0 votes

Hello.

My goal is to run a custom command/script when a user is created and then when the user is deprovisoned.

1. Get the user name
2. Replace international chars
3. Sort if user is student or staff
4. Create a JSON bodyblock
5. Connect to a PSSession to localhost hoping to run Powershell 4 (server 2012 R2)
6. Ivoke a REST command
7. Take output from rest and write in users account extention3

I have two obstacles I need help with.

Since Adaxes don’t support powershell 3/4 there is no support for rest? OK, i try to run a PSSession to a remote server (localhost) but the script does not work.
I have problems troubelshoting where the error is.

The script.

Import-Module Adaxes
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user,$tokenKPI)))
        #Replace international chars
        $namn= $user.name -replace 'ö','o'
        $namn= $namn -replace 'å','a'
        $namn= $namn -replace 'ä','a'
        $namn= $namn -replace 'é','e'
        $namn= $namn -replace 'ü','u'
        $namn= $namn -replace '´','-'    
 #Check if user is student or staff      
 if ($Context.TargetObject.Get("CanonicalName") -match 'personal')
            {
            $notes = 'Personal'
            }
        else
            {
            $notes = 'Deltagare'
            }
    $kommando = @{
            name = $namn
            email = $Context.TargetObject.Get("mail")
            time_zone = 'Stockholm'
            external_id = $Context.TargetObject.Get("sAMAccountName")
            verified = $true
            notes = $notes
            }
        $app = @{
                user = $kommando
                }
$PSserver = 'servername'
$session = New-PSSession  -ComputerName $PSserver 
 try
{
$resultat  = Invoke-Command -session $session -args $app -ScriptBlock {
        $app = $args[0]
        #credentials to zendesk
        $tokenKPI = 'z1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
        $user = "xxxx.yyyy@zzzzzz.se/token"
        $uri = "https://zzzzzzz.zendesk.com/api/v2/users.json"
        Invoke-RestMethod -Uri $uri -Method get -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -ContentType "application/json" -Body (ConvertTo-Json $app -Compress)
        }
}
catch
{
    $Context.LogMessage("No user in Zendesk created", "Information") # TODO: modify me
}                  
 try
{
$Context.TargetObject.Put("extensionattribute3", $result.user.id)
}
catch
{
    $Context.LogMessage("Can not write AD attribute 3", "Information") # TODO: modify me
}                  

The error I receive is 'Cannot send a content-body with this verb-type.'

by (460 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello Klas,

The issue occurs because at the beginning of your script, you use PowerShell variables that are not yet assigned to any values:
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user,$tokenKPI)))

Later in your script you assign values to these variables:
$tokenKPI = 'z1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
$user = "xxxx.yyyy@zzzzzz.se/token"

However, variable $base64AuthInfo has already been assigned a value earlier, and assigning the values to $tokenKPI and $user will not change the value of $base64AuthInfo. To resolve the issue, you need to place these lines before assigning a value to $base64AuthInfo, for example at the very beginning of your script:
$tokenKPI = 'z1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
$user = "xxxx.yyyy@zzzzzz.se/token"

This version should work:

Import-Module Adaxes
#credentials to zendesk
$tokenKPI = 'z1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
$user = "xxxx.yyyy@zzzzzz.se/token"

$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user,$tokenKPI)))
        #Replace international chars
        $namn= $user.name -replace 'ö','o'
        $namn= $namn -replace 'å','a'
        $namn= $namn -replace 'ä','a'
        $namn= $namn -replace 'é','e'
        $namn= $namn -replace 'ü','u'
        $namn= $namn -replace '´','-'    
 #Check if user is student or staff      
 if ($Context.TargetObject.Get("CanonicalName") -match 'personal')
            {
            $notes = 'Personal'
            }
        else
            {
            $notes = 'Deltagare'
            }
    $kommando = @{
            name = $namn
            email = $Context.TargetObject.Get("mail")
            time_zone = 'Stockholm'
            external_id = $Context.TargetObject.Get("sAMAccountName")
            verified = $true
            notes = $notes
            }
        $app = @{
                user = $kommando
                }
$PSserver = 'servername'
$session = New-PSSession  -ComputerName $PSserver 
try
{
$resultat  = Invoke-Command -session $session -args $app -ScriptBlock {
        $app = $args[0]
        $uri = "https://zzzzzzz.zendesk.com/api/v2/users.json"
        Invoke-RestMethod -Uri $uri -Method get -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -ContentType "application/json" -Body (ConvertTo-Json $app -Compress)
        }
}
catch
{
    $Context.LogMessage("No user in Zendesk created", "Information") # TODO: modify me
}                  
 try
{
$Context.TargetObject.Put("extensionattribute3", $result.user.id)
}
catch
{
    $Context.LogMessage("Can not write AD attribute 3", "Information") # TODO: modify me
}
0

Hello and thank you for the answer.

