Marcus Tornberg Honored Contributor.
Honored Contributor.
518 views

IDMPowershell service errors but returns success

Hi!

I have a strange issue with the AD driver and IDMPowershell service.

OS: Windows 2012 R2
IDM: 4.7.1
AD driver version: 4.1.1.0
IDMPowershellService: 4.1.1.0

First a successful execution
DirXML: [01/30/19 10:16:47.48]: Loader: Received 'subscriber execute' document
DirXML: [01/30/19 10:16:47.48]: Loader: XML Document:
DirXML: [01/30/19 10:16:47.48]: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.11.20080307 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="0">
<association>823f0bc8ac5d3e458e8b72476cd5dc07</association>
<modify-attr attr-name="PSExecute">
<remove-all-values/>
<add-value>
<value>$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Enable-DistributionGroup -AllowClobber;
Enable-DistributionGroup -Identity "dummydomain\OurTestGroup" -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [01/30/19 10:16:47.48]: Loader: Calling subscriptionShim->execute()
DirXML: [01/30/19 10:16:47.48]: Loader: XML Document:
DirXML: [01/30/19 10:16:47.48]: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.11.20080307 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="0">
<association>823f0bc8ac5d3e458e8b72476cd5dc07</association>
<modify-attr attr-name="PSExecute">
<remove-all-values/>
<add-value>
<value>$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Enable-DistributionGroup -AllowClobber;
Enable-DistributionGroup -Identity "dummydomain\OurTestGroup" -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [01/30/19 10:16:47.48]: ADDriver: parse command

className User
destDN
eventId 0
association 823f0bc8ac5d3e458e8b72476cd5dc07
DirXML: [01/30/19 10:16:47.48]: ADDriver: parse modify class = User
DirXML: [01/30/19 10:16:47.48]: ADDriver: association
DirXML: [01/30/19 10:16:47.48]: ADDriver: 823f0bc8ac5d3e458e8b72476cd5dc07
DirXML: [01/30/19 10:16:47.48]: ADDriver: modify-attr
DirXML: [01/30/19 10:16:47.48]: ADDriver: remove-all-values
DirXML: [01/30/19 10:16:47.48]: ADDriver: add-value
DirXML: [01/30/19 10:16:47.48]: ADDriver: value
DirXML: [01/30/19 10:16:47.48]: ADDriver: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Enable-DistributionGroup -AllowClobber;
Enable-DistributionGroup -Identity "dummydomain\OurTestGroup" -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession
DirXML: [01/30/19 10:16:47.48]: ADDriver: ldap_modify User CN=OurTestGroup,OU=Distribution,OU=Groups,DC=dummydomain,DC=no
LDAPMod operations:
DirXML: [01/30/19 10:16:47.48]: ADDriver: Executing Power Shell Command:
DirXML: [01/30/19 10:16:47.48]: ADDriver: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Enable-DistributionGroup -AllowClobber;
Enable-DistributionGroup -Identity "dummydomain\OurTestGroup" -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession
DirXML: [01/30/19 10:16:49.10]: ADDriver: PowerShell: IDM PowerShell Service Response SUCCESS :
tmp_t1pqaptq.u1p
DL-ADMN-Externe (Administrasjon)
DirXML: [01/30/19 10:16:49.10]: Loader: subscriptionShim->execute() returned:
DirXML: [01/30/19 10:16:49.10]: Loader: XML Document:
DirXML: [01/30/19 10:16:49.10]: <nds ndsversion="8.7" dtdversion="1.1">
<source>
<product version="4.1.1.0" asn1id="" build="20180125_120000" instance="\IDM-TEST-TREE\system\driverset1\AD-dummydomain">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status level="success" event-id="0" type="powershell"/>
<status level="success" event-id="0"/>
</output>
</nds>
DirXML: [01/30/19 10:16:49.10]:
DirXML Log Event -------------------
Driver = \IDM-TEST-TREE\system\driverset1\AD-dummydomain
Thread = Subscriber Channel
Level = success
DirXML: [01/30/19 10:16:49.10]:
DirXML Log Event -------------------
Driver = \IDM-TEST-TREE\system\driverset1\AD-dummydomain
Thread = Subscriber Channel
Level = success


