Scripted Host Adapter and calling Scripts

Similar Messages

• ACF2 Scripted Host Adapter | Add groups to users

  I am exploring options to provision to ACF2. We need to assign ACF2 groups to users and the ACF2 resource (or mainframes) behave different from other resources. Users get assigned into groups rather than groups getting added to the user.
  To accommodate this we plan to use the ScriptedHost adapter and write a ResourceAction Update script to actually add the user to the group requested. The side effect to this approach is that we now need to code scripts for all other actions like create, delete, disable, enable etc.. Is this how everybody does it - or is there a better approach? I am thinking around the lines of after actions with an ACF2 adapter...
  Also - once you create the scripts as resource actions in the ScriptedHost adapter, do we have control to call them whenever we like - or are they automatically triggered - like the Create resourceaction script is called when a user is assigned the scriptedhost as a resource. So apart from configuring the different script names in the ScriptedHost resource wizard, nothing else needs to be done to make the provisioning work with the ACF2 resource?
  And is the order of script execution automatically maintained - like Login action is called first before the Create action and finally the Logoff action.
  Thanks in advance.

  Hey Anokun,
  I am reading up on how to create Scripted Host Adapters. I will be creating 13 of them soon. I have looked over all the docs I could find and am still a little bit lost. I think that the samplescreenactions can be used as a template. I'm still not quite sure how to go about creating these actual Adapters. I would was wondering if you had an example of a scripted host adapter you had that you could share with me.
  Thanks,
  Nik

• Scripted Host Adapter - Workflow

  I was wondering if anyone knew the best way to get the Scripted Host Resource Adapter that I created in the admin console and then call the scripts that were assigned to this Scripted Host Adapter from a workflow. I am just trying to do some initial Proof of Concept work so I can understand how to do this for an upcoming project. I am a little lost on how this works. I have used LDAP adapters before in workflows but it seems this is different with having scripts attached.

  Hi,
  creating users in mysql-db is pretty easy. just use the scripted jdbc-adapter;
  see documentation Identity Manager Resource Reference and look at sample code in .../idm/sample/ScriptedJdbc - pretty easy, script language is java script or beanshell (in IDM 8.x).
  you define a scripted jdbc resource - and add resource actions for create, update, delete.
  when you assign this resource to a user in admin ui than the create user resource action will be called.
  yours,
  mst1234

• Scriped Host Adapter in IDM

  Hi,
  I just want to know is Scripted Host Adapter In IDM is supported for AS400 Machine.
  As i know AS400 is using TN5250 emulation but Scriped Host Adapter support TN3270 emulation.
  If any body have any idea about it will be great help.
  Thanx
  Shant

  Hi,
  could anyone provide me sample resource action files for modify and delete action for a scripted host adapter which is used to connect an mainframe resource?
  Thanks,

• Is the Aardvark OEM I2C Host Adapter supported with Labview?

  Hi All,
  I am now looking forward to use Aardvark OEM I2C Host Adapter (http://www.totalphase.com/products/aardvark-oem-i2c/)
  in LabView2013.
  Question:
  Is this device supported with LabView?
  How can I use this device?
  Best Thanks,
  Jessie

  Yes
  We have plan to buy and use Aardvark OEM I2C Host Adapter and use it with LabView2013.
  I am searching if this device already has LabView VI's for I2C communication.
  I am not sure If we can use the VI's for Aardvark I2C/SPI Host Adapter to Aardvark OEM I2C Host Adapter.
  Before we decide  to buy Aardvark OEM I2C Host Adapter we just want to make sure that we can use it.
  Best Thanks.
  Jessie

• Error During Method Call in Scripting Host

  Hey all ,
  I am running a webdynpro application , which runs an Ecatt which in turn runs an Underlying SAP GUI recording , and as soon we hit the  SAP GUI command we are getting an Error saying ERROR DURING METHOD CALL IN SCRIPTING HOST.
  As of now we know that this might be a security issue as this was working perfectly fine when we were running on a R3 system.
  If any of you have come across such a situation and was able to find a work around it would be of great help if you respond back as I need this info ASAP.
  Thanks And Kind Regards,
  Nischal

  Hi Lawrence,
  I have analyzed the condition, and come with the conclusion that, when eCATT calls QTP in integrated mode, and downloads the QTP scripts from server to your local machine,  it requires more memory. So try to free memory on C drive and don't keep running more application on the local machine.
  Thanks,
  Mahantesh

