The rule should trigger the execution of a Powershell script hosted on IQService server.
The script is effectively placed in the indicated folder.
The AfterCreate Rule is deployed on the tenant using the /beta/connector-rules endpoint (see screenshot 1 below)
The AfterCreate Rule has been updated on the Active Directory source (see screenshot 2 below)
The current behaviour is that it seems the rule is not getting executed at all.
From ccg.log, I tried to simplify the rule but I cannot find any specific exception, so I would be keen to have the attached rule reviewed or if I am missing any piece of configuration.
I had a quick look on the rule and see it should be fine. Before digging deep into the syntax etc , can you please check the following
Do you see the logs of after create connector rule on VA ?
Can you please check the IQTrace file logs if there is any new entry being populated. Most likely what i have seen in my case was that if the powershell script tries to run and it ends up failing then this might happen. So you can have a look at this file.
You can also try to run the powershell locally without the rule to ensure that it runs fine.
Hi @acosson You appear to have included the whole rule in the sourceCode/script section, rather than just the script. Double check the body you are sending to the API.
Thanks, I have update the JSON accordingly to have just the code inside script and the rest as attributes (see screenshot below). I also fixed the path to the PS script which was hosted in a different folder.
Yet, the rule seems not to be executed, I am looking for any relevant keyword to get appropriate information from VA logs if you got some.
In fact I saw the following exception raised afterwards :
Failed to execute native after provisioning Script. ScriptExecutor is not available. One of the possible reasons for internally disabling the ScriptExecutor is presence of non-TLS port port configured on the IQService
However, on Active Directory source, all configurations related to usage of TLS are checked.
I will check if IQService is effectively installed on both TLS and non-TLS ports, which may cause the issue too.
The PowerShell script was reviewed, and it is missing the Active Directory module import into PowerShell. You need to add this line on line 42 in your PowerShell script.
Refer to the SailPoint class library, which requires PowerShell v2 to be installed on the system:
Add-Type -Path Utils.d11; #import AD endlets
Import-Module activeDirectory