• State Verified Answer
  • Replies 6 replies
  • Subscribers 62 subscribers
  • Views 2350 views
  • Users 0 members are here
Options
Related

return $false on a sync step with powershell

samael ambrona
over 2 years ago

Dear community.

I am trying to synchronize the status of the groups of AD in ServiceNow.

ServiceNow has a field called active that can be true or false (Boolean). As the groups in AD don't have this field, I am checking if the group is in a certain OU and returning true or false accordingly.

However, I get an error "String was not recognized as a valid Boolean."

This is the code

$GroupName = $srcObj["name"];
$Logfile = "C:\Temp\DebugStatus.txt"
[bool] $active
Connect-QADService -proxy

$dN = (Get-QADGroup -identity $GroupName ).DirectoryEntry.distinguishedName
if ($dN -like '*,OU=Deprovisioned Groups,*')
{
  $active=$false
  $message = $active.gettype().fullname
  Add-Content $Logfile $message
  $message = $GroupName + $active
  Add-Content $Logfile $message
}
else
{
  $active=$true
  $message = $active.gettype().fullname
  Add-Content $Logfile $message
  $message = $GroupName + $active
  Add-Content $Logfile $message
}
return $active;

I have tried passing directly $false, $true, 0, 1 .... 

In the log file that I create for the checking of the script I get this (which is type, group name and content of the boolean variable)

System.Boolean
Test deprovisioned group False

Can you tell me how should I specify to get it done?

Best regards

  • 0 over 2 years ago

    Hello,

    In my testing, the issue doesn't seem to be with your code or returning a boolean value, but with needing to suppress the output generated by the 'Connect-QADService' cmdlet.

    Try the below line for connecting to Active Roles. This resolved the same issue/error I was also seeing in my lab.

    Connect-QADService -Proxy | Out-Null

  • 0 over 2 years ago in reply to Richard.Lambert

    This worked perfectly!!

    Thank you very much. May I ask:

    -How did you get to see the real result? to see that it connect-qadservice was sending some info as well

    -Where can I find information about QAD in general? For get, set and so on. I have tried but there isn't a lot of info

    Best regards

  • 0 over 2 years ago in reply to samael ambrona

    Great, glad to hear that helped! You can't really see the information returned in the Sync Service, but you see that information does get returned when running the Connect-QADService in a PowerShell window. When I was testing parts of the code outside of the Sync Service, I noticed that data does get returned when running that command and that reminded me that there are times when the output needs to be suppressed. So, Out-Null is a way to suppress the output from a given command.

    You can redirect the output of Get-ARCommand from within the Active Roles Management Shell. You can run: 'Get-ARCommand | Get-Help -Full > ARMgmtShellHelp.txt'. This will output the full help information, including examples, for all AR Management Shell cmdlets.

  • 0 over 2 years ago in reply to samael ambrona

    On a side note, maybe there is a reason you are doing the Connect-QADService to then search AD through AR for the Group's DN value. However, the $SrcObj in the Sync Service is a pointer to the object in AD. So, just like you are obtaining the Group's name you can also get the Group's DN value in the same fashion: $dN = $SrcObj["distinguishedname"]. This should work for any attribute on the SrcObj. This way you can skip the Connect-QADService and then running the Get-QADGroup cmdlet.

  • 0 over 2 years ago in reply to Richard.Lambert

    Yes, I realized of that.

    At the end my script is quite more simpler Slight smile

    $GroupName = $srcObj["name"];
if ($GroupName -like '*Deprovisioned*')
{
  Return $false;
}
else
{
  Return $true
}

    In any case I use the connect-qadservice in other scripts where I need to modify some attribute and use the -control to write in the change history

  • 0 over 2 years ago in reply to Richard.Lambert

    Yep - grabbing the $SrcObj["distinguishedname"] is a much more efficient way to get that value.