearPointe

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Costello, Michael
Sent: Friday, January 9, 2015 11:25 AM
To: servman@lists.myitforum.commailto:servman@lists.myitforum.com
Subject: [servman] RE: powershell script in SCSM 2010 workflow

Sorry, forgot to say that is the only parameter being passed to the activity. 
That part works.

[cid:image001.png@01D02E42.E2883180]

Michael Costello
Nebraska Department of Roads
IT Infrastructure Support Analyst
402-479-3827

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brandon Ryan
Sent: Friday, January 9, 2015 11:09 AM
To: servman@lists.myitforum.commailto:servman@lists.myitforum.com
Subject: [servman] RE: powershell script in SCSM 2010 workflow

Where is $activity_id being set?  Have you checked to see if it is blank in the 
script when running as part of the workflow?  Do you have a param() statement 
at the beginning of the script to accept parameters from the workflow?  You 
must also define parameters to send data from the workflow into the script.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Costello, Michael
Sent: Friday, January 9, 2015 9:40 AM
To: servman@lists.myITforum.commailto:servman@lists.myITforum.com
Subject: [servman] powershell script in SCSM 2010 workflow

Hello all,

I have a custom management pack created through the authoring tool.  In the 
work flow all I have is a powershell script to run and a set activity status to 
completed, see below.

[cid:image002.png@01D02E42.E2883180]

The simplified script is as follows:

Function GetGroups ($object)
{
Get-ADPrincipalGroupMembership $object | ForEach `
{
$_
Get-ADPrincipalGroupMembership $_
}
}

Import-Module C:\Program Files\Common Files\SMLets\SMLets.Module.dll
Import-Module ActiveDirectory -Force

#Grab all the information from the activity
$activity = get-scsmobject -class (get-scsmclass -name 
UARTerminationActivityClass) -filter ID -eq $activity_id

$Username = $activity.Username

$memberof = (GetGroups $Username | Select name).name


The script is designed to find all the AD groups an inputted user is a member 
of recursively.  When I run the script in ISE it works fine.  But when executed 
through SCSM $memberof is blank, I verified by having it output $memberof to a 
log file.  I have tried a couple different methods of finding the groups but 
each time the variable is returned blank.  I have tried using Try/Catch for 
debugging, but no errors occur.  I have been scouring the web for an 
explanation but I haven't found one yet.  Can anyone help me understand what's

[servman] RE: powershell script in SCSM 2010 workflow

2015-01-12 Thread Brandon Ryan 
There are also SMA runbooks, which would allow you to use PowerShell workflow, 
which is quite similar to PowerShell.  Orchestrator is technology of the past 
and SMA is technology of the future.  If you are starting from scratch with 
runbooks in your environment, you might consider starting there.

Brandon Ryan
ClearPointe

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Costello, Michael
Sent: Monday, January 12, 2015 9:31 AM
To: servman@lists.myitforum.com
Subject: [servman] RE: powershell script in SCSM 2010 workflow


I ran the query, there are some errors but nothing related to Get-AdGroup or 
Get-AdPrincipleGroupMembership.

I have a test VM for orchestrator, it's been a year or more since I've looked 
at it.  I'll see if I can get it to work.


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Anders Asp
Sent: Monday, January 12, 2015 8:42 AM
To: servman@lists.myitforum.commailto:servman@lists.myitforum.com
Subject: [servman] RE: powershell script in SCSM 2010 workflow

Have you checked the DB for any error messages?

select
 job.TimeScheduled,
 job.TimeStarted,
 job.TimeFinished,
 job.ErrorCode,
 job.ErrorMessage,
 convert(xml,job.Output),
 job.Status,
 Disp.DisplayName from JobStatusView  job
join DisplayStringView Disp
on job.TaskId = disp.LTStringId
where disp.LanguageCode = 'enu'
order by TimeScheduled desc

Also, why aren't you running this as a runbook? :)

Regards
//Anders

[Description: Description: Description: Description: lumagate_logo_rgb_signatur]
Anders Asp
Birger Jarlsgatan 62, 114 29 Stockholm
T +46(0)8 665 33 00 M +46(0)76 77 44 660
anders@lumagate.commailto:anders@lumagate.com, 
www.lumagate.sehttp://www.lumagate.se/, www.scsm.sehttp://www.scsm.se/

