This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 23%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Hi! Everyone,
I have hit another brick wall, but as usually, I'm clueless and hope I can get some knowledge here.
I have completed the creation of a Runbook to unlock AD User accounts following the workflow attached. The steps includes;
I test run this Runbook in 3 ways;
"$CurrentUserGroupObj = Get-ADUser -Identity $CurrentUser -Properties MemberOf"
Can someone shed some light what is going on?
Thank you and best regards.
Ronald
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 92%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXM%3C/text%3E%3C/svg%3E)
Hi,
What's your Orchestrator version?
Here are some tips for your reference.
How to run Active Directory cmdlets in Orchestrator .Net Activity
Hi! XinGuo,
You are right, I check your article and I immediately encountered the error in the version 2 environment. I followed the guide and remodify the Registry (I did it few days back). I am still getting the error running the Runbook in Orchestrator Console with the following error;
Name : Check Group
Type : Run .Net Script
Status : Failed
Publish Data : Error Summary Text
Value : Cannot find an object with identity: '2016SVR3$' under: 'DC=test,DC=com'.
Maybe the other day after I modified the Registry, Runbook Tester can execute my script and now the error is on Console side.
Do you have any idea about this error?
Appreciate your kind advise.
Thank you and best regards.
Ronald
>Value : Cannot find an object with identity: '2016SVR3$' under: 'DC=test,DC=com'.
'2016SVR3$' looks like a computer account not a user account.
Hi XinGuo,
Yes, 2016SVR3 is the computer object of the Orchestrator Server. All the roles of Orchestrator sits on this Server except for the SQL Database Server.
Do you know why this computer object is requested for my Runbook? I have posted the scripts for "Check Group" just now, so you can reference that. Prior to this action, I do have a few more Run .Net Script objects that are also querying AD for user info and no such error. Hence, I have been knocked off course as I do test at every stage.
Kindly advise if you know of anything that can resolve this error.
Thank you.
Ronald
The options are:
Hi! XinGuo / Andreas / Leon / Stefan,
Good morning to all. Thank you once again for replying to my questions.
The objective of this "Group Check" is actually to determine if the user running this particular Runbook is the administrator for the account he is unlocking. IHence, we have not hardcoded the CurrentUser. Is there a way to get the Runbook user account in this case? If I were to configure the Services to Run As the Administrator, then this check will not serve any purpose then.
Thank you and appreciate any advice.
Best regards.
Ronald
Hi! Everyone,20520-get-user.txt
I have tried a few methods as per attached text file.
I am not too sure how to use or whether invoke powershell will work in my case and the other being the $output=powershell{} -args.
Is there really no solution to this?
Thank you for any kind advise.
Best regards.
Ronald
Hi,
One way you solve this is to put the Service Manager self-service portal in front of Orchestrator. A user order from the SCSM self-service portal and Orchestrator executes. Then you get full log in Service Manager and also you can easy pass "portal user" to the runbook. Portal user is the user who is running the portal, not a service account or anything else.
Hi XinGuo,
I am checking whether our infra has an existing SCSM. In the meantime, may I know if this is the only solution or there are other solutions. I know I can get the user to also enter their username but trying not to resort to this method for now.
Thank you and best regards.
Ronald
I'm afraid there is no better way.
Hi! XinGuo,
Thanks for your reply. Noted with thanks.
Best regards.
Ronald