Power Platform Community Forum Thread Details

Active Directory - Modify user action - BUG

I found a bug using the Power Automate Desktop action "Active Directory - Modify user", and I could not find the right place to submit a bug report, so the following is the bug report for someone to submit it to the product team.

Bug Description:

When using the action "Active Directory - Modify user", if the distinguished name has a comma "," the action will not find the user and throws the error:

Microsoft.PowerPlatform.PowerAutomate.Desktop.Actions.SDK.ActionException: Directory entry not found. Please check that the entry exists on the Active Directory server or that the given DN is correct.
at Microsoft.Flow.RPA.Desktop.Modules.ActiveDirectory.Actions.ActiveDirectoryBase.HandleException(Exception ex)
at Microsoft.Flow.RPA.Desktop.Modules.ActiveDirectory.Actions.ModifyUserAction.Execute(ActionContext context)
at Microsoft.Flow.RPA.Desktop.Robin.Engine.Execution.ActionRunner.Run(IActionStatement statement, Dictionary`2 inputArguments, Dictionary`2 outputArguments)

To reproduce:

1. Set the action Distinguished Name to a valid value for a user that has a comma in its full name, for example: "CN=Doe\, John,OU=Users,DC=contoso,DC=com"

2. Execute the action

Bug Analysis:

I disassembled "Microsoft.Flow.RPA.Desktop.Modules.ActiveDirectory.Actions.dll" using ILSpy, and I found the following:

private static string EscapeLdapPathSpecialCharacters(string inputDistinguishedName)
{
  if (!inputDistinguishedName.Any((char c) => IllegalLdapSpecialCharacters.Contains(c)))
{
  return inputDistinguishedName;
}
  return inputDistinguishedName.Replace("\\", "\\5C5C").Replace(")", "\\29").Replace("(", "\\28")
.Replace("*", "\\2A");
}

I tested that code in isolation, and I found that a "\" should be replaced with "\5C", but the above code uses "\5C5C".

Workaround:

There is no workaround for this bug, you can use a PowerShell script using for example the Disable-ADAccount command

Categories:

Licensing

Quick Links