Cannot convert the value of type "System.String" to type "UniversalAutomation.Identity"

yann-f · July 24, 2020, 10:31pm

Hi,

The Reset Password.ps1 is interesting for a lot of reasons.
Unfortunatly, i can’t pass @Parameters to launch the job properly.

New-UDForm -Content {
                        New-UDTextbox -Placeholder 'Identitiant' -Id 'txtIdentity'
                        New-UDTextbox -Placeholder 'Mot de passe' -Id 'txtPassword' -Type password
                    } -OnSubmit {
                        $Input = ConvertFrom-Json $Body
                        $Parameters = @{
                            Identity = $Input.txtIdentity 
                            Password = $Input.txtPassword
                        }

Invoke-UAScript -Script (Get-UAScript -Name 'Reset Password.ps1' @Parameters -AppToken $Token) -AppToken $Token | Tee-Object -Variable job | Wait-UAJob

For a user “yann” here is the logs :

[07-25-20 12:08:45 AM] PS: One or more errors occurred.
[07-25-20 12:09:00 AM] PS: Cannot bind parameter ‘Identity’. Cannot convert the “yann” value of type “System.String” to type “UniversalAutomation.Identity”.
[07-25-20 12:09:00 AM] PS: Cannot bind argument to parameter ‘Id’ because it is null.
[07-25-20 12:09:00 AM] PS: Cannot bind argument to parameter ‘JobId’ because it is null.

Before asking, i’ve tried to do it manually and get same errors.

I succeed in reproducing the error this way :

[UniversalAutomation.Identity]$Test = "test"

Cannot convert the "test" value of type "System.String" to type "UniversalAutomation.Identity".
At line:1 char:1
+ [UniversalAutomation.Identity]$Test = "test"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : MetadataError: (:) [], ArgumentTransformationMetadataException
    + FullyQualifiedErrorId : RuntimeException

It seems that i’m stuck with a $Identity variable that must be provided under [UniversalAutomation.Identity] type instead of [String].

Thanks for your help

insomniacc · July 25, 2020, 7:20am

Hey again yann,
I’m not a user of universal automation but i’ll try help out where I can.
It looks to me like you’re trying to pass a string “test” into a universalautomation.identity type which is required instead.
This may not be the best page, but i couldnt find any info on the identity class within the universal docs:
https://ironmansoftware.com/role-based-access-controls-in-universal-automation/

Looks like there is both commands to create this type of object:
$Identity = Get-UAIdentity -Name $UserName
$Identity = New-UAIdentity -Name Jeff -Role $Role

Hopefully this will point you in the right direction.

Thanks,
Tom

yann-f · July 25, 2020, 5:59pm

Very interesting !
In my case, the submitted New-UDTextBox is to Get-ADUser in ActiveDirectory and Set-ADUser to modify user’s password.
I set up a service account and use his token when i invoke or get the script Reset Password.ps1 with : -AppToken $Token

I tried to launch directly the script via Admin web interface and RunAs the service account : Success !

Do i need and how can i Run script As the service account if the Token isn’t enough ?

yann-f · August 3, 2020, 9:57pm

If it helps, here is a part of the dashboard :

New-UDTab -Text 'Réinitialisation de mot de passe' -Content {
            New-UDCard -Title 'Réinitialisation de mot de passe' -Content {
                New-UDForm -Content {
                    New-UDTextbox -Placeholder 'Identitiant' -Id 'txtIdentity'
                    New-UDTextbox -Placeholder 'Mot de passe' -Id 'txtPassword' -Type password
                    New-UDCheckbox -Label 'Réactiver le compte' -Id 'chkUnlock'
                    New-UDCheckbox -Label 'Changer le mot de passe à la prochaine connexion' -Id 'chkChangePassword' 
                } -OnSubmit {
                    $Input = ConvertFrom-Json $Body
                    $Parameters = @{
                        Identity = $Input.txtIdentity 
                        Password = $Input.txtPassword
                    }
                    if ($Input.chkChangePassword -eq 'true')
                    {
                        $Parameters['ChangePasswordOnLogon'] = $true 
                    }
                    if ($Input.chkUnlock -eq 'true')
                    {
                        $Parameters['Unlock'] = $true 
                    }
                    Invoke-UAScript -Script (Get-UAScript -Name 'Reset Password.ps1' @Parameters -AppToken $Token) -AppToken $Token | Tee-Object -Variable job | Wait-UAJob
                    $Job = Get-UAJob -Id $Job.Id 
                    if ($Job.Status -eq 'Completed')
                    {
                        Show-UDToast -Message "Mot de passe réinitialisé pour l'utilisateur $($Input.txtIdentity)" -Duration 5000
                    }
                    else 
                    {
                        $Output = Get-UAJobOutput -JobId $Job.Id | Select-Object -Expand Message
                        Show-UDToast -Message "La réinitialisation de mot de passe à échouée. $Output" -BackgroundColor red -MessageColor white -Duration 5000
                    }
                }
            }
        }

