- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-04-2019 04:31 AM
Has anyone added computers in AD groups usine OOTB activity packs?
Or customised the packs?
Solved! Go to Solution.
- Labels:
-
Customer Success
-
Orchestration (ITOM)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-27-2020 02:09 AM
I have managed to complete the process of adding computers to security groups using the orchestration process using the baseline orchestration process. I did create a Custom event in order to complete this process.
What is needed
A workflow that will engage the approvals process and probe AD for the users attributes. I am testing that the users idea of a computer that should be added agrees with the computer(s) sitting in the attribute "ManagedObjects"
- I created a “customised event” that will add the computer to the security group and can be added to the workflow described.
- A Powershell script that will can added to the new event “Add computer to AD Group”.
- A Catalog form That will collect sufficient information to allow this request to process
- Several custom Java scripts that run in the workflow events to capture the information needed to feed the Orchestration events.
Starting with the CUSTOM powershell script: Name:
AddComputerToADGroup.ps1add this script to MID >> scripts.
import-module "$executingScriptDirectory\AD\ActiveDirectory"
if (test-path env:\SNC_groupname) {
$groupname = $env:SNC_groupname;
$username = $env:SNC_username;
};
SNCLog-ParameterInfo @("Running AddComputerToADGroup", $groupname, $username)
add-ADGroupMember -Identity $groupname -Server $computer -Members $username -Credential $cred
NB// There is a slightly different command that adds multiple computers and does not require the $ on the end of the computer (user name) but I only needed one computer name to be added at a time.
I added this Powershell to a customised event: *(see images in order)
The confusing part of this is that I am using the computer name variable here but I am actually passing it as a $username inside the new event. I was being lazy at the time that I was writing the event, but it worked and I didn’t want to risk breaking it as it was working! , so the username is in fact a computer name in this powershell and event process. Look, I am not a genuine programmer, But I think I managed to hack this reasonably well, at least well enough to work !
I hope you can improve on this solution, and I hope it helps someone out.
Regards
Terry
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-27-2020 02:09 AM
I have managed to complete the process of adding computers to security groups using the orchestration process using the baseline orchestration process. I did create a Custom event in order to complete this process.
What is needed
A workflow that will engage the approvals process and probe AD for the users attributes. I am testing that the users idea of a computer that should be added agrees with the computer(s) sitting in the attribute "ManagedObjects"
- I created a “customised event” that will add the computer to the security group and can be added to the workflow described.
- A Powershell script that will can added to the new event “Add computer to AD Group”.
- A Catalog form That will collect sufficient information to allow this request to process
- Several custom Java scripts that run in the workflow events to capture the information needed to feed the Orchestration events.
Starting with the CUSTOM powershell script: Name:
AddComputerToADGroup.ps1add this script to MID >> scripts.
import-module "$executingScriptDirectory\AD\ActiveDirectory"
if (test-path env:\SNC_groupname) {
$groupname = $env:SNC_groupname;
$username = $env:SNC_username;
};
SNCLog-ParameterInfo @("Running AddComputerToADGroup", $groupname, $username)
add-ADGroupMember -Identity $groupname -Server $computer -Members $username -Credential $cred
NB// There is a slightly different command that adds multiple computers and does not require the $ on the end of the computer (user name) but I only needed one computer name to be added at a time.
I added this Powershell to a customised event: *(see images in order)
The confusing part of this is that I am using the computer name variable here but I am actually passing it as a $username inside the new event. I was being lazy at the time that I was writing the event, but it worked and I didn’t want to risk breaking it as it was working! , so the username is in fact a computer name in this powershell and event process. Look, I am not a genuine programmer, But I think I managed to hack this reasonably well, at least well enough to work !
I hope you can improve on this solution, and I hope it helps someone out.
Regards
Terry
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2020 12:51 AM
Hi Terry,
could you add image 2 with the inputs ?
It appears this one is missing.
thanks in advance
Frank
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2020 02:53 PM
Hi Frank, I have attached the missing image here. By the way the final solution we implemented no longer evaluates the computers in the users AD probe as we added all the computers names held by AD into the CMDB via LDAP import, then added this list to the RITM form(s) and the user gets to select the computer from a drop down list on each form. this is then used to populate the UserName (with the $ sign added to the end). I regret not changing the UserName to ComputerName now.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2024 06:13 AM
I wonder how this could have been solutioned using the new processes available in the AD v2 spoke of integrationhub.