• Script to fetch in a folder and call FM EDI_DATA_INCOMMING

  Hi All,
  I am trying a inbound file to idoc scenario to post an idoc. The idoc files are presently placed in a folder in application server.
  When the script is run the idoc file should get picked from the folder in Application server and pass it to the FM EDI_DATA_INCOMMING. I am using the below script.
  startrfc -3 -d Q11 -u USER_ID -p P1234 -c CLN -l EN -h HOST_NAME -s 10 -F EDI_DATA_INCOMING -E PORT=EXT u2013E
  PATHNAME=E:\usr\sap\File
  This gives error .
  Can you plz let me know if the script is correct and why I get the error . I have specified all parameters in the script.
  Also if Instead of a folder in Application Server , I need to pick the file from an external FTP Folder, what would be the script?
  Thanks in advance

  Hi Markus,
  I  along with basis consultant wrote the script on the smilar lines as yours. We could not directly use your script is a unix command.
  We are running on windows 2008 SR2 OS . We wrote few scripts with different parameters each time none of them works. Below are the 4 scripts that we have run one by one . None of them work. They are giving similar error 
  can you please check and let us know if there are any mistake in any of the below scripts?
  The path name specified in the script is where we have placed the IDOC that we want to process.
  Script A
  E:\usr\sap\EC1\SYS\exe\uc\NTAMD64\startrfc.exe -3 -d EC1 -u usr1 -p pwd1 -c 210 -l EN -h 172.XX.X.XX -s 20 -F EDI_DATA_INCOMING -E PORT=XXR_PRT1 u2013E PATHNAME:
  BR1ER1QI02\sapmnt\trans\Interface\EDI\Inbound\IDOC1.txt
  Script B
  ======================================================================================
  E:\usr\sap\ERQ\SYS\exe\uc\NTAMD64\startrfc.exe -3 -d EC1 -u usr1 -p pwd1 -c 210 -l EN -h 172. XX.X.XX -s 20 -F EDI_DATA_INCOMING -E PORT= XXR_PRT1 u2013E PATHNAME= IDOC1.txt
  Script C
  ======================================================================================
  startrfc.exe -3 -d EC1 -u usr1 -p pwd1 -c 210 -l EN -h 172.XX.X.XX -s 20 -F EDI_DATA_INCOMING -E PORT= XXR_PRT1 u2013E PATHNAME:
  BR1ER1QI02\sapmnt\trans\Interface\EDI\Inbound\ IDOC1.txt
  Script D
  ======================================================================================
  startrfc.exe -3 -d EC1 -u usr1 -p pwd1 -c 210 -l EN -h 172.XX.X.XX -s 20 -F EDI_DATA_INCOMING -E PORT= XXR_PRT1 u2013E PATHNAME= IDOC1.txt
  Error we are getting:
  =======================================================================================
  RFC Call/Exception: SYSTEM_FAILURE
  Group Error group 104
  Key RFC_ERROR_SYSTEM_FAILURE
  Message Error at OPEN '
  BR1ER1QI02\sapmnt\trans\Interface\EDI\Inbound\' (ch
  eck file)
  Its pretty urgent. Any help on this is highly appreciable.
  Thanks

• Mail command in script hangs and does not release control to calling script

  Hello folks,
  I am running in a situation which I haven't seen before.
  Main script calls function which executes another script.
  No matter which statement is the last in called script, it hangs on the last line and does not return control to main script.
  I tried to call another script not within the function - it is the same result.
  Can you help please.
  Below example of code:
  --- Main script:
  function checksum
  set -x
  /sybdump/ukgoald/scripts/egrep_expr1
  ##MAIN --- call to script script execution which runs mail command
  checksum
  ---- trace execution of called script:
  + read A B RF_FULL_NAME
  + print
  + /usr/bin/mailx -s Checksum Report [email protected]
  + 0< /sybdump/ukgoald/dump1/egrep_expr1.log3
  + print
  + return 0
  Edited by: ge**** on Dec 14, 2010 11:29 PM

  Hello folks,
  I am running in a situation which I haven't seen before.
  Main script calls function which executes another script.
  No matter which statement is the last in called script, it hangs on the last line and does not return control to main script.
  I tried to call another script not within the function - it is the same result.
  Can you help please.
  Below example of code:
  --- Main script:
  function checksum
  set -x
  /sybdump/ukgoald/scripts/egrep_expr1
  ##MAIN --- call to script script execution which runs mail command
  checksum
  ---- trace execution of called script:
  + read A B RF_FULL_NAME
  + print
  + /usr/bin/mailx -s Checksum Report [email protected]
  + 0< /sybdump/ukgoald/dump1/egrep_expr1.log3
  + print
  + return 0
  Edited by: ge**** on Dec 14, 2010 11:29 PM

• Call List Management and Interactive Script Editor Examples

  Hello All,
  Can any one provide docus on Call list management and Interactive Script Editor Exercises or any examples how to implement them.
  kindly m a i l me: r a j . k a n d i AT y a h o o . c o m
  Cheers Raj.

