This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Workflow Parameter

Hi all,

we need help while passing the parameter to workflow.

we have created a script to get the dfs share path permissions. script is working when we run from the powershell with Write-host. it is showing the permissions.

we are using same script in automated workflow, and created a custom function to specify in the workflow to run script activity.

when we run the script we are ending up with the Error "the expression after '&' in a pipeline element produced an object that was not valid. "

can anyone help to suggest what we are missing while running the automated workflow which is passing the parameter to script.

0 JohnnyQuest over 7 years ago

Not much to go on here.

Can you please tell us more about what data the script is trying to pass to the workflow?

Seeing some code (at least in the area of the error) would be helpful as well.
Cancel
Up 0 Down

Cancel
0 prasad over 7 years ago

Hi Johnny, thanks for the reply. we are also creating dfs share through ARS. and we are getting same error. here is the script to create dfs share...

================start here==================

#Check for a $path parameter, if not given prompt for it...
param (
[string]$folder = $workflow.Parameter("folder"),
[string]$tla = $workflow.Parameter("tla"),
[string]$env = $workflow.Parameter("env"),
[string]$globalgroup,
[string]$svcacct,
[string]$acct,
[string]$access
)

function createAppShare {

#######################################################################################################
#Declared variables
$type="application"
$dfsRoot="abc.com"
$dFileGroupsPath="OU=File,OU=Domain,OU=SM-Managed-Groups,OU=ManagedGroups,DC=abc,DC=com"
$gGroupsPath="OU=File,OU=Global,OU=SD-Managed-Groups,OU=ManagedGroups,DC=abc,DC=com"
$dfsnameSpace="Apps"

#NAS hostnames
$strNASProd="prodstore"
$strNASNProd="devstore"

#Default App Shares
$strDefProdApp="PRODAPP$"
$strDefNProdApp="NPRODAPP$"
#######################################################################################################
#Local Variables

#Array for Share types
$arrShareTypes = "application"

#Hash for share types to DFS namespace
$hshShareTypes = @{
"application" = "Applications"
}

#Array for envirnment types
$arrEnv = "DEV", "UAT", "PROD"
$hshEnv = @{
"DEV" = "D";
"UAT" = "U";
"PROD" = "P"
}

#Array for access
$arrAccess = "RW", "RX"

#Miscellaneous strings for further processing
$strToQtree; $strApplication; $strNas; $strShare; $strSharePath; $strPath; $strIsDefApp; $strTLAEnv

#By default set the $strSvrName to the non-prod instances
$strSvrName=$strNASNProd
$strDefApp=$strDefNProdApp

#######################################################################################################
#Functions
#######################################################################################################

function checkForDFSPath {
[cmdletbinding()]param(
[Parameter(Position=0,mandatory=$true)][string] $strDFSCheckPath
)

$ckresult = Get-DfsnFolderTarget $strDFSCheckPath -EA 0
#Write-Host "DEBUG result for checkForDFSPath function is '$ckresult'"
if ( $ckresult -ne $null ) {
#Write-Host -ForegroundColor Red "INPUT ERROR!! Parent path '$strDFSCheckPath' is already a DFS Target. Choose a different path to proceed. Exiting"
exit 10
}
}

#######################################################################################################
#Body
#######################################################################################################
#Requires -Version 4.0

#Import the DFSN module
Import-Module dfsn

#Ensure -tla is three letters long
$tla=$tla.ToUpper()
$measureObject = $tla | Measure-Object -Character;
if ( $measureObject.Characters -ne 3 ) {
#Write-Host -ForegroundColor Red "INPUT ERROR! -tla argument is not three characters long! Exiting..."
exit 2
}

#Ensure the $env is found in $arrEnvTypes or a two digit Environment and Instance number. Set $sharename variable for further processing
#Write-Host "DEBUG Got '$env' as an argument gonna do some processing on it"
$env=$env.ToUpper()
if ( $env -match '^\d{2}$' ) {
#Write-Host "DEBUG found a two digit number gonna check if it is prod or not"
$sharename=$tla + $env + "$"
$strTLAEnv = $tla + $env