And here is the invoked script :

param(
    [String]$Identity,
    [String]$Password,
    [Switch]$Unlock,
    [Switch]$ChangePasswordOnLogon
)

$Credential = Get-Secret -Name 'ADcreds'
$SecurePassword = ConvertTo-SecureString $Password -AsPlainText -Force
Set-ADAccountPassword -Identity $Identity -NewPassword $SecurePassword -Reset -Credential $Credential
if ($Unlock)
{
    Unlock-ADAccount -Identity $Identity -Credential $Credential
}
if ($ChangePasswordOnLogon)
{
    Set-ADUser -Identity $Identity -ChangePasswordAtLogon $true -Credential $Credential
}

And the error log from the admin interface :

[08-03-20 11:42:46 PM] PS: One or more errors occurred. 
[08-03-20 11:42:54 PM] PS: Cannot bind parameter 'Identity'. Cannot convert the "yann" value of type "System.String" to type "UniversalAutomation.Identity". 
[08-03-20 11:42:54 PM] PS: Cannot bind argument to parameter 'Id' because it is null. 
[08-03-20 11:42:54 PM] PS: Cannot bind argument to parameter 'JobId' because it is null. 
[08-03-20 11:43:01 PM] PS: Call failed with status code 401 (Unauthorized): GET http://localhost:5000/api/v1/Script/User%20Report.ps1

I’m stuck

yann-f · August 4, 2020, 2:55pm

One workaround that i found is to use a function :

Function ResetPassword {
    param(
        [String]$Identity,
        [String]$Password,
        [Bool]$Unlock,
        [Bool]$ChangePasswordOnLogon
    )

    $SecurePassword = ConvertTo-SecureString $Password -AsPlainText -Force
    Set-ADAccountPassword -Identity $Identity -NewPassword $SecurePassword -Reset -Credential $Credential -ErrorAction SilentlyContinue -ErrorVariable err
    if ($Unlock)
    {
        Unlock-ADAccount -Identity $Identity -Credential $Credential -ErrorAction SilentlyContinue -ErrorVariable +err
    }
    if ($ChangePasswordOnLogon)
    {
        Set-ADUser -Identity $Identity -ChangePasswordAtLogon $true -Credential $Credential -ErrorAction SilentlyContinue -ErrorVariable +err
    }
    If($err.Count -eq 0){Return $false}
    Else{Return $true}
} 
...\...
New-UDCard -Title 'Réinitialisation de mot de passe' -Content {
                New-UDForm -Content {
                    New-UDTextbox -Placeholder 'Identitiant' -Id 'txtIdentity'
                    New-UDTextbox -Placeholder 'Mot de passe' -Id 'txtPassword' -Type password
                    New-UDCheckbox -Label 'Réactiver le compte' -Id 'chkUnlock'
                    New-UDCheckbox -Label 'Changer le mot de passe à la prochaine connexion' -Id 'chkChangePassword' 
                } -OnSubmit {
                    $Input = ConvertFrom-Json $Body
                    $Parameters = @{
                        Identity = $Input.txtIdentity 
                        Password = $Input.txtPassword
						ChangePasswordOnLogon = $false
						Unlock = $false
                    }
                    if ($Input.chkChangePassword -eq 'true')
                    {
                        $Parameters['ChangePasswordOnLogon'] = $true 
                    }
                    if ($Input.chkUnlock -eq 'true')
                    {
                        $Parameters['Unlock'] = $true 
                    }
					$ErrorPassword = ResetPassword -Identity $Input.txtIdentity -Password $Input.txtPassword -ChangePasswordOnLogon $false -Unlock $false
                    #Invoke-UAScript -Script (Get-UAScript -Name 'Reset Password.ps1' @Parameters -AppToken $Token) -AppToken $Token | Tee-Object -Variable job | Wait-UAJob
                    #$Job = Get-UAJob -Id $Job.Id 
                    #if ($Job.Status -eq 'Completed')
                    if(-NOT($ErrorPassword))
					{
                        Show-UDToast -Message "Mot de passe réinitialisé pour l'utilisateur $($Input.txtIdentity)" -Duration 5000
                    }
                    else 
                    {
                        #$Output = Get-UAJobOutput -JobId $Job.Id | Select-Object -Expand Message
                        Show-UDToast -Message "La réinitialisation de mot de passe à échouée pour l'utilisateur $($Input.txtPassword)" -BackgroundColor red -MessageColor white -Duration 5000
                    }
                }
            }

Topic		Replies	Views
New-UDTextbox Icon producing error PowerShell Universal	2	393	June 30, 2021
Authentication.ps1 - convert to type "PowerShellUniversal.AuthenticationMethod" PowerShell Universal	9	1173	September 24, 2021
Passing a UA Job to Get-UAJobOutput inside of an automation script in PS (Core) fails	0	511	February 15, 2021
Setting parameter based on form input PowerShell Universal	9	895	September 13, 2021
Unable to convert secure string back to plain text Universal Dashboard Help	5	1722	June 28, 2019

Cannot convert the value of type "System.String" to type "UniversalAutomation.Identity"

Related topics