  Muneeb,
  I have found what looks like a solution for marketing attributes.
  Marketing attribute in the text field, interactive script
  However, even though I followed this It is still NOT updating the marketing attributes for the given BP.
  Also, I am no further forward in knowing how to add BDC Field entries in the Answer so that we can update BP fields like the preferred communication method etc.
  I would like to hear from you if you have found a solution Muneeb.
  With regards
  Jason

• Shell script adapter and passwords

  Does anyone know how to get a password into a shell script resource adapter?
  I've set up the "password" attribute in my resource adapter's schema, expecting at least to see the encrypted password in in $WSUSER_password, but it's always empty. Other attributes I add to the resource scheme show up in the scripts as shell variables just fine.
  Side question - the Solaris resource adapter, which looks a lot like the shell script adapter, doesn't even have a password in its schema map, yet it seems to set passwords just fine. What's up with that?
  The ShellScriptResourceObjects55.xml example doesn't seem to deal with passwords at all.

  Hi,
  Have you been able to resolve this issue?
  I am currently working on configuring a Shell Script Resource on my IDM system.
  I am still in the "*Create User"* stage of things (I haven't even begun working with the other Actions : Get User, Get All Users, Delete User, Update User)
  After a month-long period of trial-and-error, and a lot of headaches, I finally succeeded in Creating a new user on my Unix Machine, without any errors
  Except for one thing : for some reason, the user I create is not being given a password!
  A first, I configured the "Attribute Mapping" page to include a "Password" attribute. This did not work.
  Then I removed the password from there (I figured that when I input the user's basic information on the IDENTITY tab in IDM, then the password gets automatically passed to the Unix machine).
  Still, this did not work.
  The funniest thing is : I am not getting any errors. The user is created on my Unix machine. And, also, in my My-SQL database.
  The problem is : when I try to log into that same Unix machine as the user, it does not work, because......of course.....*.there is NO PASSWORD*.
  What could be the problem?

• Can I call host file ( Unix Shell script ) from Oracle 10g trigger

  Hi,
  I am new to Oracle 10g. Can I call host file ( unix shell script ) from Oracle 10g trigger ?. I know it is possible. Pl explain me with small example
  thanks & regards
  parag

  user12009546 wrote:
  Hi,
  I am new to Oracle 10g. Can I call host file ( unix shell script ) from Oracle 10g trigger ?. I know it is possible. Pl explain me with small example
  thanks & regards
  paragIf you are in 10g, you can simple call shell script from DBMS_SCHEDULER:
  BEGIN
  DBMS_SCHEDULER.CREATE_JOB (
  job_name => 'TEST_SCRIPT',
  job_type => 'EXECUTABLE',
  job_action => 'PATH_OF_YOUR_SCRIPT',
  start_date => SYSDATE,
  repeat_interval => 'FREQ=MINUTELY; INTERVAL=1',
  enabled => TRUE,
  comments => 'Shell script from Oracle'
  END;
  /

• Run the jcwde once and call many APDU scripts simultaneously?

  Hello everybody.I currentrly try to develop an applet and I was wondering if it is possible to run the jcwde tool just once and call many apdu scripts(.scr files).
  For example let says that you create an applet which has functions(INStrunctions) such as:
  1)Verify Pin
  2)Create a Record
  3)Read a Record and e.tc...
  In one window you ran the jcwde tool and you open let say 2 windows.In the first DOS-window you call the APDU script for the verifation of the PIN and in the second window you ran the APDU script which is responsible for creating a record.(but the jcwde is ran just once)
  I will really appreciate any help and asistance.
  Thanks.

