Azure automation cannot find user in Active directory

Sudhir Babu 20 Reputation points
2023-07-25T10:07:30.8833333+00:00

I'm trying to execute PowerShell scripts on Active directory on-premise using Azure automation runbook. I'm trying to create logon hours for an account. But in automation job logs it is showing error.

Cannot find an object with identity: 'gary.lee' under: 'DC=cyberintelsys,DC=local'.

ERROR DETAILS

Get-ADUser : Cannot find an object with identity: 'gary.lee' under: 'DC=cyberintelsys,DC=local'. At line:79 char:1 + Get-ADUser -Identity $memberSamAccountName + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (gary.lee:ADUser) [Get-ADUser], ADIdentityNotFoundException + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Mic rosoft.ActiveDirectory.Management.Commands.GetADUser

I use Hybrid worker run as an account for this. My AD server is 2022.

Most of the time I got the error but one time I got output and the error again. [I attached screenshot about this]

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,301 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,873 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 44,516 Reputation points
    2023-07-25T17:59:05.7033333+00:00

    Hello Sudhir,

    Thank you for your question and for reaching out with your question today.

    The error message "Cannot find an object with identity" suggests that the PowerShell script is unable to find the specified user 'gary.lee' in the Active Directory domain 'cyberintelsys.local'. There could be a few reasons for this issue:

    1. User 'gary.lee' does not exist: Double-check that the user account 'gary.lee' exists in the Active Directory domain 'cyberintelsys.local'. You can verify this by using the Active Directory Users and Computers console or by running the Get-ADUser cmdlet directly on the Active Directory server.
    2. Inconsistent domain information: Ensure that the Active Directory domain information provided in the script or the Hybrid Worker Run As account matches the actual domain where the user account exists. The domain should be specified correctly in the script using the full domain name, such as 'DC=cyberintelsys,DC=local'.
    3. Replication delay: If you recently created or modified the user account 'gary.lee', there might be a delay in Active Directory replication. Replication delays can cause temporary inconsistencies in the domain controllers' data.
    4. Permissions: Verify that the Hybrid Worker Run As account has sufficient permissions to query Active Directory and access user information. The account needs permissions to read user objects in the domain.
    5. DNS resolution: Ensure that the DNS settings on the machine running the Azure Automation Hybrid Worker are correctly configured to resolve the Active Directory domain name 'cyberintelsys.local'. DNS resolution issues can prevent the Hybrid Worker from reaching the domain controller.

    To troubleshoot the issue further, you can try the following steps:

    1. Confirm that the user 'gary.lee' exists in the specified domain by using the Active Directory Users and Computers console.
    2. Check the permissions of the Hybrid Worker Run As account to ensure it has the required rights to access Active Directory.
    3. Use fully qualified domain names in the script and verify that the domain name is correct.
    4. Test the script directly on the Active Directory server or another machine with the Active Directory PowerShell module installed to isolate any issues related to the Hybrid Worker environment.
    5. Check the DNS settings on the Hybrid Worker machine to ensure it can resolve the domain name correctly.

    By verifying these aspects, you should be able to identify and resolve the issue with running the PowerShell script to set logon hours for the user account in Active Directory.

    I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

    If the reply was helpful, please don’t forget to upvote or accept as answer.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.