- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-14-2018 10:01 AM
Our ServiceNow Instance syncs to Active Directory. This sync creates new users, updates users details, adds users to assignment groups and deactivates users. It works in the most part for updates and changes, expect where a nil value occurs.
For eg: If i change my manager from "Manager A" to "Manager B", this is picked up in the sync and the user record updates correctly in ServiceNow. However, if my manager is changed from "Manager A" to "Blank" this change does not get reflected in the import. The user record in SNOW will remain with "Manager A" whilst in Active Directory this is blank.
Also, we control our assignment groups in AD. If the assignment group had 4 members A, B, C and D and I remove D from AD then this would be removed from SNOW. If I remove A, B, C and D and left the assignment group in AD empty then nothing is removed from assignment group.
We have checked all the scripts and do not know how to resolve this issue.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-21-2018 07:20 AM
Yes, it will. You may refer link for additional information.
Thanks,
Jaspal Singh
Hit Helpful or Correct on the impact of response.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-14-2018 10:18 AM
What does your script look like?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-15-2018 03:41 AM
Transform script for LDAP User Transform:
onStart:
gs.include("LDAPUtils");
var ldapUtils = new LDAPUtils();
ldapUtils.setLog(log);
onComplete:
ldapUtils.processManagers();
onBefore:
var ctrl = parseInt(source.u_useraccountcontrol, 10);
ctrl = ctrl.toString(16);
gs.log("Check Hex test value " + ctrl.substr(-1));
//The relevant digit is the final one
//A final hex digit value of '2' in 'ctrl' means disabled
if (ctrl.substr(-1) == "2") {
target.active = false;
target.locked_out = true;
if (action == 'insert')
ignore = true;
} else {
//Optional: Reactivate and unlock the user account
target.active = true;
target.locked_out = ctrl.substr(-2, 1) == "1";
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-17-2018 09:21 AM
So looking at the LDAPUtils script include, it doesn't appear to have anything regarding a blank manager - so it won't wipe out a manager if it comes from AD blank. You might have to add something to the processing scripts to accomplish wiping out a value or setting to blank.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-17-2018 09:28 AM
Thanks for the reply. Could you let me know what needs to be added here?