  Hello again.I used to run multiple APDU script by using the apdutool and the jcwde once.
  I tied today to run the multiple APDU scripts from the DOS but I had problem.The code of the APDU scripts are :
  //Code of the createNew.scr
  powerup;
  //Select the installer-invoke the on-card installer
  //CLA INS P1 P2 Lc |--- data fields==Lc ----------|
  0x00 0xA4 0x04 0x00 0x09 0xa0 0x00 0x00 0x00 0x62 0x03 0x01 0x08 0x01 0x7F;
  //create Newapplet-From the file jcwde.app(AID) Le=8..PINnumber=0102030405-Declare it here
  0x80 0xB8 0x00 0x00 0x13 0x0a 0xa0 0x0 0x0 0x0 0x62 0x3 0x1 0xc 0x9 0x1 0x07 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x7F;
  //Select Newapplet
  0x00 0xA4 0x04 0x00 0x0a 0xa0 0x0 0x0 0x0 0x62 0x3 0x1 0xc 0x9 0x1 0x7F;
  //powerdown;
  And the code of the verify script is:
  //powerup;
  //Verify user's PIN input
  //Cla INS P1 P2 Lc |--- PIN data from the demo1.scr APDU script--
  0xB1 0x10 0x00 0x00 0x07 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x7F;
  powerdown;
  AS you can see the powerup command included only in the first file and the powerdown command in the second file.
  I executed the files from the DOS command as following:
  c:\>apdutool createNew.scr verify.scr
  But it returns me the message:
  com.sun.javacard.apdutool.ReaderWriterError: Lexical error at line 12, column 13
  . Encountered <EOF> after "//powerdown;".
  com.sun.javacard.apdutool.ReaderWriterError: Card powered down. (0x15)
  The first file createNew.scr is executed properly and then it displays me the above message.
  I also tried to run the multiple scripts with including the powerup and powerdown commands in the both files.No result.
  Have you got idea what is going on?
  Thank you.

