Marcus Tornberg

Admiral
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2019-01-30
09:38
624 views
IDMPowershell service errors but returns success
Hi!
I have a strange issue with the AD driver and IDMPowershell service.
OS: Windows 2012 R2
IDM: 4.7.1
AD driver version: 4.1.1.0
IDMPowershellService: 4.1.1.0
First a successful execution
This is my problem. If I get an error executing my Powershell command, I can see that the IDMPowershell service returns an error:
But the status message to the engine is success:
Below is a remote loader trace:
Any ideas to what is causing this?
Best regards
Marcus
I have a strange issue with the AD driver and IDMPowershell service.
OS: Windows 2012 R2
IDM: 4.7.1
AD driver version: 4.1.1.0
IDMPowershellService: 4.1.1.0
First a successful execution
DirXML: [01/30/19 10:16:47.48]: Loader: Received 'subscriber execute' document
DirXML: [01/30/19 10:16:47.48]: Loader: XML Document:
DirXML: [01/30/19 10:16:47.48]: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.11.20080307 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="0">
<association>823f0bc8ac5d3e458e8b72476cd5dc07</association>
<modify-attr attr-name="PSExecute">
<remove-all-values/>
<add-value>
<value>$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Enable-DistributionGroup -AllowClobber;
Enable-DistributionGroup -Identity "dummydomain\OurTestGroup" -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [01/30/19 10:16:47.48]: Loader: Calling subscriptionShim->execute()
DirXML: [01/30/19 10:16:47.48]: Loader: XML Document:
DirXML: [01/30/19 10:16:47.48]: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.11.20080307 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="0">
<association>823f0bc8ac5d3e458e8b72476cd5dc07</association>
<modify-attr attr-name="PSExecute">
<remove-all-values/>
<add-value>
<value>$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Enable-DistributionGroup -AllowClobber;
Enable-DistributionGroup -Identity "dummydomain\OurTestGroup" -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [01/30/19 10:16:47.48]: ADDriver: parse command
className User
destDN
eventId 0
association 823f0bc8ac5d3e458e8b72476cd5dc07
DirXML: [01/30/19 10:16:47.48]: ADDriver: parse modify class = User
DirXML: [01/30/19 10:16:47.48]: ADDriver: association
DirXML: [01/30/19 10:16:47.48]: ADDriver: 823f0bc8ac5d3e458e8b72476cd5dc07
DirXML: [01/30/19 10:16:47.48]: ADDriver: modify-attr
DirXML: [01/30/19 10:16:47.48]: ADDriver: remove-all-values
DirXML: [01/30/19 10:16:47.48]: ADDriver: add-value
DirXML: [01/30/19 10:16:47.48]: ADDriver: value
DirXML: [01/30/19 10:16:47.48]: ADDriver: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Enable-DistributionGroup -AllowClobber;
Enable-DistributionGroup -Identity "dummydomain\OurTestGroup" -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession
DirXML: [01/30/19 10:16:47.48]: ADDriver: ldap_modify User CN=OurTestGroup,OU=Distribution,OU=Groups,DC=dummydomain,DC=no
LDAPMod operations:
DirXML: [01/30/19 10:16:47.48]: ADDriver: Executing Power Shell Command:
DirXML: [01/30/19 10:16:47.48]: ADDriver: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Enable-DistributionGroup -AllowClobber;
Enable-DistributionGroup -Identity "dummydomain\OurTestGroup" -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession
DirXML: [01/30/19 10:16:49.10]: ADDriver: PowerShell: IDM PowerShell Service Response SUCCESS :
tmp_t1pqaptq.u1p
DL-ADMN-Externe (Administrasjon)
DirXML: [01/30/19 10:16:49.10]: Loader: subscriptionShim->execute() returned:
DirXML: [01/30/19 10:16:49.10]: Loader: XML Document:
DirXML: [01/30/19 10:16:49.10]: <nds ndsversion="8.7" dtdversion="1.1">
<source>
<product version="4.1.1.0" asn1id="" build="20180125_120000" instance="\IDM-TEST-TREE\system\driverset1\AD-dummydomain">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status level="success" event-id="0" type="powershell"/>
<status level="success" event-id="0"/>
</output>
</nds>
DirXML: [01/30/19 10:16:49.10]:
DirXML Log Event -------------------
Driver = \IDM-TEST-TREE\system\driverset1\AD-dummydomain
Thread = Subscriber Channel
Level = success
DirXML: [01/30/19 10:16:49.10]:
DirXML Log Event -------------------
Driver = \IDM-TEST-TREE\system\driverset1\AD-dummydomain
Thread = Subscriber Channel
Level = success
This is my problem. If I get an error executing my Powershell command, I can see that the IDMPowershell service returns an error:
