Active Directory - mS-DS-ConsistencyGuid

Yes, that was the issue. I got this value from the documentation…

image883×192 4.11 KB

Thanks a lot for the help @BhuvaneshGeddam and @SivaprakashRNTBCI

I’ll leave the full script for completion:

# Load SailPoint library
Add-Type -Path Utils.dll

# Read environment variables
$sReader  = New-Object System.IO.StringReader([string]$env:Request);

# Form XML readers
$xmlReader = [System.Xml.XmlTextReader]([sailpoint.utils.xml.XmlUtil]::getReader($sReader));

# Create SailPoint objects
$requestObject = New-Object Sailpoint.Utils.objects.AccountRequest($xmlReader);

# Get nativeIdentity
$nativeIdentity = $requestObject.NativeIdentity;

# Extract mS-DS-ConsistencyGuid
$consistencyGuid = $null;

foreach ($attribute in $requestObject.AttributeRequests) {
  if ($attribute.Name -eq "mS-DS-ConsistencyGuid") {
    $consistencyGuid = $attribute.Value;
    break
  }
}

$xmlFactory = [sailpoint.Utils.xml.XmlFactory]::Instance;

# Read Application Configuration
$sReaderApp = $env:Application

$appObject = $xmlFactory.parseXml($sReaderApp)

$iqserviceConfig = $appObject.IQServiceConfiguration[0]

$user = $iqserviceConfig.IQServiceUser
$password = $iqserviceConfig.IQServicePassword
$decoded = [sailpoint.Utils.tools.Util]::decode($password, $true) 

# Write GUID to AD
Import-Module ActiveDirectory

$cred = New-Object System.Management.Automation.PSCredential(
  $user, (ConvertTo-SecureString $decoded -AsPlainText -Force)
);

Set-ADObject -Identity $nativeIdentity -Credential $cred `
  -Replace @{ "mS-DS-ConsistencyGuid" = ([Guid]$consistencyGuid).ToByteArray() };