• Having multiple problems with script - NTFS Permissions and AD Groups

  Hi, all!  I'm having multiple problems with my first script I've written with Powershell.  The script below does the following:
  1. Prompts the user for a corporate division under which a shared folder will be created, and adjusts variables accordingly.
  2. Prompts if the folder will be a global folder or an office/location-specific folder, and makes appropriate adjustments to variables.
  3.  If a global folder, prompts for the name.  If an office/location-specific folder, prompts for each component of the street address, city and state and an optional modifier.  I've prompted for this information in this way because the information
  is used differently later on in the script.
  4.  Verifies the entered information and requests confirmation to proceed.
  5.  Creates the folder.
  6.  Creates an AD OU and/or security group(s).
  7.  Applies appropriate security groups to the new folder and removes undesired permissions.
  Import-Module ActiveDirectory
  $Division = ""
  $DivAbbr = ""
  $OU = ""
  $OUDrive = "AD:\"
  $FolderName = ""
  $OUName = ""
  $GroupName = ""
  $OURoot = "ou=DFS Restructure Testing OU,ou=Pennsylvania Camp Hill 4410 Industrial Park Rd,ou=Locations,ou=Camp Hill,dc=jacobsonco,DC=com"
  $FSRoot = "E:\"
  $FolderPath = ""
  $DefaultFolders = "Archive","Customer Service","Equipment","Inbounds","Management","Outbounds","Processes","Projects","Quality","Reports","Returns","Safety","Schedules","Time Keeping","Training"
  [bool]$Location = 0
  do {
  $userInput = Read-Host "Enter CLS Division: (W)arehousing, (S)taffing, or (P)ackaging"
  Switch ($userInput)
  W {$Division = "Warehousing"; $DivAbbr = "WHSE"; $OU = "ou=Warehousing,"; break}
  S {"Staffing is not yet implemented."; break}
  P {"Packaging is not yet implemented."; break}
  default {"Invalid choice. Please re-enter."; break}
  while ($DivAbbr -eq "")
  write-host ""
  write-host ($Division + " was selected.")
  $FolderPath = $Division + "\"
  write-host ""
  $choice = ""
  do {
  $choice = Read-Host "Will this be a (G)lobal folder or (L)ocation folder?"
  Switch ($choice)
  G {$Location = $false; break}
  L {$Location = $true; $FolderPath = $FolderPath + "Locations\"; $OU = "ou=Locations," + $OU; break}
  default {"Invalid choice. Please re-enter."; $choice = ""; break}
  while ($choice -eq "")
  write-host ""
  write-host ("Location is set to: " + $Location)
  write-host ""
  if ($Location -eq $false) {
  $FolderName = Read-Host "Please enter folder name:"
  $GroupName = $DivAbbr + " " + $FolderName
  } else {
  $input = Read-Host "Please enter two-letter state abbreviation:"
  $FolderName = $FolderName + $input + " "
  $input = Read-Host "Please enter city:"
  $FolderName = $FolderName + $input + " "
  $input = Read-Host "Please enter street address number only:"
  $FolderName = $FolderName + $input
  $GroupName = $DivAbbr + " " + $FolderName
  $FolderName = $FolderName + " "
  $input = Read-Host "Please enter street name:"
  $FolderName = $FolderName + $input
  $input = Read-Host "Please enter any optional information to appear in folder name:"
  if ($input -ne "") {
  $FolderName = $FolderName + " " + $input
  $OUName = $FolderName
  write-host
  write-host "Path for folder: "$FSRoot$FolderPath$FolderName
  write-host "AD Path: "$OUDrive$OU$OURoot
  write-host "New OU Name: "$OUName
  write-host -NoNewLine "New Security Group names: "$GroupName
  if ($Location -eq $true) { write-host " and "$GroupName" MGMT" }
  write-host
  $input = Read-Host "Please confirm creation of new site/folder: (Y/N) "
  if ($input -ne "Y") { Exit }
  write-host
  write-host -NoNewLine "Folder exists: "; Test-Path ($FSRoot + $FolderPath + $FolderName)
  if (Test-Path ($FSRoot + $FolderPath + $FolderName)) {
  Write-Host "Folder already exists! Skipping folder creation..."
  } else {
  write-host "Folder does not exist. Creating..."
  new-item -path ($FSRoot + $FolderPath) -name $FolderName -itemtype directory
  Set-Location ($FSRoot + $FolderPath + $FolderName)
  if ($Location -eq $true) {
  $tempOUName = "ou=" + $OUName + ","
  write-host
  write-host $OUDrive$tempOUName$OU$OURoot
  write-host
  write-host -NoNewLine "OU exists: "; Test-Path ($OUDrive + $tempOUName + $OU + $OURoot)
  if (Test-Path ($OUDrive + $tempOUName + $OU + $OURoot)) {
  Write-Host "OU already exists! Skipping OU creation..."
  } else {
  write-host "OU does not exist. Creating..."
  New-ADOrganizationalUnit -Name $OUName -Path ($OU + $OURoot) -ProtectedFromAccidentalDeletion $false
  $GroupNameMGMT = $GroupName + " MGMT"
  if (!(Test-Path ($OUDrive + "CN=" + $GroupName + "," + $tempOUName + $OU + $OURoot))) { write-host "Normal user group does not exist. Creating..."; New-ADGroup -Name $GroupName -GroupCategory Security -GroupScope Global -Path ("OU=" + $OUName + "," + $OU + $OURoot)}
  if (!(Test-Path ($OUDrive + "CN=" + $GroupNameMGMT + "," + $tempOUName + $OU + $OURoot))) { write-host "Management user group does not exist. Creating..."; New-ADGroup -Name $GroupNameMGMT -GroupCategory Security -GroupScope Global -Path ("OU=" + $OUName + "," + $OU + $OURoot)}
  $FolderACL = get-acl ($FSRoot + $FolderPath + $FolderName)
  $FolderACL.SetAccessRuleProtection($True,$True)
  # $FolderACL.Access | where {$_.IdentityReference -eq "BUILTIN\Users"} | %{$FolderACL.RemoveAccessRuleAll($_)}
  $BIUsers = New-Object System.Security.Principal.NTAccount("BUILTIN\Users")
  $BIUsersSID = $BIUsers.Translate([System.Security.Principal.SecurityIdentifier])
  write-host $BIUsersSID.Value
  # out-string -inputObject $BIUsers
  $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($BIUsersSID.Value,"ReadAndExecute,AppendData,CreateFiles,Synchronize","ContainerInherit, ObjectInherit", "None", "Allow")
  $FolderACL.RemoveAccessRuleAll($Ar)
  Set-ACL ($FSRoot + $FolderPath + $FolderName) $FolderACL
  get-acl ($FSRoot + $FolderPath + $FolderName) | fl
  $FolderACL = get-acl ($FSRoot + $FolderPath + $FolderName)
  $ADGroupName = "JACOBSON\" + $GroupName
  $objUser = New-Object System.Security.Principal.NTAccount($ADGroupName)
  $objUser.Translate([System.Security.Principal.SecurityIdentifier]).Value
  write-host $ADGroupName
  write-host $objUser.Value
  $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($ADGroupName,"ReadAndExecute","ContainerInherit, ObjectInherit", "None", "Allow")
  Out-String -InputObject $ar
  $FolderACL.AddAccessRule($Ar)
  $ADGroupName = "JACOBSON\" + $GroupNameMGMT
  $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($ADGroupName, "Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
  Out-String -InputObject $ar
  $FolderACL.AddAccessRule($Ar)
  Set-ACL ($FSRoot + $FolderPath + $FolderName) $FolderACL
  } else {
  $tempOUName = "cn=" + $GroupName + ","
  write-host
  write-host $OUDrive$tempOUName$OU$OURoot
  write-host
  write-host -NoNewLine "Group exists: "; Test-Path ($OUDrive + $tempOUName + $OU + $OURoot)
  if (Test-Path ($OUDrive + $tempOUName + $OU + $OURoot)) {
  Write-Host "Security group already exists! Skipping new security group creation..."
  } else {
  write-host "Security group does not exist. Creating..."
  New-ADGroup -Name $GroupName -GroupCategory Security -GroupScope Global -Path ($OU + $OURoot)
  $FolderACL = get-acl ($FSRoot + $FolderPath + $FolderName)
  $ADGroupName = "JACOBSON\" + $GroupName
  $FolderACL.SetAccessRuleProtection($True,$True)
  $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($ADGroupName,"Modify","ContainerInherit, ObjectInherit", "None", "Allow")
  $FolderACL.AddAccessRule($Ar)
  $FolderACL.Access | where {$_.IdentityReference -eq "BUILTIN\Users"} | %{$FolderACL.RemoveAccessRuleAll($_)}
  Set-ACL ($FSRoot + $FolderPath + $FolderName) $FolderACL
  My problems right now are in the assignment/removal of security groups on the newly-created folder, and the problems are two-fold.  Yes, I am running this script as an Administrator.
  First, I am unable to remove the BUILTIN\Users group from the folder when this is an office/location-specific folder.  I've tried to remove the group in several different ways, and none are having any effect.  Oddly, if I type in the lines directly
  into Powershell, they work as expected.  I've tried the following methods:
  $FolderACL = get-acl ($FSRoot + $FolderPath + $FolderName)
  $FolderACL.SetAccessRuleProtection($True,$True)
  $FolderACL.Access | where {$_.IdentityReference -eq "BUILTIN\Users"} | %{$FolderACL.RemoveAccessRuleAll($_)}
  Set-ACL ($FSRoot + $FolderPath + $FolderName) $FolderACL
  $FolderACL = get-acl ($FSRoot + $FolderPath + $FolderName)
  $FolderACL.SetAccessRuleProtection($True,$True)
  $BIUsers = New-Object System.Security.Principal.NTAccount("BUILTIN\Users")
  $BIUsersSID = $BIUsers.Translate([System.Security.Principal.SecurityIdentifier])
  $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($BIUsersSID.Value,"ReadAndExecute,AppendData,CreateFiles,Synchronize","ContainerInherit, ObjectInherit", "None", "Allow")
  $FolderACL.RemoveAccessRuleAll($Ar)
  Set-ACL ($FSRoot + $FolderPath + $FolderName) $FolderACL
  In the first case, the script goes through and has no apparent effect because afterwards, I do a get-acl and the BUILTIN\Users group is still there, although when looking through the GUI, inheritance appears to have been broken from the parent folder.
  In the second case, I get the following error message:
  Exception calling "RemoveAccessRuleAll" with "1" argument(s): "Some or all identity references could not be translated."
  At C:\Users\tesdallb\Documents\FileServerBuild.ps1:110 char:5
  +     $FolderACL.RemoveAccessRuleAll($Ar)
  +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
      + FullyQualifiedErrorId : IdentityNotMappedException
  This seems strange that the local server is unable to translate the SID of a BUILTIN account.  I've also tried explicitly putting in the BUILTIN\Users SID in place of the variable in the New-Object line, but that gives me the same error.  I've
  also tried the solutions given in this thread:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/ad59dc58-1360-4652-ae09-2cd4273cbd4f/remove-acl-issue?forum=winserverpowershell and at this URL:
  http://technet.microsoft.com/en-us/library/ff730951.aspx but these solutions also failed to have any effect.
  My second problem is when I try to apply the newly-created security groups, I also will get the "Some or all identity references could not be translated."  I thought I had found a workaround to the problem by adding the -PassThru option to
  the New-ADGroup commands, because it would output the SID of the group after creation, however a few lines later, the server is unable to translate the account to apply the security groups to the folder.
  My first Powershell script has been working well up to this point and now I seem to have hit a showstopper.  Any help is appreciated.
  Thanks!