This is my problem. If I get an error executing my Powershell command, I can see that the IDMPowershell service returns an error:
ADDriver: PowerShell: IDM PowerShell Service Response ERROR :  Cannot process argument transformation on parameter 'MemberDepartRestriction'. Cannot convert value "Closed2" to type "Microsoft.Exchange.Data.Directory.Recipient.MemberUpdateType". Error: "Unable to match the identifier name Closed2 to a valid enumerator name. Specify one of the following enumerator names and try again:
Closed, Open, ApprovalRequired"


But the status message to the engine is success:
<status level="success" event-id="0" type="powershell"/>


Below is a remote loader trace:
DirXML: [01/30/19 10:16:49.17]: Loader: Received 'subscriber execute' document
DirXML: [01/30/19 10:16:49.17]: Loader: XML Document:
DirXML: [01/30/19 10:16:49.17]: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.11.20080307 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="0">
<association>823f0bc8ac5d3e458e8b72476cd5dc07</association>
<modify-attr attr-name="PSExecute">
<remove-all-values/>
<add-value>
<value>$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Set-DistributionGroup -AllowClobber;
Set-DistributionGroup -Identity "dummydomain\OurTestGroup" -MemberDepartRestriction Closed2 -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [01/30/19 10:16:49.17]: Loader: Calling subscriptionShim->execute()
DirXML: [01/30/19 10:16:49.17]: Loader: XML Document:
DirXML: [01/30/19 10:16:49.17]: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.11.20080307 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="0">
<association>823f0bc8ac5d3e458e8b72476cd5dc07</association>
<modify-attr attr-name="PSExecute">
<remove-all-values/>
<add-value>
<value>$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Set-DistributionGroup -AllowClobber;
Set-DistributionGroup -Identity "dummydomain\OurTestGroup" -MemberDepartRestriction Closed2 -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [01/30/19 10:16:49.17]: ADDriver: parse command

className User
destDN
eventId 0
association 823f0bc8ac5d3e458e8b72476cd5dc07
DirXML: [01/30/19 10:16:49.17]: ADDriver: parse modify class = User
DirXML: [01/30/19 10:16:49.17]: ADDriver: association
DirXML: [01/30/19 10:16:49.17]: ADDriver: 823f0bc8ac5d3e458e8b72476cd5dc07
DirXML: [01/30/19 10:16:49.17]: ADDriver: modify-attr
DirXML: [01/30/19 10:16:49.17]: ADDriver: remove-all-values
DirXML: [01/30/19 10:16:49.17]: ADDriver: add-value
DirXML: [01/30/19 10:16:49.17]: ADDriver: value
DirXML: [01/30/19 10:16:49.17]: ADDriver: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Set-DistributionGroup -AllowClobber;
Set-DistributionGroup -Identity "dummydomain\OurTestGroup" -MemberDepartRestriction Closed2 -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession
DirXML: [01/30/19 10:16:49.19]: ADDriver: ldap_modify User CN=OurTestGroup,OU=Distribution,OU=Groups,DC=dummydomain,DC=no
LDAPMod operations:
DirXML: [01/30/19 10:16:49.19]: ADDriver: Executing Power Shell Command:
DirXML: [01/30/19 10:16:49.19]: ADDriver: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Set-DistributionGroup -AllowClobber;
Set-DistributionGroup -Identity "dummydomain\OurTestGroup" -MemberDepartRestriction Closed2 -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession
DirXML: [01/30/19 10:16:49.66]: ADDriver: PowerShell: IDM PowerShell Service Response ERROR : Cannot process argument transformation on parameter 'MemberDepartRestriction'. Cannot convert value "Closed2" to type "Microsoft.Exchange.Data.Directory.Recipient.MemberUpdateType". Error: "Unable to match the identifier name Closed2 to a valid enumerator name. Specify one of the following enumerator names and try again:
Closed, Open, ApprovalRequired"
DirXML: [01/30/19 10:16:49.66]: Loader: subscriptionShim->execute() returned:
DirXML: [01/30/19 10:16:49.66]: Loader: XML Document:
DirXML: [01/30/19 10:16:49.66]: <nds ndsversion="8.7" dtdversion="1.1">
<source>
<product version="4.1.1.0" asn1id="" build="20180125_120000" instance="\IDM-TEST-TREE\system\driverset1\AD-dummydomain">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status level="success" event-id="0" type="powershell"/>
<status level="success" event-id="0"/>
</output>
</nds>
DirXML: [01/30/19 10:16:49.66]:
DirXML Log Event -------------------
Driver = \IDM-TEST-TREE\system\driverset1\AD-dummydomain
Thread = Subscriber Channel
Level = success
DirXML: [01/30/19 10:16:49.66]:
DirXML Log Event -------------------
Driver = \IDM-TEST-TREE\system\driverset1\AD-dummydomain
Thread = Subscriber Channel
Level = success


