Assign user to Servicenow Group based on Windows AD Group
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-27-2012 06:52 PM
I'm looking to assign users to a group in servicenow based on what group they are in AD. The reason for this is the AD group names aren't what we want for servicenow. We have about half a dozen groups so a script that looked for certain AD group names and assigned to servicenow groups based on that would work.
So for instance if the AD group called "OPS-IT-GROUP-IT-HELPDESK" all users in that group would on import be put into the servicenow group called "Help Desk", and removed from the group if they were removed in AD if possible. Or simply someway to rename the AD group on import to something nicer, it doesn't matter if this breaks the "Refresh from LDAP" button for the group as long the scheduled import worked.
I'm sorry if this has been covered before, I have tried looking for days to find a solution for this, and I don't have the scripting skills to figure out how to do this myself.
Thanks
Dave
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-27-2012 07:35 PM
You don't have to make the group name in Service-Now the same as the LDAP group name, although it is a bit cleaner.
One option would be to but the desired name of the group in "Notes" field or another field of your choice in the AD group and them just map that field to your name field on the target Service Now record during the Import.
The OOB demo scripts for LDAP Data Sources and Transform Maps for LDAP have what need.
If you look at any of the Demo sites (I checked demo10) there is a Transform Map in the LDAP section called "LDAP Group Import", if you check the field maps there, you'll notice one of them has the following info.
Source Field: u_samaccountname Target Field: name
If you change the source to whatever field you picked from your AD group object, that should do the trick.
Example: Source Field: u_notes (References the "notes" field from AD) Target Field: name
Hope that helps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-27-2012 09:57 PM
Thanks Mamann.
I thought about using the description field and mapping it, but it's so easily changed in AD. The notes field is being used for something else in our environment.
If all else fails I will probably use another field in AD and transform map it to name in servicenow, but if there is another way to do it I would prefer that.
A script so I could hard code AD name to servicenow group name would be the best way at this point I think. I'm also open to any other suggestions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-01-2012 05:36 PM
The solution I ended up with in the end was to set an extension attribute with the name we wanted, and transform map that to name in service now.
It works well as we can set it to import only the groups with something in that extension attribute, meaning if we want a new or existing AD group to be automatically sucked into service now we just add the name to that extension attribute and it's all taken care of next import.
Thanks for the help.
