ConnectorAfterCreate Rule

Identity Security Cloud (ISC) ISC Discussion and Questions
1

AfterCreate Rule and respective PowerShell Script is not working. The corresponding log file is not updating.
Note-1. SVC user is having proper access.
2. Rule is attached to the source.
3. IQService details are added in the source.
Rule:-
$logFile = “D:\SailPoint\Script\Project\ConnectorAfterCreate.txt”
$command = “D:\SailPoint\Script\Project\TAPGeneration-AfterCreate.ps1”
$enableDebug = $true

#====================-------Helper functions-------====================
function LogToFile([String] $info) {
$info | Out-File $logFile -Append
}

#====================-------Get the request object-------====================
Try{
if($enableDebug) {
LogToFile(“Entering SailPoint rule”)
}

Add-type -path D:\SailPoint\IQService\Utils.dll;
$sReader = New-Object System.IO.StringReader([System.String]$env:Request);
$xmlReader = System.xml.XmlTextReader;
$requestObject = New-Object Sailpoint.Utils.objects.AccountRequest($xmlReader);
$requestAsString = $env:Request

#Call the client script
$command = -join ($command, " -requestString '$requestAsString'")
Invoke-Expression $command
if($enableDebug) {
LogToFile("after script")
 }

}Catch{
$ErrorMessage = $.Exception.Message
$ErrorItem = $.Exception.ItemName
LogToFile(“Error: Item = $ErrorItem → Message = $ErrorMessage”)
}

if($enableDebug) {
LogToFile(“Exiting SailPoint rule”)
}

Script :-
#include utils
Add-Type -Path “D:\SailPoint\IQService\Utils.dll”;

$logFile = “D:\SailPoint\Script\Project\TAPGeneration-AfterCreateLogs.txt”
$enableDebug = $true

#mail fn
#. D:\SailPoint\Script\Project\mailFunctions.ps1;

function LogToFile([String] $info) {
$info | Out-File $logFile -Append
}

if($enableDebug) {
LogToFile(“Entering create script”)
}

if($enableDebug) {
LogToFile(“exit script”)

}

Kindly suggest if there are any issues with the rule and script.

2

Hi @sarora5
I think the problem here is with the logger helper function you created.

function LogToFile {
    param (
        [string]$info
    )
    $info | Out-File -FilePath $logFile -Append
}

And to use this LogToFile method you can do something like this:

LogToFile "Connector execution started."

Can you try with this update once? I feel it should start working.

1 Like
3

It was a permission issue. This issue is resolved.

4

If this is urgent, you can implement a temporary workaround by adding your script to Task Scheduler and configuring it to run on an hourly basis.

Within the script, include the following PowerShell code snippet to detect any newly created accounts in Active Directory within the last hour:

# Define the time window (1 hour ago)
$timeWindow = (Get-Date).AddHours(-1)
 
 
# Get users created within the last 1 hour from Active Directory
Get-ADUser -Filter {whenCreated -ge $timeWindow} -Property whenCreated, UserPrincipalName, GivenName, Surname |
    ForEach-Object {
        # Add your custom logic here
    }

This will help you capture and act on new AD accounts as a stopgap until a permanent solution is in place.

5

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.