Any ideas to what is causing this?

Best regards
Marcus
Labels (1)
0 Likes
6 Replies
Knowledge Partner
Knowledge Partner

Re: IDMPowershell service errors but returns success

marcus_jonsson;2494538 wrote:
Hi!

I have a strange issue with the AD driver and IDMPowershell service.

OS: Windows 2012 R2
IDM: 4.7.1
AD driver version: 4.1.1.0
IDMPowershellService: 4.1.1.0

First a successful execution
DirXML: [01/30/19 10:16:47.48]: Loader: Received 'subscriber execute' document
DirXML: [01/30/19 10:16:47.48]: Loader: XML Document:
DirXML: [01/30/19 10:16:47.48]: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.11.20080307 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="0">
<association>823f0bc8ac5d3e458e8b72476cd5dc07</association>
<modify-attr attr-name="PSExecute">
<remove-all-values/>
<add-value>
<value>$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Enable-DistributionGroup -AllowClobber;
Enable-DistributionGroup -Identity "dummydomain\OurTestGroup" -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [01/30/19 10:16:47.48]: Loader: Calling subscriptionShim->execute()
DirXML: [01/30/19 10:16:47.48]: Loader: XML Document:
DirXML: [01/30/19 10:16:47.48]: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.11.20080307 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="0">
<association>823f0bc8ac5d3e458e8b72476cd5dc07</association>
<modify-attr attr-name="PSExecute">
<remove-all-values/>
<add-value>
<value>$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Enable-DistributionGroup -AllowClobber;
Enable-DistributionGroup -Identity "dummydomain\OurTestGroup" -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [01/30/19 10:16:47.48]: ADDriver: parse command