Correct that '$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user,$tokenKPI)))' was placed wrong. I moved it to be within the invoke-command ScriptBlock since the parameters is in the ScriptBlock. The problem persist, I get the error 'Cannot send a content-body with this verb-type.'

How do I debug the script within Adaxes to find what row/command sends that error.

0

Hello Klas,

Correct that '$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user,$tokenKPI)))' was placed wrong. I moved it to be within the invoke-command ScriptBlock since the parameters is in the ScriptBlock.

Yes, this is even a better idea.

Your script had a number of issues that need to be addressed. We've modified the script for you, see our version below. What has been changed:

  1. Removed the Import-Module Adaxes statement. This statement is only necessary if you are going to use any of the cmdlets from Adaxes PowerShell Module. You are not using any of them in your script, and importing the module can take a second or two in some cases.
  2. Fixed the $result variable issue. When calling the Invoke-Command cmdlet, you name this variable $resultat. When modifying Extension Attribute 3, you name it $result. We've made it $result in both the cases.
  3. Added try / catch blocks and the -ErrorAction Stop parameter to all cmdlets so that if any error occurs within the script block called externally, it would go to the PowerShell error stream (stderr). Than, the error stream is forwarded to the Execution Log of the operation via $Context.LogMessage.

If the changes that we've made don't help with the error message, try using the POST method instead of GET. On forums we found information about troubles with passing hash tables using the GET method.

        #Replace international chars
        $namn= $user.name -replace 'ö','o'
        $namn= $namn -replace 'å','a'
        $namn= $namn -replace 'ä','a'
        $namn= $namn -replace 'é','e'
        $namn= $namn -replace 'ü','u'
        $namn= $namn -replace '´','-'
#Check if user is student or staff
if ($Context.TargetObject.Get("CanonicalName") -match 'personal')
            {
            $notes = 'Personal'
            }
        else
            {
            $notes = 'Deltagare'
            }
    $kommando = @{
            name = $namn
            email = $Context.TargetObject.Get("mail")
            time_zone = 'Stockholm'
            external_id = $Context.TargetObject.Get("sAMAccountName")
            verified = $true
            notes = $notes
            }
        $app = @{
                user = $kommando
                }
$PSserver = 'servername'
$session = New-PSSession  -ComputerName $PSserver
try
{
    $result = Invoke-Command -session $session -args $app -ErrorAction Stop -ScriptBlock {
        $app = $args[0]

        #credentials to zendesk
        $tokenKPI = 'z1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
        $user = "xxxx.yyyy@zzzzzz.se/token"
        $base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user,$tokenKPI)))
        $uri = "https://zzzzzzz.zendesk.com/api/v2/users.json"
        try
        {
            Invoke-RestMethod -Uri $uri -Method GET -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -ContentType "application/json" -Body (ConvertTo-Json $app -Compress) -ErrorAction Stop
        }
        catch
        {
            Write-Error $_.Exception.Message
        }
    }
}
catch
{
    $Context.LogMessage("No user in Zendesk created. Error: " + $_.Exception.Message, "Warning") # TODO: modify me
    return
}

try
{
    $Context.TargetObject.Put("extensionattribute3", $result.user.id)
}
catch
{
    $Context.LogMessage("Can not write AD attribute 3", "Information") # TODO: modify me
}
0

Update.

The reason the script did not work was that my copy-paste skillz was lost somewhere in the spring.

The problem was the rest command.

It should be Invoke-RestMethod -Uri $uri -Method POST -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -ContentType "
application/json" -Body $body

0

Hello Klas,

Thank you for the update. We really appreciate it!

Related questions

0 votes
1 answer

Hi When reading the REST API documentation it does not mention working directly against Azure AD and Exchange Online. Will this be added? Thanks /Peter Sonander

asked Jan 26, 2023 by Sonander (40 points)
0 votes
1 answer

We get Sharepoint Online requests for access to sites/folder/content. Is there a way to automate this task?

asked Jul 10, 2023 by dharry (20 points)
0 votes
1 answer

Hi, { "criteria": { "objectTypes": [ { "type": "USER", "items": { "type": 1, "items": [ { "type": 0, "property": "accountDisabled", "operator": "eq" ... ": { "isDisabled": true, Please share the right request JSON to get the required result. Thanks, Lohith

asked Oct 3 by lom (20 points)
0 votes
1 answer

Is it possible to add multiple members to a group in a singe call to the REST API? The example code only shows a single member. What would the data structure look like in that case?

asked Dec 13, 2021 by swengr59 (60 points)
0 votes
1 answer

Hello, Is there a built in method for checking user accounts that have expired in Azure?

asked Jul 31, 2023 by Homelander90 (350 points)
3,549 questions
3,240 answers
8,232 comments
547,824 users