Description
If attributes are only unset with EnsureAttributes on Provider.AD (maybe others as well?) you'll receive an error about method $null
Steps to Reproduce
- Create Step with
@{
Name = 'AD - Remove phone number attributes'
Type = 'IdLE.Step.EnsureAttributes'
With = @{
AuthSessionName = 'AD'
IdentityKey = '{{Request.IdentityKeys.sAMAccountName}}'
Provider = 'AD'
Attributes = @{
mobile = $null
telephoneNumber = $null
}
}
}
- Plan + Execute
- Get Error
Expected Behavior
Attributes are set to $null
Actual Behavior
Error
Cannot bind argument to parameter 'MethodArguments' because it is null.
Environment
- PowerShell version: 7.5.4
- OS: Windows Server 2019
- IdLE version / commit: main branch
Additional Context
Not sure what is breaking it here. It seems that the defined supported / unsupported Attributes of EnsureAttributes is somehow in the way as well. Althought the error message with using
telephoneNumber = '' references to the old EnsureAttribute and not to the new plural one.
Also it refers to "CreateIdentity" not to "EnsureAttributes", what we use here?
Exception calling "EnsureAttribute" with "4" argument(s): "AD Provider: Unsupported attribute in EnsureAttribute operation.
Attribute: OtherAttributes
Supported attributes for EnsureAttribute:
- Department
- Description
- DisplayName
- EmailAddress
- GivenName
- Manager
- Surname
- Title
- UserPrincipalName
Note: Custom LDAP attributes and password attributes are not supported in EnsureAttribute.
For custom attributes, use CreateIdentity with OtherAttributes."
We need to find a clear pathway for attribute handling for CreateIdentity Attributes and EnsureAttributes Attributes. They seem to use in AD different set of supported attributes that can be set directly as -AttributeName parameter and via -OtherAttributes for New-ADUser, while Set-ADUser doesn't have this, but -Add, -Replace and -Remove parameters.
But basic conclusion is:
- any string for attributes in
EnsureAttributes (with supported parameter in Set-ADUser, but not in list of supported attributes from CreateIdentity) leads to an error on supported attributes
- OtherAttributes, although pointed out also dont work and gives same error
- any $null value on any value to unset a value results in MethodArguments error
Description
If attributes are only unset with EnsureAttributes on Provider.AD (maybe others as well?) you'll receive an error about method $null
Steps to Reproduce
Expected Behavior
Attributes are set to $null
Actual Behavior
Error
Environment
Additional Context
Not sure what is breaking it here. It seems that the defined supported / unsupported Attributes of EnsureAttributes is somehow in the way as well. Althought the error message with using
telephoneNumber = ''references to the oldEnsureAttributeand not to the new plural one.Also it refers to "CreateIdentity" not to "EnsureAttributes", what we use here?
We need to find a clear pathway for attribute handling for CreateIdentity Attributes and EnsureAttributes Attributes. They seem to use in AD different set of supported attributes that can be set directly as
-AttributeNameparameter and via-OtherAttributesforNew-ADUser, whileSet-ADUserdoesn't have this, but-Add,-Replaceand-Removeparameters.But basic conclusion is:
EnsureAttributes(with supported parameter inSet-ADUser, but not in list of supported attributes from CreateIdentity) leads to an error on supported attributes