This is a very similar question to one I saw posted a few days ago, that post has been marked as answered, but the answer hasn't helped me so I am posting this in a new thread.
At one step in my workflow I am adding a computer into an AD group, I am using the out of the box activity provided to do this function and I am just supplying the computer and group names as parameters to the script.
I have my Snow Automation Platform Workflow Engine service configured to run as a service account that has the correct permissions to perform the required AD functions.
The out of the box activity is configured to run as the workflow service account.
When the script runs it fails reporting the error Access Denied.
If I login to the AP server, using the service account, then I start up PowerShell ISE and paste in the script with the same parameters we use in the workflow, the script completed successfully and correctly adds the computer to the group.
I also tried adding a new service account to AP using the Service Accounts page, first of all it is not clear in which format I need to supply an active directory account on this page, e.g. domain\user, user@domain, user etc. and there doesn't appear to be any validation that confirms the service account will actually work.
Anyway I tried all 3 methods and amended the activity to use a specified service account, and in each case I saw the same behaviour that was reported in a previous post, the PowerShell step in my workflow just sits there saying started, it never completes.
Does anyone have some more troubleshooting steps I can try to resolve this issue?