Execute IQ services Script once Provisioning is success

Hi,

I’m trying to execute PowerShell script (Line number 21) when provisioning status is SUCCESS, How ever not getting Provisioning status from ResultObject.

Is there any way to get provisioning status ?

Any thoughts on this ?

$logDate = Get-Date -UFormat %Y%m%d
$command = "C:\AfterCreateRule-Exch-HomeDrive\UKG-SB-Exchange-HomeDrive-PowershellScript.ps1"
Add-type -path Utils.dll;
$sReader = New-Object System.IO.StringReader([System.String]$env:Request);
$sResult = New-Object System.IO.StringReader([System.String]$env:Result);
$xmlReader = [System.xml.XmlTextReader]([sailpoint.Utils.xml.XmlUtil]::getReader($sReader));
$xmlReader_Result = [ System.xml.XmlTextReader]([sailpoint.utils.xml.XmlUtil]::getReader($sResult));
$requestObject = New-Object Sailpoint.Utils.objects.AccountRequest($xmlReader);
$resultObject = New-Object Sailpoint.Utils.objects.ServiceResult($xmlReader_Result);

$sAMAccountName="";
foreach ($attrib in $requestObject.AttributeRequests) {
if($attrib.Name -eq "sAMAccountName") {
$sAMAccountName= $attrib.Value;
break;
}
}
$requestAsString = $env:Request
#Call the client script
$command = -join ($command, " -requestString $requestAsString")
. C:\AfterCreateRule-Exch-HomeDrive\UKG-SB-Exchange-HomeDrive-PowershellScript.ps1 "$sAMAccountName"
}
Catch {
$ErrorMessage = $_.Exception.Message 
$ErrorItem = $_.Exception.ItemName
}

hi @saikumar39

Could you provide more details when you are invoking this powershell script

In case that script is executed during after operation, you can get Status from ProvisioningResult object. In this case you can get the result status and set this status as new attribute in the request with values success/failed.

In you powershell you can retrieve this value, and depend of you value you can skip the execution of the sentence in the powershell

Hi Ismael,

Thank you for reply.

this script will be executed once AD account is created.

I’m not able to get provisioning status from resultObject.

Can you let me know if can get it from any other object ?

hi @saikumar39

In this case, you can execute poweshell script in After Provisioning Rule of AD connector. In this rule, you have result variable with type is ProvisioningResult.
You can use method result.isFailed() or result.isCommited() to check if provisionig process was executed properly.

So, you can invoke powershell script with status attribute in the following way

// Fake account request
AccountRequest accountRequest = new AccountRequest();
accountRequest.setApplication("IIQ");
accountRequest.setNativeIdentity("*FAKE*");
accountRequest.setOperation(AccountRequest.Operation.Modify);

// Fake attribute request
AttributeRequest isFailedAttribute= new AttributeRequest();
fakeAttribute.setOperation(Operation.Add);
fakeAttribute.setName("isFailed");
fakeAttribute.setValue(result.isFailed());
fakeAttributeRequests.add(isFailedAttribute);
accountRequest.setAttributeRequests(fakeAttributeRequests);

// Add to the IQService params
data.put("Request", accountRequest);

//Invoke powershell rule
Map data = new HashMap();
data.put("postScript", yourPowershellRuleObject);
RPCService service = new RPCService(iqServiceHost, iqServicePort, false, useTLS); 
RpcRequest request = new RpcRequest("ScriptExecutor", "runAfterScript", data);
RpcResponse response = service.execute(request);

In you powershell you can retrieve this value, and check status variable

Please, refer to following link for more information to invoke script via IIQ service

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.