#Change $strSvrName to strNASProd if 9 starts the $env variable
if ( $env -match "9\d" ) {
$strSvrName=$strNASProd
$strDefApp=$strDefProdApp
}

} elseif ( $arrEnv -contains $env ) {
$sharename=$tla + $hshEnv.Get_Item($env) + "$"
$strTLAEnv = $tla + $hshEnv.Get_Item($env)

#Change $strSvrName to strNASProd if PROD is the environment
if ($env -eq "PROD" ) {
$strSvrName=$strNASProd
$strDefApp=$strDefProdApp
}

}else {
#Write-Host -ForegroundColor Red "INPUT ERROR! -env must be 'DEV', 'UAT', 'PROD', or a two digit number(XX) representing the environment and instance number! Exiting..."
exit 3
}
#Write-Host "DEBUG using '$strSvrName' as target NAS"

#Ensure the $access is found in $arrAccess
if ($access ) {
$access=$access.ToUpper()
if ( $arrAccess -notcontains $access ) {
#Write-Host -ForegroundColor Red "INPUT ERROR! Optional argument -env must be 'RX', or 'RW'! Exiting..."
exit 4
}
}

#Use $type parameter to determine where to setup the DFS link and setup the $dfsPath variable
$type=$type.ToLower()
if ( $arrShareTypes -notcontains $type ) {
$(throw "-type must be either 'application' or 'collaboration'")
} else {
$dfsPath="\\$dfsroot\" + $hshShareTypes.Get_Item($type)
#Write-Host "DEBUG Setting up the $type share under $dfsPath"
}

#Determine the DFS path by splitting the $strPath string to determine the qtree dept.
if ( $type -eq "application" ) {

#Check to see if $strSharePath already exists, if it doesn't exit with error
$strShare="\\" + $strSvrName + "\" + $sharename
#Write-Host "DEBUG Testing path to $strShare"
if (!(Test-Path $strShare)) {
$strIsDefApp=1
#Write-Host "INFO! Share $strShare does not exist, will create it on the appropriate default app share $strDefApp"
$strShare="\\" + $strSvrName + "\" + $strDefApp
}
#Write-Host "DEBUG: strShare: $strShare"

#Construct the $strPath string and check to see if $strPath already exists, if so exit script
$strPath = $strShare + "\" + $folder

if ($strSvrName.ToLower().StartsWith("ntap")) {
#Write-Host "DEBUG Netapp server detected!!"
$strNas="netapp"

#Split the string by backslashes limiting the array to 5 elements with the 4th being the sharename
$arrPath = $strPath -split("\\",5)
$strSvrName=$arrPath[2]; $sharename=$arrPath[3]; $strRemains=$arrPath[4]
#Write-Host "DEBUG Path breakdown is as follows: servername:'$strSvrName' sharename: '$sharename' remains: '$strRemains'"
$strToShare="\\" + $strSvrName + "\" + $sharename
#Write-Host "DEBUG strToShare: $strToShare"
} else {
#Legacy nas does not have a qtree value
#Write-Host "DEBUG Legacy nas detected!!"
$strNas="legacy"
#Write-Host -ForegroundColor Red "FATAL ERROR!! could not determine that the target NAS is a Netapp SVM. No support for setting up shares on legacy NAS"
exit 6
}

#Error out if operator provides a traling backslah in -Folder argument
#Write-Host "DEBUG Checking for a trailing slash here"
if ($strRemains -match '\\$') {
#Write-Host -ForegroundColor Red "INPUT ERROR!!! Found a trailing backslash in folder argument '$strRemains'. Please rerun the script without trailing backslashes."
exit 7
#$strRemains = $strRemains -replace '\\$','' #Work in progress to remove all trailing backslahes
#Write-Host "DEBUG strRemains after removal is '$strRemains'"
}

#Verify that there are no '-' in the remaining string
if ($strRemains.Contains("-")) {
#Write-Host -ForegroundColor Red "INPUT ERROR!!! $strPath contains an invalid character '-'. Please remove the character and re-run the script."
exit 8
} else {
#Write-Host "DEBUG strRemains before replacement of backslashes '$strRemains' "
$strRemains = $strRemains -replace "\\","-"
#Write-Host "DEBUG strRemains after replacement '$strRemains' "
}