ADDriver: PowerShell: IDM PowerShell Service Response ERROR : Cannot process argument transformation on parameter 'MemberDepartRestriction'. Cannot convert value "Closed2" to type "Microsoft.Exchange.Data.Directory.Recipient.MemberUpdateType". Error: "Unable to match the identifier name Closed2 to a valid enumerator name. Specify one of the following enumerator names and try again:
Closed, Open, ApprovalRequired"
But the status message to the engine is success:
<status level="success" event-id="0" type="powershell"/>
Below is a remote loader trace:
DirXML: [01/30/19 10:16:49.17]: Loader: Received 'subscriber execute' document
DirXML: [01/30/19 10:16:49.17]: Loader: XML Document:
DirXML: [01/30/19 10:16:49.17]: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.11.20080307 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="0">
<association>823f0bc8ac5d3e458e8b72476cd5dc07</association>
<modify-attr attr-name="PSExecute">
<remove-all-values/>
<add-value>
<value>$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Set-DistributionGroup -AllowClobber;
Set-DistributionGroup -Identity "dummydomain\OurTestGroup" -MemberDepartRestriction Closed2 -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [01/30/19 10:16:49.17]: Loader: Calling subscriptionShim->execute()
DirXML: [01/30/19 10:16:49.17]: Loader: XML Document:
DirXML: [01/30/19 10:16:49.17]: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.11.20080307 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="0">
<association>823f0bc8ac5d3e458e8b72476cd5dc07</association>
<modify-attr attr-name="PSExecute">
<remove-all-values/>
<add-value>
<value>$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Set-DistributionGroup -AllowClobber;
Set-DistributionGroup -Identity "dummydomain\OurTestGroup" -MemberDepartRestriction Closed2 -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [01/30/19 10:16:49.17]: ADDriver: parse command
className User
destDN
eventId 0
association 823f0bc8ac5d3e458e8b72476cd5dc07
DirXML: [01/30/19 10:16:49.17]: ADDriver: parse modify class = User
DirXML: [01/30/19 10:16:49.17]: ADDriver: association
DirXML: [01/30/19 10:16:49.17]: ADDriver: 823f0bc8ac5d3e458e8b72476cd5dc07
DirXML: [01/30/19 10:16:49.17]: ADDriver: modify-attr
DirXML: [01/30/19 10:16:49.17]: ADDriver: remove-all-values
DirXML: [01/30/19 10:16:49.17]: ADDriver: add-value
DirXML: [01/30/19 10:16:49.17]: ADDriver: value
DirXML: [01/30/19 10:16:49.17]: ADDriver: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Set-DistributionGroup -AllowClobber;
Set-DistributionGroup -Identity "dummydomain\OurTestGroup" -MemberDepartRestriction Closed2 -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession
DirXML: [01/30/19 10:16:49.19]: ADDriver: ldap_modify User CN=OurTestGroup,OU=Distribution,OU=Groups,DC=dummydomain,DC=no
LDAPMod operations:
DirXML: [01/30/19 10:16:49.19]: ADDriver: Executing Power Shell Command:
DirXML: [01/30/19 10:16:49.19]: ADDriver: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Set-DistributionGroup -AllowClobber;
Set-DistributionGroup -Identity "dummydomain\OurTestGroup" -MemberDepartRestriction Closed2 -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession
DirXML: [01/30/19 10:16:49.66]: ADDriver: PowerShell: IDM PowerShell Service Response ERROR : Cannot process argument transformation on parameter 'MemberDepartRestriction'. Cannot convert value "Closed2" to type "Microsoft.Exchange.Data.Directory.Recipient.MemberUpdateType". Error: "Unable to match the identifier name Closed2 to a valid enumerator name. Specify one of the following enumerator names and try again:
Closed, Open, ApprovalRequired"
DirXML: [01/30/19 10:16:49.66]: Loader: subscriptionShim->execute() returned:
DirXML: [01/30/19 10:16:49.66]: Loader: XML Document:
DirXML: [01/30/19 10:16:49.66]: <nds ndsversion="8.7" dtdversion="1.1">
<source>
<product version="4.1.1.0" asn1id="" build="20180125_120000" instance="\IDM-TEST-TREE\system\driverset1\AD-dummydomain">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status level="success" event-id="0" type="powershell"/>
<status level="success" event-id="0"/>
</output>
</nds>
DirXML: [01/30/19 10:16:49.66]:
DirXML Log Event -------------------
Driver = \IDM-TEST-TREE\system\driverset1\AD-dummydomain
Thread = Subscriber Channel
Level = success
DirXML: [01/30/19 10:16:49.66]:
DirXML Log Event -------------------
Driver = \IDM-TEST-TREE\system\driverset1\AD-dummydomain
Thread = Subscriber Channel
Level = success
Any ideas to what is causing this?