className User
destDN
eventId 0
association 823f0bc8ac5d3e458e8b72476cd5dc07
DirXML: [01/30/19 10:16:47.48]: ADDriver: parse modify class = User
DirXML: [01/30/19 10:16:47.48]: ADDriver: association
DirXML: [01/30/19 10:16:47.48]: ADDriver: 823f0bc8ac5d3e458e8b72476cd5dc07
DirXML: [01/30/19 10:16:47.48]: ADDriver: modify-attr
DirXML: [01/30/19 10:16:47.48]: ADDriver: remove-all-values
DirXML: [01/30/19 10:16:47.48]: ADDriver: add-value
DirXML: [01/30/19 10:16:47.48]: ADDriver: value
DirXML: [01/30/19 10:16:47.48]: ADDriver: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Enable-DistributionGroup -AllowClobber;
Enable-DistributionGroup -Identity "dummydomain\OurTestGroup" -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession
DirXML: [01/30/19 10:16:47.48]: ADDriver: ldap_modify User CN=OurTestGroup,OU=Distribution,OU=Groups,DC=dummydomain,DC=no
LDAPMod operations:
DirXML: [01/30/19 10:16:47.48]: ADDriver: Executing Power Shell Command:
DirXML: [01/30/19 10:16:47.48]: ADDriver: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Enable-DistributionGroup -AllowClobber;
Enable-DistributionGroup -Identity "dummydomain\OurTestGroup" -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession
DirXML: [01/30/19 10:16:49.10]: ADDriver: PowerShell: IDM PowerShell Service Response SUCCESS :
tmp_t1pqaptq.u1p
DL-ADMN-Externe (Administrasjon)
DirXML: [01/30/19 10:16:49.10]: Loader: subscriptionShim->execute() returned:
DirXML: [01/30/19 10:16:49.10]: Loader: XML Document:
DirXML: [01/30/19 10:16:49.10]: <nds ndsversion="8.7" dtdversion="1.1">
<source>
<product version="4.1.1.0" asn1id="" build="20180125_120000" instance="\IDM-TEST-TREE\system\driverset1\AD-dummydomain">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status level="success" event-id="0" type="powershell"/>
<status level="success" event-id="0"/>
</output>
</nds>
DirXML: [01/30/19 10:16:49.10]:
DirXML Log Event -------------------
Driver = \IDM-TEST-TREE\system\driverset1\AD-dummydomain
Thread = Subscriber Channel
Level = success
DirXML: [01/30/19 10:16:49.10]:
DirXML Log Event -------------------
Driver = \IDM-TEST-TREE\system\driverset1\AD-dummydomain
Thread = Subscriber Channel
Level = success


This is my problem. If I get an error executing my Powershell command, I can see that the IDMPowershell service returns an error:
ADDriver: PowerShell: IDM PowerShell Service Response ERROR :  Cannot process argument transformation on parameter 'MemberDepartRestriction'. Cannot convert value "Closed2" to type "Microsoft.Exchange.Data.Directory.Recipient.MemberUpdateType". Error: "Unable to match the identifier name Closed2 to a valid enumerator name. Specify one of the following enumerator names and try again:
Closed, Open, ApprovalRequired"


But the status message to the engine is success:
<status level="success" event-id="0" type="powershell"/>


Below is a remote loader trace:
DirXML: [01/30/19 10:16:49.17]: Loader: Received 'subscriber execute' document
DirXML: [01/30/19 10:16:49.17]: Loader: XML Document:
DirXML: [01/30/19 10:16:49.17]: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.11.20080307 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="0">
<association>823f0bc8ac5d3e458e8b72476cd5dc07</association>
<modify-attr attr-name="PSExecute">
<remove-all-values/>
<add-value>
<value>$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Set-DistributionGroup -AllowClobber;
Set-DistributionGroup -Identity "dummydomain\OurTestGroup" -MemberDepartRestriction Closed2 -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [01/30/19 10:16:49.17]: Loader: Calling subscriptionShim->execute()
DirXML: [01/30/19 10:16:49.17]: Loader: XML Document:
DirXML: [01/30/19 10:16:49.17]: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.11.20080307 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="0">
<association>823f0bc8ac5d3e458e8b72476cd5dc07</association>
<modify-attr attr-name="PSExecute">
<remove-all-values/>
<add-value>
<value>$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Set-DistributionGroup -AllowClobber;
Set-DistributionGroup -Identity "dummydomain\OurTestGroup" -MemberDepartRestriction Closed2 -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [01/30/19 10:16:49.17]: ADDriver: parse command