[Description: Description: Beskrivning: 
FB]http://www.facebook.com/pages/Lumagate-AB/190847637594983#!/group.php?gid=160574630632979
 [Description: Description: cid:image002.png@01CBF9E9.A15FD6E0] 
http://www.lumagate.se/rssFeed.asp  [Description: Description: 
cid:image003.png@01CBF9E9.A15FD6E0] http://www.linkedin.com/company/1270417
Vill du få mer information eller vårt nyhetsbrev klicka 
härhttp://www.lumagate.se/pages.asp?r_id=17798.
[Description: MVP_Horizontal_FullColor_72px]

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Costello, Michael
Sent: den 12 januari 2015 15:37
To: servman@lists.myitforum.commailto:servman@lists.myitforum.com
Subject: [servman] RE: powershell script in SCSM 2010 workflow

Well I tried running  Get-ADGroup -LDAPFilter 
(member:1.2.840.113556.1.4.1941:=$ADUserDN) Through SCSM and outputting the 
result to a log file.  Nothing is outputted. The same script has no issue 
reading and manipulating Users but seems to have trouble with Groups.  It does 
sound like a permission problem but the Work Flow account and Service account 
can run the script through ISE.  I also tried running procmon and filtering on 
denied results but nothing came up.



From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brandon Ryan
Sent: Friday, January 9, 2015 12:01 PM
To: servman@lists.myitforum.commailto:servman@lists.myitforum.com
Subject: [servman] RE: powershell script in SCSM 2010 workflow

If all else fails, whenever I find an issue that has to do with context like 
this in PowerShell, sometimes I have gotten away with using New-PsSession and 
Invoke-Command to run the block of code in its own sandbox on the same machine 
or to run it remotely on a different machine.  I'd save that for a last resort, 
but it may be something to keep in your toolbelt.

Brandon Ryan

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Costello, Michael
Sent: Friday, January 9, 2015 11:55 AM
To: servman@lists.myitforum.commailto:servman@lists.myitforum.com
Subject: [servman] RE: powershell script in SCSM 2010 workflow

The script does work in ISE as the workflow account.  I also tried the service 
account just to be sure, and it also works in ISE for that user.



From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brandon Ryan
Sent: Friday, January 9, 2015 11:47 AM
To: servman@lists.myitforum.commailto:servman@lists.myitforum.com
Subject: [servman] RE: powershell script in SCSM 2010 workflow

One other thought, does the account you have defined as the Service Manager 
Workflow RunAs account have permissions on the active directory to get the 
groups of the user?  Try running the script

[servman] RE: powershell script in SCSM 2010 workflow

2015-01-09 Thread Costello, Michael 
Sorry, forgot to say that is the only parameter being passed to the activity. 
That part works.

[cid:image002.png@01D02BFE.E844E0A0]

Michael Costello
Nebraska Department of Roads
IT Infrastructure Support Analyst
402-479-3827

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Brandon Ryan
Sent: Friday, January 9, 2015 11:09 AM
To: servman@lists.myitforum.com
Subject: [servman] RE: powershell script in SCSM 2010 workflow

Where is $activity_id being set?  Have you checked to see if it is blank in the 
script when running as part of the workflow?  Do you have a param() statement 
at the beginning of the script to accept parameters from the workflow?  You 
must also define parameters to send data from the workflow into the script.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Costello, Michael
Sent: Friday, January 9, 2015 9:40 AM
To: servman@lists.myITforum.commailto:servman@lists.myITforum.com
Subject: [servman] powershell script in SCSM 2010 workflow

Hello all,

I have a custom management pack created through the authoring tool.  In the 
work flow all I have is a powershell script to run and a set activity status to 
completed, see below.

[cid:image003.png@01D02BFE.E844E0A0]

The simplified script is as follows:

Function GetGroups ($object)
{
Get-ADPrincipalGroupMembership $object | ForEach `
{
$_
Get-ADPrincipalGroupMembership $_
}
}

Import-Module C:\Program Files\Common Files\SMLets\SMLets.Module.dll
Import-Module ActiveDirectory -Force

#Grab all the information from the activity
$activity = get-scsmobject -class (get-scsmclass -name 
UARTerminationActivityClass) -filter ID -eq $activity_id

$Username = $activity.Username

$memberof = (GetGroups $Username | Select name).name


The script is designed to find all the AD groups an inputted user is a member 
of recursively.  When I run the script in ISE it works fine.  But when executed 
through SCSM $memberof is blank, I verified by having it output $memberof to a 
log file.  I have tried a couple different methods of finding the groups but 
each time the variable is returned blank.  I have tried using Try/Catch for 
debugging, but no errors occur.  I have been scouring the web for an 
explanation but I haven't found one yet.  Can anyone help me understand what's 
happening?