Best regards
Marcus
6 Replies


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2019-01-30
16:13
marcus_jonsson;2494538 wrote:
Hi!
I have a strange issue with the AD driver and IDMPowershell service.
OS: Windows 2012 R2
IDM: 4.7.1
AD driver version: 4.1.1.0
IDMPowershellService: 4.1.1.0
First a successful executionDirXML: [01/30/19 10:16:47.48]: Loader: Received 'subscriber execute' document
DirXML: [01/30/19 10:16:47.48]: Loader: XML Document:
DirXML: [01/30/19 10:16:47.48]: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.11.20080307 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="0">
<association>823f0bc8ac5d3e458e8b72476cd5dc07</association>
<modify-attr attr-name="PSExecute">
<remove-all-values/>
<add-value>
<value>$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Enable-DistributionGroup -AllowClobber;
Enable-DistributionGroup -Identity "dummydomain\OurTestGroup" -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [01/30/19 10:16:47.48]: Loader: Calling subscriptionShim->execute()
DirXML: [01/30/19 10:16:47.48]: Loader: XML Document:
DirXML: [01/30/19 10:16:47.48]: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.11.20080307 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="0">
<association>823f0bc8ac5d3e458e8b72476cd5dc07</association>
<modify-attr attr-name="PSExecute">
<remove-all-values/>
<add-value>
<value>$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Enable-DistributionGroup -AllowClobber;
Enable-DistributionGroup -Identity "dummydomain\OurTestGroup" -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [01/30/19 10:16:47.48]: ADDriver: parse command
className User
destDN
eventId 0
association 823f0bc8ac5d3e458e8b72476cd5dc07
DirXML: [01/30/19 10:16:47.48]: ADDriver: parse modify class = User
DirXML: [01/30/19 10:16:47.48]: ADDriver: association
DirXML: [01/30/19 10:16:47.48]: ADDriver: 823f0bc8ac5d3e458e8b72476cd5dc07
DirXML: [01/30/19 10:16:47.48]: ADDriver: modify-attr
DirXML: [01/30/19 10:16:47.48]: ADDriver: remove-all-values
DirXML: [01/30/19 10:16:47.48]: ADDriver: add-value
DirXML: [01/30/19 10:16:47.48]: ADDriver: value
DirXML: [01/30/19 10:16:47.48]: ADDriver: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Enable-DistributionGroup -AllowClobber;
Enable-DistributionGroup -Identity "dummydomain\OurTestGroup" -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession
DirXML: [01/30/19 10:16:47.48]: ADDriver: ldap_modify User CN=OurTestGroup,OU=Distribution,OU=Groups,DC=dummydomain,DC=no
LDAPMod operations:
DirXML: [01/30/19 10:16:47.48]: ADDriver: Executing Power Shell Command:
DirXML: [01/30/19 10:16:47.48]: ADDriver: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Enable-DistributionGroup -AllowClobber;
Enable-DistributionGroup -Identity "dummydomain\OurTestGroup" -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession
DirXML: [01/30/19 10:16:49.10]: ADDriver: PowerShell: IDM PowerShell Service Response SUCCESS :
tmp_t1pqaptq.u1p
DL-ADMN-Externe (Administrasjon)
DirXML: [01/30/19 10:16:49.10]: Loader: subscriptionShim->execute() returned:
DirXML: [01/30/19 10:16:49.10]: Loader: XML Document:
DirXML: [01/30/19 10:16:49.10]: <nds ndsversion="8.7" dtdversion="1.1">
<source>
<product version="4.1.1.0" asn1id="" build="20180125_120000" instance="\IDM-TEST-TREE\system\driverset1\AD-dummydomain">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status level="success" event-id="0" type="powershell"/>
<status level="success" event-id="0"/>
</output>
</nds>
DirXML: [01/30/19 10:16:49.10]:
DirXML Log Event -------------------
Driver = \IDM-TEST-TREE\system\driverset1\AD-dummydomain
Thread = Subscriber Channel
Level = success
DirXML: [01/30/19 10:16:49.10]:
DirXML Log Event -------------------
Driver = \IDM-TEST-TREE\system\driverset1\AD-dummydomain
Thread = Subscriber Channel
Level = success
