Dear all,
I would like to create a new workflow to assig local admin right to users that make a request to CSD but I'm stuck finding a way to trap the error of the script.
function PreExecuting($workflow, $activity){
$tn = $activity.Runtime.Controls["ticketnum"].Value
if ([string]::IsNullOrWhiteSpace($tn) -or -not ($tn -match '^INC\d{12}$')){
$workflow.ActivityFailure("Please insert a valid Ticket Number")
}
$hn = $activity.Runtime.Controls["systemname"].Value
if ([string]::IsNullOrWhiteSpace($activity.Runtime.Controls["systemname"].Value) -or -not ($hn -match '(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{1,63}(?<!-)\.)+[a-zA-Z]{2,63}$)') ){
$workflow.ActivityFailure("Please insert a valid System Host Name")
}
}
function PostExecuting($workflow, $activity) {
if ($activity.State.IsSuccess){
$msg = '------ Ticket number ' + $activity.Runtime.Controls["ticketnum"].Value + '-----------------------------------------------'
$global.LogError($msg)
$msg = 'Assigning Admin Rights to user ' + $workflow.UserInfo.AccountInfo.SamAccountName
$global.LogError($msg)
$msg = 'System host name ' + $activity.Runtime.Controls["systemname"].Value
$global.LogError($msg)
$hn = $activity.Runtime.Controls["systemname"].Value
$sam = $workflow.userinfo.accountinfo.SamAccountName
$un = 'DOMAIN\' + $sam
if ($activity.State.IsSuccess) {
psexec -nobanner -accepteula \\$hn -u DOMAIN\saccount -p xxxxxxx net localgroup Administrators $un /add 2>&1 >> c:\tmp\adminrights.txt
if( $?) {
$workflow.ActivityFailure("it was not possible to assign administrative privileges for $un on $hn. Please engage local .")
} else {
$workflow.ActivitySuccess("User $un has been assinged to Local Administrator group on $hn. Assign yourself a ticket to remove the privileges within 24h.")
}
}
if ($activity.State.IsSuccess){
$msg = 'Admin rights successfully assigned to the users User ' + $workflow.UserInfo.AccountInfo.name
$global.LogError($msg)
} else {
$msg = 'it was not possible to assign administrative privileges for ' + $workflow.UserInfo.AccountInfo.name + '. Please engage local .'
$global.LogError($msg)
}
}
}
but this section does not work properly and do not catch the errorstate of the command above.
if( $?) {
$workflow.ActivityFailure("it was not possible to assign administrative privileges for $un on $hn. Please engage local .")
} else {
$workflow.ActivitySuccess("User $un has been assinged to Local Administrator group on $hn. Assign yourself a ticket to remove the privileges within 24h.")
}
any idea on how I can sort it out?
regards,
Danilo
apparently the outcome of the powershell