Change User's AD Location - Orchestration

Rudi2 · ‎09-18-2017

Hi Guys

There's a lot of questions about this and not a good enough example.

All I want to do is to use the AD activities on the workflow to change a user to a different OU in AD.

Will Update ADObject activity work for this and what AD Field do I need to change or do I need to add a move-ADObject activity?

Regards

Rudi2 · ‎09-21-2017

Okay, we got it sorted and I hope it helps for everyone else who's also not so much familiar with Powershell!!

With the move function we use the following command:

Move-ADObject -Identity $userdn -TargetPath $path

$userdn // We are pulling the user's dn from ldap as well, no need for the objectGUID

$path // The dn of the OU you want to move the user to.

The worst part for this to work at customer sites is just getting access, so make sure the Mid server's got a jacked up credential, we also ticked the "use MID Service Account"

Regards

View solution in original post

Ankur Bawiskar · ‎09-20-2017

Hi Rudi,

Can you wrap the values with "" i.e. "$user" and "$properties" and check it once

Regards

Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Rudi2 · ‎09-20-2017

Hi Ankur

That would possibly set the value as $user and not the guid. We are passing the DN as well and it worked instead of the objectGUID.

We have created a move-ADuser, but this only works when I test it with "test input" and not from the workflow itself.

Still trying to figure out what is going on.

Rudi2 · ‎09-21-2017

Okay, we got it sorted and I hope it helps for everyone else who's also not so much familiar with Powershell!!

With the move function we use the following command:

Move-ADObject -Identity $userdn -TargetPath $path

$userdn // We are pulling the user's dn from ldap as well, no need for the objectGUID

$path // The dn of the OU you want to move the user to.

The worst part for this to work at customer sites is just getting access, so make sure the Mid server's got a jacked up credential, we also ticked the "use MID Service Account"

Regards

suzipearson · ‎10-09-2017

Hi Rudi

I have exactly the same problem.

We are trying to set up a workflow for a new user from the Service Catalogue.

I have managed to get mailbox and ad user set up , i am now focusing on final details of moving to correct ou , updating adress etc.

i query ad and i can see it returns the userdn but then it doesnt seem to populate the powershell variables with the userdn , any ideas

If i run it manually with test inputs it works. Where do you reference your userdn? - the output of a step in the previous activity or scratchpad - i feel i am missing capturing the userdn properly.

Everylittle step i try and do seems to be painful !

many thanks

Suzi

Rudi2 · ‎10-09-2017

Hi Suzi

We have added the AD attribute called distinguishedName to a new field mapping in ServiceNow's user table and called that value to a scratchpad variable.

or what you can do is to use the query ADUser againts the distinguishedName attribute. after that do a run script and set the output to a variable like:

you can get the output from the data tab, the output is in JSON format.

from here you can strip it like this:

var str = data.get(3).output; //the number 3 will vary, depends on your workflow.

var pos1 = str.indexOf('distinguishedName');

if (pos1 >= 0){

var str2 = str.substring(pos1 + 20, 10000); //20 will be more or less the right amount, the name plus 3

var pos2 = str2.indexOf('"');

var name1 = str2.substring(0, pos2);

workflow.scratchpad.name1 = name1.toString();

There might be an easier way that we don't know about, but this is working for us.

Regards