Unable to connect to exchange online using PowerShell through native rule(after modify script)

Which IIQ version are you inquiring about?

8.4

Share all details about your problem, including any error messages you may have received.

Dear All,

I want to connect to exchange online using powershell through connector after modify script (native rule) to enable active sync for mobile outlook.

I am using the below the code that is working fine from Powershell ISE in the server but when trying to execute from SailPoint it is failing with error” after script return non zero exit code :1:”. because not able to connect to exchange online.

Add-type -path “C:\Sailpoint\IQService\Utils.dll”

\# Log file path

$logFile = "C:\\Sailpoint\\IQService\\ExchangeTesting.log"



Add-content $logFile -value "Testing 10"

#start-transcript -Path $logFile -append



\# Read SailPoint result object

$sReader = New-Object System.IO.StringReader(\[System.String\]$env:Request);

$sResult = New-Object System.IO.StringReader([System.String]$env:Result);

Add-content $logFile -value “Testing 1”

$xmlReader = \[System.Xml.XmlTextReader\](\[SailPoint.Utils.XML.XmlUtil\]::getReader($sReader));

$xmlReader_Result = [System.Xml.XmlTextReader]([SailPoint.Utils.XML.XmlUtil]::getReader($sResult));

$requestObject = New-Object Sailpoint.Utils.Objects.AccountRequest($xmlReader);

$resultObject = New-Object SailPoint.Utils.Objects.ServiceResult($xmlReader_Result);

#$plan = New-Object Sailpoint.Utils.Provisioning.Plan($xmlReader)

Add-content $logFile -value $plan

Add-content $logFile -value "step1"

$resultObject.Messages.add("Success!!!!!!!!!!!!!!")



$nativeIden = $requestObject.nativeIdentity

Add-content $logFile -value $nativeIden



\# Spliting the Native Identity to get the Name only

$nameonly = $nativeIden.split(",").get(0);

Add-content $logFile -value $nameonly

\# Getting the name only

$username = $nameonly.split("=").get(1);

Add-content $logFile -value $username

\# Check if TestingGrp is in the provisioning request

$executeScript = $false

foreach ($attribute in $requestObject.AttributeRequests) {



Add-content $logFile -value $attribute.Value

  Add-content $logFile -value $attribute.Operation

  if ($attribute.Value -eq "group dn") {

  $executeScript = $true

    Add-content $logFile -value "Matchedd"

    if ($attribute.Operation -eq "Add") {

    $AdminUsernameonprem="domain\\username"

      Add-content $logFile -value $AdminUsernameonprem

      $UserCredentialonprem = "password"

      $passwordonprem =ConvertTo-SecureString $UserCredentialonprem -AsPlainText -Force

      $credentialonprem = New-Object System.Management.Automation.PSCredential($AdminUsernameonprem,$passwordonprem)

      $ExchangeServer= server FQDN"

      $uri = \[http://\]http://+$ExchangeServer+"/PowerShell/"

      $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $uri -Authentication Kerberos -Credential $credentialonprem

      Import-PSSession $session

      Add-content $logFile -value "checking Where the user resites on-prem or cloud"

      $recipientType = (Get-Recipient -Identity $username).RecipientTypeDetails

      Add-content $logFile -value $recipientType

      if($recipientType -eq "RemoteUserMailbox"){

      Add-content $logFile -value "User in on cloud, diconnecting from on prem and connecting to cloud"

        Remove-PSSession $session

        Add-content $logFile -value "connecting to cloud"

        Import-Module ExchangeOnlineManagement -RequiredVersion 3.9.0 -Force

        Add-content $logFile -value "EXO Module Imported"

       

        Add-content $logFile -value (Get-Module ExchangeOnlineManagement)

        $AdminUsernameonline ="userprincipalname"

        $UserCredentialonline = "password" 

        $passwordonline =ConvertTo-SecureString $UserCredentialonline -AsPlainText -Force

        $credentialonline = New-Object System.Management.Automation.PSCredential($AdminUsernameonline,$passwordonline)

        Connect-ExchangeOnline -Credential $credentialonline

        Add-content $logFile -value "Enabling ActiveSync"

        Set-CASMailbox -Identity $username -ActiveSyncEnabled $true

        Add-content $logFile -value "Active Sync Enabled for the user"

        Add-content $logFile -value "Disconnecting from exchange online"

        Disconnect-ExchangeOnline -Confirm:$false

          Add-content $logFile -value "Disconnected from exchange online"

          $resultObject.Messages.add("Success!!!!!!!!!!!!!!")

          exit 0

    }

    Add-content $logFile -value "User is on prem only, Enabling the ActiveSync"

      Set-CASMailbox -Identity $username -ActiveSyncEnabled $true

      Add-content $logFile -value "Active Sync Enabled for the user"

      Add-content $logFile -value "Disconnecting from exchange on-prem"

      Remove-PSSession $session

      Add-content $logFile -value "Disconnected from exchange on-prem"

      $resultObject.Messages.add("Success!!!!!!!!!!!!!!")

  }

}

}

Add-content $logFile -value “Testing 2”

if (-not $executeScript) {

#Add-Content -Path $logFile -Value "Skipping script: TestingGrp not in request"

  $resultObject.Messages.Add("Skipped: Not a TestingGrp change")

  $resultObject.toXml() | Out-File $args\[0\]

  exit 0

}

Hi @SamSH ,

You can use self signed certificate to connect to exchange online. Please refer below link.

I won’t recommend you to use PowerShell, long term you will have issues.

Correct me if I’m wrong here, but I see you’re reading an object XML and then setting an identity within the call, huh?

Hi @Harikrishna_06 ,

We want to connect using password only, how we can achieve that any ideas on that ?

Hi @SamSH ,

Previously we tired to connect using password but no luck. So we use self signed certificate it works.