How we can get only Global Security type groups from on Prem AD to ServiceNow

Pranay Verma
Tera Contributor

‎06-27-2023 09:24 PM

We have a requirement in which we need to get global security type groups from on Prem AD to ServiceNow using LDAP.

 

 Please help me out.

0 Helpfuls
  • 450 Views
1 REPLY 1

Amit Gujarathi
Giga Sage
Giga Sage

‎06-27-2023 10:07 PM

HI @Pranay Verma ,
I trust you are doing great.

Here's a step-by-step guide on how to achieve this:

  1. Configure LDAP Integration:

    • In the ServiceNow instance, navigate to "LDAP Integration" under "System LDAP."
    • Create a new LDAP server configuration by providing the necessary details, such as server address, port, authentication credentials, and base DN.
    • Ensure that the LDAP server configuration is tested and successfully connected to the on-premises AD.

  2. Define LDAP Mapping:

    • In the ServiceNow instance, navigate to "LDAP Server" under "System LDAP."
    • Map the LDAP attributes of the global security groups to ServiceNow's corresponding attributes.
    • Configure the LDAP query filter to retrieve only the global security type groups from the AD.
    • Validate the LDAP mapping and ensure that the necessary attributes are correctly mapped.

  3. Create a Scheduled Job:

    • In the ServiceNow instance, navigate to "Scheduled Jobs" under "System Scheduler."
    • Create a new scheduled job that runs at a specified interval.
    • Define a script that performs the LDAP query to fetch the global security groups based on the configured LDAP mapping.
    • Extract the required attributes from the LDAP query results.
    • Use the ServiceNow GlideRecord API to insert/update the retrieved group information into ServiceNow's IT Asset Management table.

Here's an example script that demonstrates the LDAP query and importing of groups:

// Define LDAP server configuration
var ldapConfig = gs.getProperty('your.ldap.server.config');

// Get LDAP server connection
var ldap = new GlideLDAP(ldapConfig);

// Define LDAP query filter for global security groups
var filter = "(&(objectClass=group)(groupType:1.2.840.113556.1.4.803:=2147483648))";

// Execute LDAP query
var results = ldap.search("ou=Groups,dc=yourdomain,dc=com", filter);

// Import groups into ServiceNow
while (results.next()) {
    var groupName = results.getValue("cn");
    var description = results.getValue("description");
  
    // Create or update the group in ServiceNow's IT Asset Management table
    var groupRecord = new GlideRecord("your_asset_management_table");
    groupRecord.addQuery("name", groupName);
    groupRecord.query();

    if (groupRecord.next()) {
        // Group already exists, update attributes
        groupRecord.setValue("description", description);
        groupRecord.update();
    } else {
        // Group doesn't exist, create a new record
        groupRecord.initialize();
        groupRecord.setValue("name", groupName);
        groupRecord.setValue("description", description);
        groupRecord.insert();
    }
}

gs.log("Global security groups imported successfully from LDAP to ServiceNow.");

Was this answer helpful?


Please consider marking it correct or helpful.


Your feedback helps us improve!


Thank you!


Regards,


Amit Gujrathi



0 Helpfuls