Hi!
I am trying to start using the Active Directory adapter, but I can't get it to work.
Failed to execute the job.
The user might not have the rights to run Powershell.
The RSAT-AD-PowerShell module might not be installed.
Please run Powershell, and Import-Module ServerManager then Add-WindowsFeature RSAT-AD-PowerShell.
I ran these, and it was already installed and available.
I am running it on our AD Domain Controller directly, Windows Server 2016.
I tried it from commandline and powershell, both with my user and as admin.
Get-ADUser is working properly,
but .\dm-adapters --run "Asset Job Name" --token "$TOKEN" --workspace-id "$WORKSPACE" gives this error, here is the full log:
PS C:\jsm\assets-adapters-client> .\dm-adapters --run "Asset Job NAME" --token "$TOKEN" --workspace-id "$WORKSPACE"
Failed to execute the job. The user might not have the rights to run Powershell. The RSAT-AD-PowerShell module might not be installed. Please run Powershell, and Import-Module ServerManager then Add-WindowsFeature RSAT-AD-PowerShell.
2/5/2025 10:17:56 PM AccountName upn@domain.tld will be used for authentication.
2/5/2025 10:17:56 PM AccountName upn@domain.tld will be used for authentication.
2/5/2025 10:17:56 PM Encrypting password entered on command line.
2/5/2025 10:17:56 PM Encrypting password entered on command line.
2/5/2025 10:17:56 PM Attempting connection to AD target domain.tld using entered credentials for account upn@domain.tld
2/5/2025 10:17:56 PM Attempting connection to AD target domain.tld using entered credentials for account upn@domain.tld
2/5/2025 10:17:57 PM Error attempting to connect to Active Directory domain.tld
2/5/2025 10:17:57 PM Error attempting to connect to Active Directory domain.tld
2/5/2025 10:17:57 PM Bypassing data collection for target domain.tld
2/5/2025 10:17:57 PM Bypassing data collection for target domain.tld
2/5/2025 10:17:57 PM Write all captured information to file.
2/5/2025 10:17:57 PM Write all captured information to file.
2/5/2025 10:17:57 PM No AD computer information written.
2/5/2025 10:17:57 PM No AD computer information written.
2/5/2025 10:17:57 PM No AD user information written.
2/5/2025 10:17:57 PM No AD user information written.
2/5/2025 10:17:57 PM No AD sites and subnets information written.
2/5/2025 10:17:57 PM No AD sites and subnets information written.
Does anyone have an idea? I am a little stuck on what to try next?
Best regards,
Marco
Hi @Roy van den Berg thanks for your response. Hi @Marco Dieckhoff , you can try Roy’s suggestion. How have you configured the Active Directory job in Adapters? Did you provide the correct credentials to the domain controller in the Active Directory job configuration? Additionally, when you run the job in the adapter client CLI, who are you running the job as? Please verify this.
Regards,
Hi Hun,
To answer your questions first:
In the commandline I started it with my personal user with AD admin role,
while the Adapter config had a re-used user that is used by our old asset management tool for gathering information from AD.
But I got along your line of thinking, and also used the AD admin role user for the adapter settings - and the tool started working.
Now I "just" have to figure out what is it that stops the old asset user from accessing powershell, as I am quite sure part of that tooling was using powershell as well.
But I'll analyze internally, and will add any additional information that might be useful for others.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Looking at your log it seems the script is using upn@domain.tld for authentication. Did you alter that on purpose to hide the real login? Otherwise, might want to check the authentication settings of the Powershell adapter.
With kind regards,
Roy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi!
You are right, the upn user was there to hide our realone.
I re-used a user that is part of our old asset management tool for gathering information.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.