I have a problem with the creating of home folder for AD Accounts. We don't have Job Service on the home server, so I had to customize default process to make this process to be executed by our job servers.
Everything works fine in development environment. I thought that OIM used credentials from the AD connector (which I entered in sync editor), but I was wrong.
Now I see that OIM tries to create home folder using credentials from "Logon As" of job service. (I use process task "FileComponent - CreatePath" for creating and "FileComponent - ModifyFileAccess_Win32" for setting rights)
We can’t get rights for Job Server account for creating folders.
So I tried to create process with using process task “PowerShellComponent – Execute Script” with script:
“Imports System
Imports System.Collections.Generic
Dim strLogin As String = Get_Encrypted_Login($XObjectKey$)
Dim strPassword As String = "&Out(DecryptedPwd)&"
Dim script As New StringBuilder()
script.Append("$creds = New-Object System.Management.Automation.PsCredential -ArgumentList """)
script.Append( strLogin )
script.Append( """,(ConvertTo-SecureString """)
script.Append( strPassword )
script.Append(""" –AsPlainText -force)")
script.Append(Environment.NewLine)
script.Append("Start-Process cmd.exe -ArgumentList ""/c mkdir ")
script.Append($HomeDirectory$)
script.Append(""" -Credential $creds")
script.Append(Environment.NewLine)
Value = script.ToString() ”
When I use such PowerShell script in PowerShell console it creates folder (with the same creds), but it doesn’t create folder from the process, though I don’t get any errors (process finishes successfully). May be I can’t use command “Start-Process” ?
How can I solve my problem and create folder using necessary creds?