#Verify that a DFS folder structure specified under the share will not be more than three levels deep, else exit script with an error
if ( $strRemains ) {

$strApplication = "$tla$env"
#Write-Host "DEBUG application string: $strApplication"
$dfsPath += "\" + $tla + "-" + $env + "\"

#Write-Host "DEBUG Working on remaining string"
$arrRemains = $strRemains -split("-")
#Write-Host "DEBUG arrRemains after split: '$arrRemains' "

#If remaining string is greater than two, then exit on error
if ( $arrRemains.count -eq 1 ) {
#Write-Host "DEBUG Doing something with one thing"
$strDFSPathEnd = $arrRemains[0]
$strGroup = $arrRemains[0]
$strGroup = $strGroup -replace '\s',''
} elseif ( $arrRemains.count -eq 2 ) {
#Write-Host "DEBUG Doing something with two things"

#Use $strDFSCheckPath target's parents are DFSTargets already, if so error out
$strDFSCheckPath = $dfsPath + $arrRemains[0]
#Check $strDFSCheckPath if it is a DFSTarget already, if so error out
#Write-Host "DEBUG strDFSCheckPath 1 is '$strDFSCheckPath'"
checkForDFSPath $strDFSCheckPath

$strDFSPathEnd = $arrRemains[0] + "\" + $arrRemains[1]
$strGroup = $arrRemains[0] + "-" + $arrRemains[1]
$strGroup = $strGroup -replace '\s',''
} elseif ( $arrRemains.count -eq 3 ) {
#Write-Host "DEBUG Doing something with three things"

#Use $strDFSCheckPath target's parents are DFSTargets already, if so error out
$strDFSCheckPath = $dfsPath + $arrRemains[0]
#Check $strDFSCheckPath if it is a DFSTarget already, if so error out
#Write-Host "DEBUG strDFSCheckPath 1 is '$strDFSCheckPath'"
checkForDFSPath $strDFSCheckPath

$strDFSCheckPath += "\" + $arrRemains[1]
#Write-Host "DEBUG strDFSCheckPath 2 is '$strDFSCheckPath'"
checkForDFSPath $strDFSCheckPath

$strDFSPathEnd = $arrRemains[0] + "\" + $arrRemains[1] + "\" + $arrRemains[2]

$strGroup = $arrRemains[0] + "-" + $arrRemains[1] + "-" + $arrRemains[2]
$strGroup = $strGroup -replace '\s',''
} else {
#Write-Host -ForegroundColor Red "INPUT ERROR! Permissions may only go three level deep as a maximum. Check path and re-run script."
exit 9
}
} else {
#Write-Host -ForegroundColor Red "INPUT ERROR!!! Folder argument is blank or unreadable. Exiting."
exit 10
}

$dfsPath += $strDFSPathEnd
#Write-Host "DEBUG Setting up the $type share under $dfsPath"

#If the DFS path already exists then fatally exit
if (Test-Path $dfsPath) {
#Write-Host -ForegroundColor Red "INPUT ERROR! $dfsPath already exists. Check path and try again. Exiting..."
exit 11
}

#Verify that the path to the share exists then create the DFS paths, else fatally exit
if (Test-Path $strToShare) {

#Setup local variables for later use
$dgrouprw="d-File-$dfsnameSpace-$strApplication-$strGroup-Write"
$dgrouprx="d-File-$dfsnameSpace-$strApplication-$strGroup-Read"
$ggrouprw="g-File-$dfsnameSpace-$strApplication-$strGroup-Users"
$ggrouprx="g-File-$dfsnameSpace-$strApplication-$strGroup-RX-Users"

#Check to see if security group will be greater than 64 characters
$strGGroupLen = $ggrouprx.Length
if ($strGGroupLen -ge 65 ) {
#Write-Host -ForegroundColor Red "INPUT ERROR! Resulting group name is greater than the maximum of 64 characters! Please shorten the folder argument!"
exit 10
}

