0

I have two functions:

  1. CreateComputer-Group
  2. CreateCoomputer-Role

Once first function executes then GroupCreated in first function is used in second function to create computer role. How can I make sure first function execution is completed and then only second function to execute.

Here is the code:

$global:usergroup = "TACACS Admins"
$global:computerrole = "123413-NPARC"
$global:zone = "AWS"
$username = "<>"
$password = "<>"
[String[]] $global:HostServers = 'smp001-01','sl1ps01-13-8'
#[String[]] $global:HostServers = $hostServer.Replace("'","").Split(",")

Import-Module ActiveDirectory
Import-Module Centrify.DirectControl.PowerShell

$Password = ConvertTo-SecureString $password -AsPlainText -Force
$global:Cred = New-Object System.Management.Automation.PSCredential($username, $Password)
Set-CdmCredential -Domain test.com -Credential $Cred

function CreateComputer-Group {
    Param($Cred,$zone,$computerrole)
    try {
        New-ADGroup -Path "ou=Role Groups-Computer,ou=Centrify,ou=Operations,dc=qateradatacloud,dc=com" -Name $computerrole -GroupScope Global -GroupCategory Security -Credential $Cred -ErrorAction Stop
    } catch {
        $ErrorMessage = $_.Exception
        return $ErrorMessage
        break
    }
}

function create-computerRole {
    try {
    $ADGroupName = Get-ADGroup -Identity $computerrole
        Write-Host "********** Get Command Outout *********"
        Write-Host $ADGroupName
        Write-Host $CustomerZone
        Write-Host $computerrole

        $global:Hellow = New-CdmComputerRole -Zone $CustomerZone -Name $computerrole -Group $ADGroupName
        Write-Host $Hellow
    } catch {
        $ErrorMessage = $_.Exception
        return $ErrorMessage
    }
}

Not sure why New-CdmComputerRole command showing no such object on server.

Here is the output:

   ********** Get Command Outout *********
CN=123413-NPARC,OU=Role Groups-Computer,OU=Centrify,OU=Operations,DC=qateradatacloud,DC=com
CN=AWS,CN=qateradatacloud,CN=Zones,OU=Centrify,OU=Operations,DC=qateradatacloud,DC=com
123413-NPARC

System.DirectoryServices.DirectoryServicesCOMException (0x80072030): There is no such object on the server.

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.RefreshCache(String[] propertyNames)
at Centrify.DirectControl.Util.AD.DirectoryEntryEx.RefreshCache(DirectoryEntry de, String[] propertyNames)
at Centrify.DirectControl.Util.ActiveDirectory.Session.GetDirectoryEntryCheckOffline(String domainDcIpNetbios, String dn, String[] propertiesToLoad)
at Centrify.DirectControl.Util.ActiveDirectory.Session.GetDirectoryEntry(String domainDcIpNetbios, String dn, String[] propertiesToLoad)
at Centrify.DirectControl.Util.ActiveDirectory.Session.GetDirectoryEntry(String dn, String[] propertiesToLoad)
at Centrify.DirectControl.PowerShell.Types.CdmAdPrincipal.BindDirectoryEntry(Session session)
at Centrify.DirectControl.PowerShell.Types.CdmAdObject.Bind(Session session)
at Centrify.DirectControl.PowerShell.Commands.NewCdmComputerRole.InnerBeginProcessing()
at Centrify.DirectControl.PowerShell.CmdletBase.BeginProcessing()
at System.Management.Automation.Cmdlet.DoBeginProcessing()
at System.Management.Automation.CommandProcessorBase.DoBegin()
Ansgar Wiechers
  • 193,178
  • 25
  • 254
  • 328
snowcoder
  • 481
  • 1
  • 9
  • 23
  • I can't speak for these Centrify commands, but you can get into trouble with `New-AD*` commands when then retrieving those newly created objects. When there are multiple domain controllers, you can create an object on one domain controller and then query another one before the data has been replicated. If you do have multiple domain controllers, I recommend using the `-Server` parameter when you make those `New-AD*` and `Get-AD*` calls within the same scripts. – AdminOfThings Jun 05 '19 at 22:10
  • I have added Write-Host before commands and can see all required parameter are populated and but still command is not able to process it. – snowcoder Jun 05 '19 at 23:45
  • I expect to see 4 object outputs after computer role. I only see 3 including the blank output of $adgroup. Which one is missing? It seems like the problem is with $computerrole. Can you only output that? – AdminOfThings Jun 05 '19 at 23:54
  • I have updated the code and can see all value populated. If Run the command with populated value, its works (manually) but does not work in script. – snowcoder Jun 06 '19 at 00:21
  • Also, if I run both functions manually like execute first function and then second, it worked. I think when I am trying to execute them in one script is not working. Any idea how I can fix it. – snowcoder Jun 06 '19 at 00:29
  • I would make sure the functions are declared Before they are called. – AdminOfThings Jun 06 '19 at 00:57
  • Yes, functions are declared before they called in script. – snowcoder Jun 06 '19 at 16:23
  • Finally I had split entire script into two scripts. One for Create AG-Group and another for all Centrify Commands – snowcoder Jun 07 '19 at 22:37

1 Answers1

0

Finally I had split entire script into two scripts. One for Create AG-Group and another for all Centrify Commands

snowcoder
  • 481
  • 1
  • 9
  • 23