This is my problem. If I get an error executing my Powershell command, I can see that the IDMPowershell service returns an error:ADDriver: PowerShell: IDM PowerShell Service Response ERROR : Cannot process argument transformation on parameter 'MemberDepartRestriction'. Cannot convert value "Closed2" to type "Microsoft.Exchange.Data.Directory.Recipient.MemberUpdateType". Error: "Unable to match the identifier name Closed2 to a valid enumerator name. Specify one of the following enumerator names and try again:
Closed, Open, ApprovalRequired"
But the status message to the engine is success:<status level="success" event-id="0" type="powershell"/>
Below is a remote loader trace:DirXML: [01/30/19 10:16:49.17]: Loader: Received 'subscriber execute' document
DirXML: [01/30/19 10:16:49.17]: Loader: XML Document:
DirXML: [01/30/19 10:16:49.17]: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.11.20080307 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="0">
<association>823f0bc8ac5d3e458e8b72476cd5dc07</association>
<modify-attr attr-name="PSExecute">
<remove-all-values/>
<add-value>
<value>$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Set-DistributionGroup -AllowClobber;
Set-DistributionGroup -Identity "dummydomain\OurTestGroup" -MemberDepartRestriction Closed2 -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [01/30/19 10:16:49.17]: Loader: Calling subscriptionShim->execute()
DirXML: [01/30/19 10:16:49.17]: Loader: XML Document:
DirXML: [01/30/19 10:16:49.17]: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.11.20080307 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="0">
<association>823f0bc8ac5d3e458e8b72476cd5dc07</association>
<modify-attr attr-name="PSExecute">
<remove-all-values/>
<add-value>
<value>$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Set-DistributionGroup -AllowClobber;
Set-DistributionGroup -Identity "dummydomain\OurTestGroup" -MemberDepartRestriction Closed2 -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [01/30/19 10:16:49.17]: ADDriver: parse command
className User
destDN
eventId 0
association 823f0bc8ac5d3e458e8b72476cd5dc07
DirXML: [01/30/19 10:16:49.17]: ADDriver: parse modify class = User
DirXML: [01/30/19 10:16:49.17]: ADDriver: association
DirXML: [01/30/19 10:16:49.17]: ADDriver: 823f0bc8ac5d3e458e8b72476cd5dc07
DirXML: [01/30/19 10:16:49.17]: ADDriver: modify-attr
DirXML: [01/30/19 10:16:49.17]: ADDriver: remove-all-values
DirXML: [01/30/19 10:16:49.17]: ADDriver: add-value
DirXML: [01/30/19 10:16:49.17]: ADDriver: value
DirXML: [01/30/19 10:16:49.17]: ADDriver: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Set-DistributionGroup -AllowClobber;
Set-DistributionGroup -Identity "dummydomain\OurTestGroup" -MemberDepartRestriction Closed2 -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession
DirXML: [01/30/19 10:16:49.19]: ADDriver: ldap_modify User CN=OurTestGroup,OU=Distribution,OU=Groups,DC=dummydomain,DC=no
LDAPMod operations:
DirXML: [01/30/19 10:16:49.19]: ADDriver: Executing Power Shell Command:
DirXML: [01/30/19 10:16:49.19]: ADDriver: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Set-DistributionGroup -AllowClobber;
Set-DistributionGroup -Identity "dummydomain\OurTestGroup" -MemberDepartRestriction Closed2 -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession
DirXML: [01/30/19 10:16:49.66]: ADDriver: PowerShell: IDM PowerShell Service Response ERROR : Cannot process argument transformation on parameter 'MemberDepartRestriction'. Cannot convert value "Closed2" to type "Microsoft.Exchange.Data.Directory.Recipient.MemberUpdateType". Error: "Unable to match the identifier name Closed2 to a valid enumerator name. Specify one of the following enumerator names and try again:
Closed, Open, ApprovalRequired"
DirXML: [01/30/19 10:16:49.66]: Loader: subscriptionShim->execute() returned:
DirXML: [01/30/19 10:16:49.66]: Loader: XML Document:
DirXML: [01/30/19 10:16:49.66]: <nds ndsversion="8.7" dtdversion="1.1">
<source>
<product version="4.1.1.0" asn1id="" build="20180125_120000" instance="\IDM-TEST-TREE\system\driverset1\AD-dummydomain">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status level="success" event-id="0" type="powershell"/>
