LDAP Group Import Based on memberof existing Users
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2018 12:16 PM
I'm sure this is easier than I'm imagining, but I have an LDAP filter configured to pull all users into ServiceNow that meets the filtered criteria. I am now tasked with importing only the Groups 'memberof' that these users are associated with, and then assigning the users to those groups once created in ServiceNow.
Typically, you'd import the groups, then assign the members, but in this case, I need to start with the users already in SN, query to see the groups they're apart of, import those groups if not already in SN, and then assign the users to those groups.
I'm not exactly sure how I could get started on this. Any suggestions?
- Labels:
-
Integrations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2018 07:17 PM
I don't think there is way to do it. You have to import all group than it will auto populate members.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2018 05:04 AM
When capturing a User, could I grab the memberof field, and perform an onAfter rule to launch another query, first to see if group is in SN, and if NOT, then to ingest the new group and it's users?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2018 05:41 AM
But that would not work even when user is present in a group. When the first time load runs for a group. the group will not be present in Snow right? In this case group will not be created.
Do you have a lot of empty groups in AD?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2018 05:48 AM
Basically, I need to look at the memberof field, then on an onAfter script, or something, run a gliderecord query to see if the name of the group is already in SN (as some are already in there), if so, then I'd have to run another job to import users.... If not, then I'd need to create the group first, THEN import the users.
Heres an example setup: AD contains data for an entire company, but my client is only a small part of that company, so instead of importing all groups (ex: 1000), they only want to import the groups that their users are a part o (ex:250). Currently, there's not a flag in AD that signifies this. and I cannot user an OU as a filter because some people span over multiple OU's which is why I have to stay on the main section and filter down from there.