className User
destDN
eventId 0
association 823f0bc8ac5d3e458e8b72476cd5dc07
DirXML: [01/30/19 10:16:49.17]: ADDriver: parse modify class = User
DirXML: [01/30/19 10:16:49.17]: ADDriver: association
DirXML: [01/30/19 10:16:49.17]: ADDriver: 823f0bc8ac5d3e458e8b72476cd5dc07
DirXML: [01/30/19 10:16:49.17]: ADDriver: modify-attr
DirXML: [01/30/19 10:16:49.17]: ADDriver: remove-all-values
DirXML: [01/30/19 10:16:49.17]: ADDriver: add-value
DirXML: [01/30/19 10:16:49.17]: ADDriver: value
DirXML: [01/30/19 10:16:49.17]: ADDriver: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Set-DistributionGroup -AllowClobber;
Set-DistributionGroup -Identity "dummydomain\OurTestGroup" -MemberDepartRestriction Closed2 -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession
DirXML: [01/30/19 10:16:49.19]: ADDriver: ldap_modify User CN=OurTestGroup,OU=Distribution,OU=Groups,DC=dummydomain,DC=no
LDAPMod operations:
DirXML: [01/30/19 10:16:49.19]: ADDriver: Executing Power Shell Command:
DirXML: [01/30/19 10:16:49.19]: ADDriver: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange1.dummydomain.com/PowerShell/ -Authentication Kerberos -ErrorAction SilentlyContinue;
Import-PSSession $Session -CommandName Set-DistributionGroup -AllowClobber;
Set-DistributionGroup -Identity "dummydomain\OurTestGroup" -MemberDepartRestriction Closed2 -DomainController dc1.dummydomain.com;
Get-PSSession | Remove-PSSession
DirXML: [01/30/19 10:16:49.66]: ADDriver: PowerShell: IDM PowerShell Service Response ERROR : Cannot process argument transformation on parameter 'MemberDepartRestriction'. Cannot convert value "Closed2" to type "Microsoft.Exchange.Data.Directory.Recipient.MemberUpdateType". Error: "Unable to match the identifier name Closed2 to a valid enumerator name. Specify one of the following enumerator names and try again:
Closed, Open, ApprovalRequired"
DirXML: [01/30/19 10:16:49.66]: Loader: subscriptionShim->execute() returned:
DirXML: [01/30/19 10:16:49.66]: Loader: XML Document:
DirXML: [01/30/19 10:16:49.66]: <nds ndsversion="8.7" dtdversion="1.1">
<source>
<product version="4.1.1.0" asn1id="" build="20180125_120000" instance="\IDM-TEST-TREE\system\driverset1\AD-dummydomain">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status level="success" event-id="0" type="powershell"/>
<status level="success" event-id="0"/>
</output>
</nds>
DirXML: [01/30/19 10:16:49.66]:
DirXML Log Event -------------------
Driver = \IDM-TEST-TREE\system\driverset1\AD-dummydomain
Thread = Subscriber Channel
Level = success
DirXML: [01/30/19 10:16:49.66]:
DirXML Log Event -------------------
Driver = \IDM-TEST-TREE\system\driverset1\AD-dummydomain
Thread = Subscriber Channel
Level = success


Any ideas to what is causing this?

Best regards
Marcus


If I recall correctly, that's how this works. The "success" is that it successfully launched the PowerShell command. It doesn't report back whether or not it actually worked. For that, you need the Scripting driver.
0 Likes
Knowledge Partner
Knowledge Partner

Re: IDMPowershell service errors but returns success

>
> If I recall correctly, that's how this works. The "success" is that it
> successfully launched the PowerShell command. It doesn't report back
> whether or not it actually worked. For that, you need the Scripting
> driver.


I sort of agree and disagree with David. This is a weakness of the
PSExecute approach. It really does not return much.

However I disagree ince i HAVE gotten errors back. Of course that could
comply with David's comment that the errors i have seen return are when
it fails to launch the command. But I cannot recall for certain.

They were trying to be helpful, not replace a scripting driver.

