Change User's AD Location - Orchestration

Rudi2 · ‎09-18-2017

Hi Guys

There's a lot of questions about this and not a good enough example.

All I want to do is to use the AD activities on the workflow to change a user to a different OU in AD.

Will Update ADObject activity work for this and what AD Field do I need to change or do I need to add a move-ADObject activity?

Regards

Rudi2 · ‎09-21-2017

Okay, we got it sorted and I hope it helps for everyone else who's also not so much familiar with Powershell!!

With the move function we use the following command:

Move-ADObject -Identity $userdn -TargetPath $path

$userdn // We are pulling the user's dn from ldap as well, no need for the objectGUID

$path // The dn of the OU you want to move the user to.

The worst part for this to work at customer sites is just getting access, so make sure the Mid server's got a jacked up credential, we also ticked the "use MID Service Account"

Regards

View solution in original post

Ankur Bawiskar · ‎09-18-2017

Hi Rudi,

You can try the Update AD activity. But sometimes it won't allow you directly so you will have to use powershell command to do this.

Steps:

1) query AD with that user and update the ou attribute

2) using query AD get the user's GUID attribute the name of attribute is 'objectGUID' in AD

3) Move user to new OU using powershell command - this will actually move the user under that ou; if this is not done it won't be showing correctly under the new ou

userGUID is objectGUID fetched in step 2

Move-ADObject "${userGUID}" -TargetPath "${completeNewOUPath}"

Mark Correct if this solves your issue and also hit Like and Helpful if you find my response worthy based on the impact.

Thanks

Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Rudi2 · ‎09-19-2017

Hi Ankur

Query AD for objectGUID returns this \"objectguid\":\"System.Byte[]\". Need to get the value out of that.

Regards

Ankur Bawiskar · ‎09-19-2017

Hi Rudi,

Ok so you can use powershell command to get the property and then parse the output to get the object GUID

powershell command for that is as below

Get-ADUser "${activityInput.samaccountname}" -Properties objectGUID

Part highlighted in bold is the samaccountname of the user whose objectGUID you want to fetch

Mark Correct if this solves your issue and also hit Like and Helpful if you find my response worthy based on the impact.

Thanks

Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Rudi2 · ‎09-20-2017

Hi Ankur

Okay, I have added this activity, but I am getting authentication errors. with the OOTB activities I can query, ad users, delete users with no problems. so it cannot be access rights. Any reason why this would not work?

or if I could do this instead it might work, but they don't say where to do this exactly:

Re: objectGUID returns 'System.Byte[]' when using Query AD activity

Regards