Thanks,
Michael

[servman] RE: powershell script in SCSM 2010 workflow

2015-01-09 Thread Brandon Ryan 
One other thought, does the account you have defined as the Service Manager 
Workflow RunAs account have permissions on the active directory to get the 
groups of the user?  Try running the script in the ISE as the workflow account 
user and see if it has the same behavior.

Brandon Ryan
Software Engineer
ClearPointe

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Costello, Michael
Sent: Friday, January 9, 2015 11:25 AM
To: servman@lists.myitforum.com
Subject: [servman] RE: powershell script in SCSM 2010 workflow

Sorry, forgot to say that is the only parameter being passed to the activity. 
That part works.

[cid:image001.png@01D02C02.04A037B0]

Michael Costello
Nebraska Department of Roads
IT Infrastructure Support Analyst
402-479-3827

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brandon Ryan
Sent: Friday, January 9, 2015 11:09 AM
To: servman@lists.myitforum.commailto:servman@lists.myitforum.com
Subject: [servman] RE: powershell script in SCSM 2010 workflow

Where is $activity_id being set?  Have you checked to see if it is blank in the 
script when running as part of the workflow?  Do you have a param() statement 
at the beginning of the script to accept parameters from the workflow?  You 
must also define parameters to send data from the workflow into the script.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Costello, Michael
Sent: Friday, January 9, 2015 9:40 AM
To: servman@lists.myITforum.commailto:servman@lists.myITforum.com
Subject: [servman] powershell script in SCSM 2010 workflow

Hello all,

I have a custom management pack created through the authoring tool.  In the 
work flow all I have is a powershell script to run and a set activity status to 
completed, see below.

[cid:image002.png@01D02C02.04A037B0]

The simplified script is as follows:

Function GetGroups ($object)
{
Get-ADPrincipalGroupMembership $object | ForEach `
{
$_
Get-ADPrincipalGroupMembership $_
}
}

Import-Module C:\Program Files\Common Files\SMLets\SMLets.Module.dll
Import-Module ActiveDirectory -Force

#Grab all the information from the activity
$activity = get-scsmobject -class (get-scsmclass -name 
UARTerminationActivityClass) -filter ID -eq $activity_id

$Username = $activity.Username

$memberof = (GetGroups $Username | Select name).name


The script is designed to find all the AD groups an inputted user is a member 
of recursively.  When I run the script in ISE it works fine.  But when executed 
through SCSM $memberof is blank, I verified by having it output $memberof to a 
log file.  I have tried a couple different methods of finding the groups but 
each time the variable is returned blank.  I have tried using Try/Catch for 
debugging, but no errors occur.  I have been scouring the web for an 
explanation but I haven't found one yet.  Can anyone help me understand what's 
happening?

Thanks,
Michael

[servman] RE: powershell script in SCSM 2010 workflow

2015-01-09 Thread Brandon Ryan 
Where is $activity_id being set?  Have you checked to see if it is blank in the 
script when running as part of the workflow?  Do you have a param() statement 
at the beginning of the script to accept parameters from the workflow?  You 
must also define parameters to send data from the workflow into the script.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Costello, Michael
Sent: Friday, January 9, 2015 9:40 AM
To: servman@lists.myITforum.com
Subject: [servman] powershell script in SCSM 2010 workflow

Hello all,

I have a custom management pack created through the authoring tool.  In the 
work flow all I have is a powershell script to run and a set activity status to 
completed, see below.

[cid:image001.png@01D02BFC.A7A1B4D0]

The simplified script is as follows:

Function GetGroups ($object)
{
Get-ADPrincipalGroupMembership $object | ForEach `
{
$_
Get-ADPrincipalGroupMembership $_
}
}

Import-Module C:\Program Files\Common Files\SMLets\SMLets.Module.dll
Import-Module ActiveDirectory -Force

#Grab all the information from the activity
$activity = get-scsmobject -class (get-scsmclass -name 
UARTerminationActivityClass) -filter ID -eq $activity_id

$Username = $activity.Username

$memberof = (GetGroups $Username | Select name).name


The script is designed to find all the AD groups an inputted user is a member 
of recursively.  When I run the script in ISE it works fine.  But when executed 
through SCSM $memberof is blank, I verified by having it output $memberof to a 
log file.  I have tried a couple different methods of finding the groups but 
each time the variable is returned blank.  I have tried using Try/Catch for 
debugging, but no errors occur.  I have been scouring the web for an 
explanation but I haven't found one yet.  Can anyone help me understand what's 
happening?

Thanks,
Michael