  I was hoping to stay with strictly Powershell, but unless I can find a Powershell solution, I may resort to ICACLS.
  As for the problems with my groups not being translatable right after creating them, I think I have solved this problem by using the -Server parameter on all my New-ADGroup commands and this example code seems to have gotten around the translation problem,
  again utilizing the -Server parameter on the Get-ADGroup command:
  get-acl ($FSRoot + $FolderPath + $FolderName) | fl
  $FolderACL = get-acl ($FSRoot + $FolderPath + $FolderName)
  # Add the new normal users group to the folder with Read and Execute permissions
  $GroupSID = Get-ADGroup -Identity $GroupName -Server chadc01.jacobsonco.com | Select-Object -ExpandProperty SID
  $SIDIdentity = New-Object System.Security.Principal.SecurityIdentifier($GroupSID)
  $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($SIDIdentity,"ReadAndExecute","ContainerInherit, ObjectInherit", "None", "Allow")
  $FolderACL.AddAccessRule($Ar)
  # Add the management users group to the folder with Modify permissions
  $GroupMGMTSID = Get-ADGroup -Identity $GroupNameMGMT -Server chadc01.jacobsonco.com | Select-Object -ExpandProperty SID
  $SIDIdentity = New-Object System.Security.Principal.SecurityIdentifier($GroupMGMTSID)
  $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($SIDIdentity, "Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
  $FolderACL.AddAccessRule($Ar)
  Set-ACL ($FSRoot + $FolderPath + $FolderName) $FolderACL
  Going this route seems to ensure that the Domain Controller I'm creating my groups on is the same one that I'm querying for the group's SID to use in the FileSystemAccessRule.  It's been working fairly consistently.
  Still having issues with the translation of the BUILTIN\Users group, though. 

