Run Powershell script - problem out-file

Using Jenkins
1

I’m having trouble running a Jenkins script.
When the following script is run from the location (PS)
C:\jenkins\script.ps1
the final result of the script dumps to a file
C:\jenkins\sendsms_blocker24h.txt
in format

Role;Server;Level;Message;Sender;Description;
SMS;Win1;0;Blocker: testuser;SMS;Information about blocked domain users;

When I add in jenkins to start and run ‘Build now’ a file is created
C:\jenkins\sendsms_blocker24h.txt

But its content is empty.

I am calling jenkins script like this

powershell.exe C:\jenkins\script.ps1

script.ps1

$users = Get-ADUser -Filter * -Properties *
$blocked_users = $users | Where-Object { $_.accountlockouttime -ge (Get-Date).AddMinutes(-1440)} | Select-Object Name, AccountLockoutTime

if ($blocked_users) {
$output = “Role;Server;Level;Message;Sender;Description;” + [Environment]::NewLine + "SMS;Win1;0;Blocker: " + ($blocked_users.Name -join ", ") + “;SMS;Information about blocked domain users;”
} else {
$output = “”
}

$output | Out-File -FilePath “C:\jenkins\sendsms_blocker24h.txt” -Encoding UTF8

Where am I doing wrong that jenkins creates an empty file?

I also checked this script called from jenkins

$computerName = $env:COMPUTERNAME
$filePath = “C:\Jenkins\hostname.txt”

$computerName | Out-File -FilePath $filePath

Write-Host “Computer name ‘$computerName’ saved to file ‘$filePath’.”

C:\Jenkins\hostname.txt

Win1

It is not a matter of entitlement

2

Hi @marbda. Your script has an if/else block in it; if the else block is triggered (i.e., $blocked_users is false-y), then your file will be empty. Perhaps the Jenkins user doesn’t have the proper permissions in order to read the AD users?

3

jenkins agent runs jenkins permission, access c:\jenkins folder for jenkins user write, read, modify

if i run the script below instead of the correct one i get the correct file with the contents of the computer name

$computerName = $env:COMPUTERNAME
$filePath = “C:\Jenkins\hostname.txt”

$computerName | Out-File -FilePath $filePath

Write-Host “Computer name ‘$computerName’ saved to file ‘$filePath’.”

C:\Jenkins\hostname.txt

Win1

4

So that lends credence to my theory above: Jenkins can write to the path C:\Jenkins, but cannot execute Get-ADUser -Filter * -Properties * or is getting an incomplete list of users. Your script then tests if there were any blocked users, and seeing that there were none, wrote an empty string out to the sendsms_blocker24h.txt file. I’d dig deeper into those permissions and see if Jenkins can execute Get-ADUser successfully.

5

If I run this script directly from PS while in C:\jenkins the script runs and writes the locked accounts to files.

6

I have now created a simple script for the tests

I ran in jenkins
powershell.exe c:\jenkins\test.ps1

The contents of test.ps1

$users = Get-ADUser -Filter * -Properties * | Select-Object Name, SamAccountName
$users | Export-Csv -Path “C:\jenkins\users.csv” -NoTypeInformation

I started with jenkins
created a users.csv

“Name”,“SamAccountName”
“test”,“test”

all users are inside so it’s not a permission issue.

7

You are running that script as the same user that the agent process is running as?

8

This is the same jenkins job
I only modified:
powershell.exe C:\jenkins\script.ps1
on
powershell.exe C:\jenkins\test.ps1

The rest is unchanged

9

I would recommend adding logging into your script. Dump objects at various stages and verify things are working as expected. Another thing to look at is the environment variables that may be present when you run the script vs. when Jenkins runs the script.

10

jenkins start

powershell start.ps1


$ErrorActionPreference = “Stop”
$LogPath = “C:\jenkins\log.txt”
Start-Transcript -Path $LogPath -Force

$users = Get-ADUser -Filter * -Properties *
Write-Debug “Retrieved $($users.Count) user objects from Active Directory”

$blocked_users = $users | Where-Object { $_.accountlockouttime -ge (Get-Date).AddMinutes(-1440)} | Select-Object Name, AccountLockoutTime
Write-Debug “Found $($blocked_users.Count) blocked user accounts”

if ($blocked_users) {
$output = “Role;Server;Level;Message;Sender;Description;” + [Environment]::NewLine + "Sms;win1;0;Blocker: " + ($blocked_users.Name -join ", ") + “;SMS;Information about blocked domain users;”
Write-Debug “Generated output string: $output”
} else {
$output = “”
}

$output | Out-File -FilePath “C:\jenkins\sendsms.txt” -Encoding UTF8
Write-Debug “Wrote output to file”

Stop-Transcript

log.txt

Windows PowerShell transcript start
Start time: 20230404133323
Username: domain\jenkins
RunAs User: domain\jenkins
Configuration Name:
Machine: win1(Microsoft Windows NT 10.0.17763.0)
Host Application: powershell.exe C:\jenkins\start.ps1
Process ID: 16308
PSVersion: 5.1.17763.3770
PSEdition: Desktop
PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17763.3770
BuildVersion: 10.0.17763.3770
CLRVersion: 4.0.30319.42000
WSManStackVersion: 3.0
PSRemotingProtocolVersion: 2.3
SerializationVersion: 1.1.0.1

Transcript started, output file is C:\jenkins\log.txt

Windows PowerShell transcript end
End time: 20230404133326