Notifications

32 views

Description

Out of box Active Directory orchestration activity such as 'Add User to Group' that use a credential tag may result in Success even if the activity actually fails due to missing credential (for the tag used).

When a credential with the credential tag that is used in the activity is not found, credentials_debug does not return errors in the probe input record. This causes 'errorMessages' in the raw output of the response received to be null. The post processing script of the activity looks at the response received and if there is a value in 'errorMessages' of the raw output, the activity is set to 'failure', otherwise the activity result is set to 'success'.

An access denied message in the MID server agent log, similar to the one below for 'AddUserToADGroup.ps' is an indication of the issue.

(473) Worker-Standard:PowershellProbe-bc126a0adb99bf0062b0f72eaf9619a2 SEVERE *** ERROR *** Failed while executing AddUserToADGroup.ps1 (Access denied)

 

Steps to Reproduce

  1. Edit 'Add User to Group' orchestration activity
  2. Add a credential tag in step 'Execution Command
  3. Ensure that a credential with that tag does not exist in the credentials table
  4. Click on Test Inputs buttion, provide the input values and click on OK
  5. Wait for the activity to run and complete
  6. Look at the response received (Raw Output) and notice "null" value under "errorMessages", "credentialDebugInfo".

Workaround

This problem is currently under review. You can contact ServiceNow Technical Support or subscribe to this Known Error article by clicking the Subscribe button at the top right of this form to be notified when more information will become available.

Please use the below as a workaround in the meanwhile -

  1. Ensure that there is no typo in the field 'Credential tag' of the orchestration activity
  2. Ensure that a credential for the credential tag used in the activity exists.
  3. Modify the post processing script of the activity and add an additional condition to check for before an activity is set to 'success'.

 


Related Problem: PRB1342987

Seen In

There is no data to report.

Intended Fix Version

Paris

Safe Harbor Statement

This "Intended Fix Version" information is meant to outline ServiceNow's general product direction and should not be relied upon in making a purchasing decision. The information provided here is for information purposes only and may not be incorporated into any contract. It is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for our products remains at ServiceNow's sole discretion.

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2020-04-08 02:35:22
Published:2020-01-23