The Azure driver in some ways is better (newer PS service, that is REST
based) and worse (Since some of it is shown in RL trace but accessible
in policy).


0 Likes
Knowledge Partner
Knowledge Partner

Re: IDMPowershell service errors but returns success

geoffc;2494623 wrote:
>
> If I recall correctly, that's how this works. The "success" is that it
> successfully launched the PowerShell command. It doesn't report back
> whether or not it actually worked. For that, you need the Scripting
> driver.


I sort of agree and disagree with David. This is a weakness of the
PSExecute approach. It really does not return much.

However I disagree ince i HAVE gotten errors back. Of course that could
comply with David's comment that the errors i have seen return are when
it fails to launch the command. But I cannot recall for certain.

They were trying to be helpful, not replace a scripting driver.

The Azure driver in some ways is better (newer PS service, that is REST
based) and worse (Since some of it is shown in RL trace but accessible
in policy).


I'd like to see better support for PSExecute with actual error handling / error return in the MAD driver. It doesn't, should not, replace the Scripting driver, but the way MS is making "everything" PowerShell enabled, we're going to see a lot more use of various PowerShell things needed, just to be able to do "everything" we need to do.
0 Likes
Knowledge Partner
Knowledge Partner

Re: IDMPowershell service errors but returns success

On 1/31/2019 12:24 PM, dgersic wrote:
>
> geoffc;2494623 Wrote:
>>>
>>> If I recall correctly, that's how this works. The "success" is that

>> it
>>> successfully launched the PowerShell command. It doesn't report back
>>> whether or not it actually worked. For that, you need the Scripting
>>> driver.

>>
>> I sort of agree and disagree with David. This is a weakness of the
>> PSExecute approach. It really does not return much.
>>
>> However I disagree ince i HAVE gotten errors back. Of course that could
>> comply with David's comment that the errors i have seen return are when
>> it fails to launch the command. But I cannot recall for certain.
>>
>> They were trying to be helpful, not replace a scripting driver.
>>
>> The Azure driver in some ways is better (newer PS service, that is REST
>> based) and worse (Since some of it is shown in RL trace but accessible
>> in policy).

>
> I'd like to see better support for PSExecute with actual error handling
> / error return in the MAD driver. It doesn't, should not, replace the
> Scripting driver, but the way MS is making "everything" PowerShell
> enabled, we're going to see a lot more use of various PowerShell things
> needed, just to be able to do "everything" we need to do.


Agreed, and hardcoding a shim to map XDS events/attributes to PowerShell
is not a good plan either.

0 Likes
Marcus Tornberg Honored Contributor.
Honored Contributor.

Re: IDMPowershell service errors but returns success

Hi.

I know 100% that I have seen errors returned back to the engine in the past. I just cannot recall what versions of AD-driver and IDMPowerShell service. So obviously something has changed to limit what is being returned from executing powershell commands.

I think this is really bad as executing Powershell commands from an Identity Manager solution should not be a premium function (require a licensed Scripting driver) in my opinion.

It makes me want to write an open source C# PowerShell driver that just can execute Powershell commands and return actual results. Lets see if that happens.

Best regards
Marcus
0 Likes
Knowledge Partner
Knowledge Partner

Re: IDMPowershell service errors but returns success

On 2/6/2019 8:04 AM, marcus jonsson wrote:
>
> Hi.
>
> I know 100% that I have seen errors returned back to the engine in the
> past. I just cannot recall what versions of AD-driver and IDMPowerShell
> service. So obviously something has changed to limit what is being
> returned from executing powershell commands.
>
> I think this is really bad as executing Powershell commands from an
> Identity Manager solution should not be a premium function (require a
> licensed Scripting driver) in my opinion.
>
> It makes me want to write an open source C# PowerShell driver that just
> can execute Powershell commands and return actual results. Lets see if
> that happens.


Do it!!!!

Share it!!!

🙂

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.