• Call script from script; exit code issues

  I have verified in a very simple pair of scripts that I can feed an exit code back to the calling script. My "Parent" test is little more than 
  powershell.exe -file "$ScriptPath\child.ps1"
  Write-Host "$LASTEXITCODE!!!"
  and the child script is just
  Exit 1
  And that Write-host comes back correctly. I have even tried it with two different child scripts, with different rerun codes, being called from Parent back to back. All good.
  However, in a more complicated script, where the child script has conditional exits, I am getting 0 all the time. The conditional looks like this
  if ($Global:MemberofSet) {
      if ($Global:ErrorOccured) {
          Write-Host '1'
          Exit 1
      else {
          Write-Host '0'
          Exit 0
  And even when the 1 echoes, I still get a $LASTEXITCODE of 0.
  Is there some known issue here that I am not aware of? Using PS 2.0, FWIW.
  Thanks!

  Um, no, more that I remmed out
  [CmdletBinding()] at the top of each child script and with no other changes everything is working exactly as it should. Not sure why it worked, but I am certainly not imagining it.
  For shits and giggles I also added the binding in my little test script set, and that is now broken,
  with no other changes. I really hadn't created a good test obviously, but I wasn't expecting binding to matter. Would love to hear an explanation as to why it would
  For anyone wanting to see the behavior, these are the three test scripts, and you run the Arch script. With binding enabled DTV will show 1, but return 0. Rem the
  bindings and DTV will correctly return 1. I also tested RVT to not be MemberofSet, so -1 is returned, and $LASTEXITCODE shows a wonky number as expected given the bug in 2.0 and negative return codes. 
  NOTE: In the test the argument in the child scripts is not used, it's just there to avoid the error you otherwise get when binding. In my "live" code the
  arguments are mandatory and used.
  Arch_2015.ps1
  powershell.exe -file "RVT_2015.ps1"
      Write-Host "$LASTEXITCODE!"
  powershell.exe -file "DTV_2015.ps1"
      Write-Host "$LASTEXITCODE!"
  DTV_2015.ps1
  [CmdletBinding()]
  Param ([string]$Mode)
  $Global:MemberofSet = $True
  $Global:ErrorOccured = $True
  if ($Global:MemberofSet) {
      if ($Global:ErrorOccured) {
          Write-Host 'DTV 1'
          Exit 1
      else {
          Write-Host 'DTV 0'
          Exit 0
  else {
      Write-Host 'RVT -1'
      Exit -1
  RVT_2015.ps1
  [CmdletBinding()]
  Param ([string]$Mode)
  $Global:MemberofSet = $True
  $Global:ErrorOccured = $False
  if ($Global:MemberofSet) {
      if ($Global:ErrorOccured) {
          Write-Host 'RVT 1'
          Exit 1
      else {
          Write-Host 'RVT 0'
          Exit 0
  else {
      Write-Host 'RVT -1'
      Exit -1

