I found a bug using the Power Automate Desktop action "Active Directory - Modify user", and I could not find the right place to submit a bug report, so the following is the bug report for someone to submit it to the product team.
When using the action "Active Directory - Modify user", if the distinguished name has a comma "," the action will not find the user and throws the error:
Microsoft.PowerPlatform.PowerAutomate.Desktop.Actions.SDK.ActionException: Directory entry not found. Please check that the entry exists on the Active Directory server or that the given DN is correct.
at Microsoft.Flow.RPA.Desktop.Modules.ActiveDirectory.Actions.ActiveDirectoryBase.HandleException(Exception ex)
at Microsoft.Flow.RPA.Desktop.Modules.ActiveDirectory.Actions.ModifyUserAction.Execute(ActionContext context)
at Microsoft.Flow.RPA.Desktop.Robin.Engine.Execution.ActionRunner.Run(IActionStatement statement, Dictionary`2 inputArguments, Dictionary`2 outputArguments)
To reproduce:
1. Set the action Distinguished Name to a valid value for a user that has a comma in its full name, for example: "CN=Doe\, John,OU=Users,DC=contoso,DC=com"
2. Execute the action
Bug Analysis:
I disassembled "Microsoft.Flow.RPA.Desktop.Modules.ActiveDirectory.Actions.dll" using ILSpy, and I found the following:
private static string EscapeLdapPathSpecialCharacters(string inputDistinguishedName)
{
if (!inputDistinguishedName.Any((char c) => IllegalLdapSpecialCharacters.Contains(c)))
{
return inputDistinguishedName;
}
return inputDistinguishedName.Replace("\\", "\\5C5C").Replace(")", "\\29").Replace("(", "\\28")
.Replace("*", "\\2A");
}
I tested that code in isolation, and I found that a "\" should be replaced with "\5C", but the above code uses "\5C5C".
Workaround:
There is no workaround for this bug, you can use a PowerShell script using for example the Disable-ADAccount command
Share
Report
All responses (
Answers (
52,341