#Add code to insert a TLA+Env if using the default app share introduced in Version 1.3 of the script
if ( $strIsDefApp ) {
#Write-Host "DEBUG Default app string is detected gonna do some stuff"
$strSharePath = $strShare + "\" + $strTLAEnv + "-" + $strRemains
} else {
$strSharePath=$strShare + "\" + $strRemains
}

#Write-Host "DEBUG will use $strSharePath for DFS target folder"

#Create the path, if it doesn't exist. If it exists, exit
#Write-Host "DEBUG Creating $strSharePath"
if (Test-Path $strSharePath) {
#Write-Host -ForegroundColor Red "FATAL ERROR! DFS folder target $strSharePath already exists. Check to see if contents exist and remove it and rerun script. Exiting..."
exit 8
}
try {New-Item -ItemType "directory" -Path $strSharePath -ErrorAction stop|out-null} catch {
#Write-Host -ForegroundColor Red "FATAL ACCESS DENIED ERROR!!! '$strSharePath' could not be created. Run with the delegated account or follow-up with Platforms for access group memberships"
exit 16
}

#Create DFS Folder
#Write-Host "Creating DFS Path $dfsPath using $strSharePath as targetfolder"
New-DfsnFolder -TargetPath $strSharePath -Path $dfsPath | Out-Null

#Create d-file groups
New-ADGroup -Path "$dFileGroupsPath" -GroupScope DomainLocal -Name $dgrouprw
New-ADGroup -Path "$dFileGroupsPath" -GroupScope DomainLocal -Name $dgrouprx

#Use Start-Sleep function to wait 10 seconds to allow the newly created groups to be replicated across the domain
Start-Sleep -s 30

#Set foldername in the d-file groups
Set-ADGroup -Identity $dgrouprw -Add @{folderPathname = "$dfsPath"}
Set-ADGroup -Identity $dgrouprx -Add @{folderPathname = "$dfsPath"}

#Set permissions on the new folder
icacls "$strSharePath" /grant:r $dgrouprw":(OI)(CI)M" /grant:r $dgrouprx":(OI)(CI)RX" | Out-Null

#Create g-group if not specified as an argument.
New-ADGroup -Path "$gGroupsPath" -GroupScope Global -Name $ggrouprw
New-ADGroup -Path "$gGroupsPath" -GroupScope Global -Name $ggrouprx

#Use Start-Sleep function to wait 10 seconds to allow the newly created groups to be replicated accross the domain
Start-Sleep -s 30

Add-ADGroupMember $dgrouprw $ggrouprw
Add-ADGroupMember $dgrouprx $ggrouprx

#If a global group has been given as an argument, add the group to the appropriate g-file group created above if it exists
if ($globalgroup) {
#Write-Host "DEBUG groupck using '$globalgroup' as an argument"
$globalgroup = $globalgroup -replace " ","," #Replace a space character incase the operator did not encase the $globalgroup in quotes

#Add a loop through the $globalgroup argument by looking for a comma separated list
$arrGGroups = $globalgroup.Split(",")
#Write-Host "DEBUG there are " . $arrGGroups.Count . " elements in the array"
foreach($addGGroup in $arrGGroups) {

#Write-Host "DEBUG going to process '$addGGroup' "
$dGrpToAdd = $dgrouprw #Set default d group to add members as RW

#Split with a ':' in the $addAccount to see if RX is specified
$arrGGrpSplit = $addGGroup.Split(":")
$addGGroup=$arrGGrpSplit[0]; $access = $arrGGrpSplit[1]
if ($access) {
$access=$access.ToUpper()
#Write-Host "DEBUG found something $access"
if ($access -eq "RX") {
$dGrpToAdd = $dgrouprx
}
}

