LDAP Group Import Based on memberof existing Users

patbishop · ‎09-10-2018

I'm sure this is easier than I'm imagining, but I have an LDAP filter configured to pull all users into ServiceNow that meets the filtered criteria. I am now tasked with importing only the Groups 'memberof' that these users are associated with, and then assigning the users to those groups once created in ServiceNow.

Typically, you'd import the groups, then assign the members, but in this case, I need to start with the users already in SN, query to see the groups they're apart of, import those groups if not already in SN, and then assign the users to those groups.

I'm not exactly sure how I could get started on this. Any suggestions?

prashantdharne · ‎09-12-2018

Basically, I need to look at the memberof field, then on an onAfter script, or something, run a gliderecord query to see if the name of the group is already in SN (as some are already in there), if so, then I'd have to run another job to import users

--> Yup. You answered your own question.

So John is member of Group A and Group A is not present in Snow. When the job runs ypu will check if Group A is present. If not then create it. Or just update the membership.

patbishop · ‎09-12-2018

I think I have the logic... just not sure I know the steps to implement. I see that there's onBefore and onAfter transform scripts. Is that where I need to do the next steps?

Assuming I'd create a new scheduled job, and pass in the group name variable into the query for it to process.

prashantdharne · ‎09-12-2018

Yup.

So you define OU

You create a Data Source (And schedule it)

You create a Transform Map related to it

On the transform map you will write a OnBefore Script in which you will write a logic that If group exists go ahead, or Ignore

This is if you are bringing Group and Users together.

In our case we have different queries for Users and Groups and we pull all groups.

patbishop · ‎09-12-2018

I'm not sure if this will happen in my case or not, but if creating a group and assigning users, will it only assign users that are currently in SN, or will it try and create the user in SN as well? The reason I ask is some users in these groups may not be users that need to be in SN.

This whole process is backwards, I know, but it's what I've been tasked with accomplishing.

The client already has the users they want in the system... they now want to import the groups associated with those users, and assign only those users to the groups.

Pranith Reddy · ‎01-28-2020

Hi patbishop,

can i know the logic you you used, is it worked?

i want to filter using memberof field i dont know i am missing logic here!

thx!