<status level="success" event-id="0"/>
</output>
</nds>
DirXML: [01/30/19 10:16:49.66]:
DirXML Log Event -------------------
Driver = \IDM-TEST-TREE\system\driverset1\AD-dummydomain
Thread = Subscriber Channel
Level = success
DirXML: [01/30/19 10:16:49.66]:
DirXML Log Event -------------------
Driver = \IDM-TEST-TREE\system\driverset1\AD-dummydomain
Thread = Subscriber Channel
Level = success
Any ideas to what is causing this?
Best regards
Marcus
If I recall correctly, that's how this works. The "success" is that it successfully launched the PowerShell command. It doesn't report back whether or not it actually worked. For that, you need the Scripting driver.


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2019-01-31
15:38
>
> If I recall correctly, that's how this works. The "success" is that it
> successfully launched the PowerShell command. It doesn't report back
> whether or not it actually worked. For that, you need the Scripting
> driver.
I sort of agree and disagree with David. This is a weakness of the
PSExecute approach. It really does not return much.
However I disagree ince i HAVE gotten errors back. Of course that could
comply with David's comment that the errors i have seen return are when
it fails to launch the command. But I cannot recall for certain.
They were trying to be helpful, not replace a scripting driver.
The Azure driver in some ways is better (newer PS service, that is REST
based) and worse (Since some of it is shown in RL trace but accessible
in policy).
> If I recall correctly, that's how this works. The "success" is that it
> successfully launched the PowerShell command. It doesn't report back
> whether or not it actually worked. For that, you need the Scripting
> driver.
I sort of agree and disagree with David. This is a weakness of the
PSExecute approach. It really does not return much.
However I disagree ince i HAVE gotten errors back. Of course that could
comply with David's comment that the errors i have seen return are when
it fails to launch the command. But I cannot recall for certain.
They were trying to be helpful, not replace a scripting driver.
The Azure driver in some ways is better (newer PS service, that is REST
based) and worse (Since some of it is shown in RL trace but accessible
in policy).


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2019-01-31
17:20
geoffc;2494623 wrote:
>
> If I recall correctly, that's how this works. The "success" is that it
> successfully launched the PowerShell command. It doesn't report back
> whether or not it actually worked. For that, you need the Scripting
> driver.
I sort of agree and disagree with David. This is a weakness of the
PSExecute approach. It really does not return much.
However I disagree ince i HAVE gotten errors back. Of course that could
comply with David's comment that the errors i have seen return are when
it fails to launch the command. But I cannot recall for certain.
They were trying to be helpful, not replace a scripting driver.
The Azure driver in some ways is better (newer PS service, that is REST
based) and worse (Since some of it is shown in RL trace but accessible
in policy).
I'd like to see better support for PSExecute with actual error handling / error return in the MAD driver. It doesn't, should not, replace the Scripting driver, but the way MS is making "everything" PowerShell enabled, we're going to see a lot more use of various PowerShell things needed, just to be able to do "everything" we need to do.


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2019-02-03
19:11
On 1/31/2019 12:24 PM, dgersic wrote:
>
> geoffc;2494623 Wrote:
>>>
>>> If I recall correctly, that's how this works. The "success" is that
>> it
>>> successfully launched the PowerShell command. It doesn't report back
>>> whether or not it actually worked. For that, you need the Scripting
>>> driver.
