Skip to Content

Hi All,

I want to share a simple example with you to demonstrate how you can utilize SAP IdM to invoke a local PowerShell script.

In my scenario I am using Quest ActiveRoles Server Management Shell for Active Directory but this should work with Windows AD cmdlets as well.

In my Plugins folder I have replaced the standard To LDAP directory pass with a new Shell execute pass.

Screen Shot 2014-04-03 at 22.53.01.png

In the Destination tab you should disable the option “Wait for execution” and insert the following command with your arguments.

cmd /c powershell.exe -Command “c://scripts//ProcessQADUser.ps1” %$rep.QARS_HOST% %$rep.QARS_PASSWORD% %MSKEYVALUE% $FUNCTION.cce_core_descryptPassword(%MX_ENCRYPTED_PASSWORD%)$$ “‘%Z_ADS_PARENT_CONTAINER%'” %MX_FIRSTNAME% “‘%MX_LASTNAME%'”

Screen Shot 2014-04-03 at 22.57.50.png

Please remember to separate attributes using white spaces as PowerShell will remove commas and convert the arguments into an Array.

Hope this helps.



To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

  1. Former Member

    Hi Ridouan,

    Can you send me your “.ps1” file only to see how a powershell script should be created to run in SAP Identity Management?

    Best Regards,



Leave a Reply