If all else fails, whenever I find an issue that has to do with context like this in PowerShell, sometimes I have gotten away with using New-PsSession and Invoke-Command to run the block of code in its own sandbox on the same machine or to run it remotely on a different machine. I'd save that for a last resort, but it may be something to keep in your toolbelt.
Brandon Ryan From: [email protected] [mailto:[email protected]] On Behalf Of Costello, Michael Sent: Friday, January 9, 2015 11:55 AM To: [email protected] Subject: [servman] RE: powershell script in SCSM 2010 workflow The script does work in ISE as the workflow account. I also tried the service account just to be sure, and it also works in ISE for that user. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Brandon Ryan Sent: Friday, January 9, 2015 11:47 AM To: [email protected]<mailto:[email protected]> Subject: [servman] RE: powershell script in SCSM 2010 workflow One other thought, does the account you have defined as the Service Manager Workflow RunAs account have permissions on the active directory to get the groups of the user? Try running the script in the ISE as the workflow account user and see if it has the same behavior. Brandon Ryan Software Engineer ClearPointe From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Costello, Michael Sent: Friday, January 9, 2015 11:25 AM To: [email protected]<mailto:[email protected]> Subject: [servman] RE: powershell script in SCSM 2010 workflow Sorry, forgot to say that is the only parameter being passed to the activity. That part works. [cid:[email protected]] Michael Costello Nebraska Department of Roads IT Infrastructure Support Analyst 402-479-3827 From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Brandon Ryan Sent: Friday, January 9, 2015 11:09 AM To: [email protected]<mailto:[email protected]> Subject: [servman] RE: powershell script in SCSM 2010 workflow Where is $activity_id being set? Have you checked to see if it is blank in the script when running as part of the workflow? Do you have a param() statement at the beginning of the script to accept parameters from the workflow? You must also define parameters to send data from the workflow into the script. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Costello, Michael Sent: Friday, January 9, 2015 9:40 AM To: [email protected]<mailto:[email protected]> Subject: [servman] powershell script in SCSM 2010 workflow Hello all, I have a custom management pack created through the authoring tool. In the work flow all I have is a powershell script to run and a set activity status to completed, see below. [cid:[email protected]] The simplified script is as follows: Function GetGroups ($object) { Get-ADPrincipalGroupMembership $object | ForEach ` { $_ Get-ADPrincipalGroupMembership $_ } } Import-Module "C:\Program Files\Common Files\SMLets\SMLets.Module.dll" Import-Module ActiveDirectory -Force #Grab all the information from the activity $activity = get-scsmobject -class (get-scsmclass -name UARTerminationActivityClass) -filter "ID -eq $activity_id" $Username = $activity.Username $memberof = (GetGroups $Username | Select name).name The script is designed to find all the AD groups an inputted user is a member of recursively. When I run the script in ISE it works fine. But when executed through SCSM $memberof is blank, I verified by having it output $memberof to a log file. I have tried a couple different methods of finding the groups but each time the variable is returned blank. I have tried using Try/Catch for debugging, but no errors occur. I have been scouring the web for an explanation but I haven't found one yet. Can anyone help me understand what's happening? Thanks, Michael