• ICM Scripting. value on variable Call.RoutingClient

  Scenario:
  - UCCE 8.5 with CVP 8.5 - Type 10 NVRU
  -  Call initiated from a IP Phone dialing a CTI RP.
  -  CUCM is the routing client of the original call.
  -  UCCE script launch.
  -  Eventually the call hits a SendToVRU node.
  - At this time the NVRU label is sent back to CUCM. CUCM then sends the call to the CVP Call Server, and the routing client changes to be the CVP Call Server.
  - Afterward the call re-enters the UCCE script and I would expect variable Call.RoutingClient to contain the name of the CVP Call Server but still holds the name of the CUCM routing client.
  - Curiously the value of Call.RoutingClientId changes to the dbid (RCID) of the corresponding CVP Call Server routing client, which is normal because the RCID is used by the router to send the labels to the right routing client.
  Thus, I am curious why the disconnect between Call.RoutingClient and Call.RoutingClientID on CUCM originated calls after the routing client changes from CUCM to CVP Call Server.
  Which value should I expect on variable Call.RoutingClient? The original routing client, or the current routing client?

  The way I see it, the originating CUCM is a factor to determine which CVP Call Server will handle the call. After that, which VXML GW, VXML Server or media server decisions are made based on the location of the CVP Call Server and no so much the CUCM. To ensure that the closest VXML GW is use you need to use either different Network VRU labels for the CVP Call Server routing clients, or other mechanisms. CUCM will decide only which CVP Call Server the call connects in first place, and after that all decisions are off CUCM realm.
  Below is a more detailed description of what I am trying to accomplish.
  When the originating party dials the CUCM Route Point that triggers and associated ICM script. Eventually the script reaches the SendToVRU node and sends the label defined for the CUCM peripheral on the Network VRU. That  is a first transfer to a CVP Call Server and CUCM will handle it because at this time CUCM is still the routing client.
  When CUCM receives the label a decision is made either by CUCM route patterns with static routes (this is my case), SIP Proxy or H.323 GK, to which CVP Call Server to send the call.  If you have different CUCM clusters you can have different labels and make different decision (the Bangalore cluster send calls to CVP Call Servers in Bangalore, the London cluster uses CVP Call Server in London, and so on). If you have only one cluster serving agents all over the planet I don't think there is much room to fine control the CVP Call Server decision based on the actual location of the agent's phone that is what really matters.
  Anyway. when the call is connected to the CVP Call Server the routing client functions are passed to the CVP Call Server and CUCM is at that time totally out of the picture as far as routing decisions go.  
  The call re-enters the ICM Script now with a CVP Call Server being the routing client, and the CVP Call Server Routing Client Network VRU label is sent this time to the CVP Call Server looking for a VXML GW. That is a second transfers that is performed behind the scenes and is not expliticly seen on the ICM script.
  All the above works just fine.
  The challenge I am having is that I am using CVP Combos (VXML and CVP Call Server together) and I want to use the VXML Server that is co-resident with the CVP Call Server handling the call.  Obviously I don't have a SIP proxy or a CSS on the solution.
  To achieve that I have created ip host entries on the VXML GW to match the CVP Call Server routing client. For example if my CVP Call Server routing client name is CVP01 I have the following entries on the VXML GW
  ip host CPV01 10.0.0.1
  ip host CVP01-backup 10.0.0.2
  and on my ICM script I  want to use variable {Call.RoutingClient} to create the VXML Server url that goes in the microapp.media_server variable.
  That achieves two purposes,  first that I always use the co-resident VXML server to service the call, and second provides a basic redundancy through the CVP IVR -backup mechanism.
  It works just fine on the inbound calls because the value on Call.RoutingClient is correct, referring to the name of the routing client for the CVP Call Server handling the call.
  The problem is that for the CUCM originated calls, even if the routing client changed to be one of the CVP Call Servers, the value on the variable Call.RoutingClient still refers to the CUCM routing client name.
  Again, variable Call.RoutingClientID value is always correct. The issue is with the value on the Call.RoutingClient.
  I would assume that both should be consistent, and they are not at this time. There are workarounds but there are not as clean as I would like.
  The cleanest workaround I have come up with is to define ip host entries on the VXML GW to  match the CUCM routing client name, but I think that is confussing for  anyone reading the GW configuration that will wonder why the reference  to CUCM.
  So far at this time on the ICM script I have a bunch of IF Nodes to check the Call.RoutingClientID and then create the right VXML Server URI based on the the related name, but all is just to account for the fact that calls originated by CUCM have the wrong value on the Call.RoutingClient variable. All this I believe can be avoided if the values on the variables were consistent.
  I would like to hear some opinions from Cisco developers on this matter.