>>
>> I sort of agree and disagree with David. This is a weakness of the
>> PSExecute approach. It really does not return much.
>>
>> However I disagree ince i HAVE gotten errors back. Of course that could
>> comply with David's comment that the errors i have seen return are when
>> it fails to launch the command. But I cannot recall for certain.
>>
>> They were trying to be helpful, not replace a scripting driver.
>>
>> The Azure driver in some ways is better (newer PS service, that is REST
>> based) and worse (Since some of it is shown in RL trace but accessible
>> in policy).
>
> I'd like to see better support for PSExecute with actual error handling
> / error return in the MAD driver. It doesn't, should not, replace the
> Scripting driver, but the way MS is making "everything" PowerShell
> enabled, we're going to see a lot more use of various PowerShell things
> needed, just to be able to do "everything" we need to do.
Agreed, and hardcoding a shim to map XDS events/attributes to PowerShell
is not a good plan either.
>
> geoffc;2494623 Wrote:
>>>
>>> If I recall correctly, that's how this works. The "success" is that
>> it
>>> successfully launched the PowerShell command. It doesn't report back
>>> whether or not it actually worked. For that, you need the Scripting
>>> driver.
>>
>> I sort of agree and disagree with David. This is a weakness of the
>> PSExecute approach. It really does not return much.
>>
>> However I disagree ince i HAVE gotten errors back. Of course that could
>> comply with David's comment that the errors i have seen return are when
>> it fails to launch the command. But I cannot recall for certain.
>>
>> They were trying to be helpful, not replace a scripting driver.
>>
>> The Azure driver in some ways is better (newer PS service, that is REST
>> based) and worse (Since some of it is shown in RL trace but accessible
>> in policy).
>
> I'd like to see better support for PSExecute with actual error handling
> / error return in the MAD driver. It doesn't, should not, replace the
> Scripting driver, but the way MS is making "everything" PowerShell
> enabled, we're going to see a lot more use of various PowerShell things
> needed, just to be able to do "everything" we need to do.
Agreed, and hardcoding a shim to map XDS events/attributes to PowerShell
is not a good plan either.
Marcus Tornberg

Admiral
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2019-02-06
12:59
Hi.
I know 100% that I have seen errors returned back to the engine in the past. I just cannot recall what versions of AD-driver and IDMPowerShell service. So obviously something has changed to limit what is being returned from executing powershell commands.
I think this is really bad as executing Powershell commands from an Identity Manager solution should not be a premium function (require a licensed Scripting driver) in my opinion.
It makes me want to write an open source C# PowerShell driver that just can execute Powershell commands and return actual results. Lets see if that happens.
Best regards
Marcus
I know 100% that I have seen errors returned back to the engine in the past. I just cannot recall what versions of AD-driver and IDMPowerShell service. So obviously something has changed to limit what is being returned from executing powershell commands.
I think this is really bad as executing Powershell commands from an Identity Manager solution should not be a premium function (require a licensed Scripting driver) in my opinion.
It makes me want to write an open source C# PowerShell driver that just can execute Powershell commands and return actual results. Lets see if that happens.
Best regards
Marcus


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2019-02-07
16:02
On 2/6/2019 8:04 AM, marcus jonsson wrote:
>
> Hi.
>
> I know 100% that I have seen errors returned back to the engine in the
> past. I just cannot recall what versions of AD-driver and IDMPowerShell
> service. So obviously something has changed to limit what is being
> returned from executing powershell commands.
>
> I think this is really bad as executing Powershell commands from an
> Identity Manager solution should not be a premium function (require a
> licensed Scripting driver) in my opinion.
>
> It makes me want to write an open source C# PowerShell driver that just
> can execute Powershell commands and return actual results. Lets see if
> that happens.
Do it!!!!
Share it!!!
🙂
>
> Hi.
>
> I know 100% that I have seen errors returned back to the engine in the
> past. I just cannot recall what versions of AD-driver and IDMPowerShell
> service. So obviously something has changed to limit what is being
> returned from executing powershell commands.
>
> I think this is really bad as executing Powershell commands from an
> Identity Manager solution should not be a premium function (require a
> licensed Scripting driver) in my opinion.
>
> It makes me want to write an open source C# PowerShell driver that just
> can execute Powershell commands and return actual results. Lets see if
> that happens.
Do it!!!!
Share it!!!
🙂