$ggroupck = [bool](Get-ADObject -filter {sAMAccountname -eq $addGGroup})
#Write-Host "DEBUG G-group check is '$ggroupck'"
if ($ggroupck) {
if ($access -and ($accesss -eq "RX")) {
#Write-Host "MEMBERSHIP INFO: Adding '$addGGroup' to $dGrpToAdd"
Add-ADGroupMember $dGrpToAdd $addGGroup
} else {
#Write-Host "MEMBERSHIP INFO: Adding '$addGGroup' to $dGrpToAdd"
Add-ADGroupMember $dGrpToAdd $addGGroup
}
} else {
#Write-Host -ForegroundColor Yellow "INPUT WARNING! Did not detect a group named '$addGGroup'. Please add membership to '$dGrpToAdd' manually..."
}

} #End of $arrGGroups ForEach loop
} #End of $globalgroup check if statement

#If a service account argument has been given as an argument, add the serviceaccount to the appropriate d-file group created above if it exists
if ($svcacct) {

$svcacct = $svcacct -replace " ","," #Replace a space character in case the operator did not encase the $svcacct in quotes

#Add a loop through the $acct argument by looking for a comma separated list
$arrSvcAccounts = $svcacct.Split(",")
#Write-Host "DEBUG there are " . $arrSvcAccounts.Count . " elements in the array"
foreach($addAccount in $arrSvcAccounts) {

$dGrpToAdd = $dgrouprw #Set default group to add members as RW

#Split with a ':' in the $addAccount to see if RX is specified
$arrAcctSplit = $addAccount.Split(":")
$addAccount=$arrAcctSplit[0]; $access = $arrAcctSplit[1]
if ($access) {
$access=$access.ToUpper()
#Write-Host "DEBUG found something $access"
if ($access -eq "RX") {
$dGrpToAdd = $dgrouprx
}
}

$svcacctck = [bool](Get-ADObject -filter {sAMAccountname -eq $addAccount})
#Write-Host "DEBUG Status of account check for $addAccount is '$svcacctck'"
if ($svcacctck) {
#Write-Host "MEMBERSHIP INFO: Adding '$addAccount' to $dGrpToAdd"
Add-ADGroupMember $dGrpToAdd $addAccount
} else {
#Write-Host -ForegroundColor Yellow "INPUT WARNING! Did not find a service account named '$addAccount'. Please add membership to $dGrpToAdd manually..."
}
} #End of $arrSvcAccounts ForEach loop
} #End of $svcacct check if statement

#If a user account argument has been given as an argument, add the user account to the appropriate g-file group created above if it exists
if ($acct) {

$acct = $acct -replace " ","," #Replace a space character in case the operator did not encase the $acct in quotes

#Add a loop through the $acct argument by looking for a comma separated list
$arrAccounts = $acct.Split(",")
#Write-Host "DEBUG there are " . $arrAccounts.Count . " elements in the array"
foreach($addAccount in $arrAccounts) {

$gGrpToAdd = $ggrouprw #Set default group to add members as RW

#Split with a ':' in the $addAccount to see if RX is specified
$arrAcctSplit = $addAccount.Split(":")
$addAccount=$arrAcctSplit[0]; $access = $arrAcctSplit[1]
if ($access) {
$access=$access.ToUpper()
#Write-Host "DEBUG found something $access"
if ($access -eq "RX") {
$gGrpToAdd = $ggrouprx
}
}

$acctck = [bool](Get-ADObject -filter {sAMAccountname -eq $addAccount})
#Write-Host "DEBUG Status of account check for $addAccount is '$acctck'"
if ($acctck) {
#Write-Host "MEMBERSHIP INFO: Adding '$addAccount' to $gGrpToAdd"
Add-ADGroupMember $gGrpToAdd $addAccount
} else {
#Write-Host -ForegroundColor Yellow "INPUT WARNING! Did not find an account named '$addAccount'. Please add membership to $gGrpToAdd manually..."
}
} #End of $arrAccounts ForEach loop
} #End of $acct check if statement

#Write-Host "Completed DFS creation. Global groups are $ggrouprw and $ggrouprx `n"

} else {
#Write-Host -ForegroundColor Red "INPUT ERROR! $strToShare is not reachable. Check path and try again. Exiting..."
exit 15
}
} #End of application if statement
}

========Ends here======================
Cancel
Up 0 Down

Cancel