I am calling the script module below from a Workflow in order to create new accounts from a CSV.
When I run the workflow manually (right click and select 'Run') the result is 'Access id Denied'. However, if I run the script in the same user context from the QARS management shell it succeeds.
("Allow the Workflow to be run on demand" is selected).
Any ides on why it doesn't work from the QARS Workflow?
Script Module:
function CreateUserAccounts {$Accounts = Import-Csv -Path “C:\Workday-Test\Joiners.csv”
# connect-qadservice -service KTNAPAPP720 -proxy
$WorkflowInfo = Get-QARSWorkflowInstance -Workflow “CN=Workday Import Joiners,CN=Workday,CN=Workflow,CN=Policies,CN=Configuration” -TaskStatus Pending
$WorkflowID = $WorkflowInfo.ID
$i = 1
foreach ($Account in $Accounts) {
$UserID = $Account.logonname
$Domain = $Account.FQDomain
$UPN = $UserID + “@” + $Domain
$OU = $Account.ou
$Password = $Account.pw
if ($Account.accountExpires -eq “”) {
$AccountExpires = $Null
}
else {
$accountExpires = $Account.accountExpires
}
$Description = $Account.description
$FirstName = $Account.givenName
$LastName = $Account.sn
$displayName = $Lastname + “, ” + $FirstName
$i ++
try {
New-QADUser -name $UserID -SamAccountName $UserID -ParentContainer $OU -UserPrincipalName $UPN -UserPassword $Password -Description $Description -FirstName $FirstName -LastName $LastName -displayName $displayName -ObjectAttributes @{VaPso_MailboxType='Regular';VAPso_MsolAccountSku='KTGLBUC:ENTERPRISEPACK'} -ErrorAction Stop
Set-qaduser -identity $upn -usermustchangepassword $true -accountExpires $accountExpires
}
catch {
$str += “Error occurred while processing Line ” + $i + ” where logonname = ” + $UserID
$str += [System.Environment]::NewLine
$str += $_
$str += [System.Environment]::NewLine
$str += “———————————————————-“
$str += [System.Environment]::NewLine
}
}
[System.IO.File]::AppendAllText(“C:\Workday-Test\Logs\Joiners-Logs\UserImport_$WorkflowID.log”, $str)
}
