IntegrationHub Microsoft AD spoke "ActionAddUserToADGroup.ps1" will fail with error "Authentication failure with the user Failed while executing ActionAddUserToADGroup.ps1DescriptionWhen you use IntegrationHub AD spoke "ActionAddUserToADgroup" Authentication will fail with the error: Authentication failure with the user <username>Failed while executing ActionAddUserToADGroup.ps1 (Access denied)Release or EnvironmentMadridCauseWhen the request is sent from Flow Designer the PowerShell command executing includes $isDiscovery as true which is causing the issue, this causes the credential to be authenticated against WMI (which fails). Command executed from flow designer looks like below: Executing command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -executionpolicy unrestricted -noninteractive -nologo -noprofile -command "& {& 'scripts\PowerShell\PSScript.ps1' -computer '10.10.10.10' -script 'C:\RP-EW2A-MID01\agent\scripts\PowerShell\ADSpoke\ActionAddUserToADGroup.ps1' -useCred $true -ismid $false -isDiscovery $true -debug $true -logInfo $false -skipTest $false; exit $LASTEXITCODE}" But if you send the same request using Orchestration workflow $isDiscovery is set as false and authentication is successful because this skips the authentication against WMI so the rest of the script can continue to execute. Command executed from workflow looks like below: Executing command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -executionpolicy unrestricted -noninteractive -nologo -noprofile -command "& {& 'scripts\PowerShell\PSScript.ps1' -computer '10.10.10.10' -script 'C:\RP-EW2A-MID01\agent\scripts\PowerShell\AD\AddUserToADGroup.ps1' 'use_mid_service_account' $false -useCred $true -ismid $false -isDiscovery $false -debug $true -logInfo $false -skipTest $false; exit $LASTEXITCODE}"ResolutionTurn on the MID server debugging (Go to MID server config Parameters and add mid.log.level and value should be debug)Reproduce the issue from Flow Designer and you should able to see below logs in MID logs. 05/21/19 14:22:02 (051) Worker-Expedited:IPaaSActionProbe-1aab2321db617b00ce01f9c41d961971 DEBUG: Executing command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -executionpolicy unrestricted -noninteractive -nologo -noprofile -command "& {& 'scripts\PowerShell\PSScript.ps1' -computer '10.0.10.10' -script 'C:\RP-EW2A-MID01\agent\scripts\PowerShell\ADSpoke\ActionAddUserToADGroup.ps1' -useCred $true -ismid $false -isDiscovery $true -debug $true -logInfo $false -skipTest $false; exit $LASTEXITCODE}" 05/21/19 14:22:02 (051) Worker-Expedited:IPaaSActionProbe-1aab2321db617b00ce01f9c41d961971 DEBUG: With credential: <userName> 05/21/19 14:22:02 (074) Worker-Expedited:IPaaSActionProbe-1aab2321db617b00ce01f9c41d961971 DEBUG: Thread name is Powershell is executing... 05/21/19 14:22:03 (334) Worker-Expedited:IPaaSActionProbe-1aab2321db617b00ce01f9c41d961971 DEBUG: The exit value from waitFor() is 1 05/21/19 14:22:04 (975) ECCQueueMonitor.5 DEBUG: Event: CheckSenderReadyEvent 05/21/19 14:22:04 (975) ECCQueueMonitor.5 DEBUG: Monitor query: state=ready^queue=output^agent=mid.server.MIDSERVER_DEV^sys_created_on>=2019-04-20 12:02:33^ORDERBYpriority^ORDERBYsys_created_on 05/21/19 14:22:05 (357) ECCQueueMonitor.5 DEBUG: Event: RGRPerfMetricEvent 05/21/19 14:22:05 (357) ECCQueueMonitor.5 DEBUG: Number of messages added to threadpool queue in current polling cycle: 0 05/21/19 14:22:05 (357) ECCQueueMonitor.5 DEBUG: Changing polling frequency of ECCQueueMonitor to 40 seconds 05/21/19 14:22:05 (465) ECCQueueMonitor.40 DEBUG: Event: CheckSenderReadyEvent 05/21/19 14:22:05 (466) ECCQueueMonitor.40 DEBUG: Monitor query: state=ready^queue=output^agent=mid.server.MIDSERVER_DEV^sys_created_on>=2019-04-20 12:02:33^ORDERBYpriority^ORDERBYsys_created_on 05/21/19 14:22:05 (507) Worker-Expedited:IPaaSActionProbe-1aab2321db617b00ce01f9c41d961971 DEBUG: Execution status: failed 05/21/19 14:22:05 (508) Worker-Expedited:IPaaSActionProbe-1aab2321db617b00ce01f9c41d961971 SEVERE *** ERROR *** Authentication failure with the user <UserName> 05/21/19 14:22:05 (508) Worker-Expedited:IPaaSActionProbe-1aab2321db617b00ce01f9c41d961971 SEVERE *** ERROR *** Failed while executing ActionAddUserToADGroup.ps1 (Access denied) 05/21/19 14:22:05 (510) ECCQueueMonitor.40 DEBUG: Event: RGRPerfMetricEvent 05/21/19 14:22:05 (510) ECCQueueMonitor.40 DEBUG: Number of messages added to threadpool queue in current polling cycle: 0 05/21/19 14:22:05 (512) Worker-Expedited:IPaaSActionProbe-1aab2321db617b00ce01f9c41d961971 SEVERE *** ERROR *** Authentication failure with the user <UserName> 05/21/19 14:22:05 (519) Worker-Expedited:IPaaSActionProbe-1aab2321db617b00ce01f9c41d961971 2019-05-21 14:22:02 Tried Credential: name=Reference AD Service Account, affinity: yes, status=failed, sysid=430eb90bdbf8bf00ce01f9c41d961975, username=Corp.Reference.Build\svcMidserverUser2, type=Windows, order=100 Once you see the above logs and the error it is mostly due to one of the Action is missing in flow designer.At this point go to Execution Action of Add user to groupIn execution action add the variable credType and pass the value AD which should resolve the issue, please take a look at the screenshot below Additional InformationSame AdduserToADGroup works fine from workflow without any issue.