Is there a walkthrough for mapping Active Directory that someone else has successfully followed?

russellreynolds
Kilo Explorer

‎09-22-2017 03:41 PM

Is there a walkthrough for mapping Active Directory that someone has successfully followed?

I'm trying to get AD Forest, OUs, AD objects into cmdb.

I've been to the following and been unsuccessful:

https://community.servicenow.com/thread/165690

https://docs.servicenow.com/bundle/istanbul-it-operations-management/page/product/service-mapping/co...

Thanks.

Labels:
0 Helpfuls
  • 1,809 Views
3 REPLIES 3

TrevorK
Kilo Sage

‎09-22-2017 07:58 PM

We map out our Active Directory OU structure using the CMDB. We essentially import all of the OUs through the LDAP import. When we complete the import we run a script that builds out all the relationships.



Because the Distinguished Name contains the hierarchy of the OU we are able to just split it - the first entry is the OU itself and the entry before is the OU that is a parent (with the logic to figure out which one is at the root of course). So after we import all the OUs we just build out the relationships ourselves.




I'm not sure all what objects you are looking to bring in, but the LDAP import will allow you to bring in any object you want. With the Distinguished Name you have everything you need to map out a hierarchy. You use the LDAP Target to specify the object class like this: (objectClass=organizationalUnit)


0 Helpfuls

Aditya Telideva
ServiceNow Employee
ServiceNow Employee

‎09-23-2017 01:00 AM

HI Russel,


Earlier one of our customer mapped out our Active Directory OU structure in our CMDB using relationships with our LDAP connection (so it's updated automatically):


find_real_file.png



This allows us to logs changes against them OUs, assign ownership to them, have an approval structure, etc. This is necessary for our next step, which is to pull back permissions in AD and force users to do their creation/modification of accounts/objects within SN. With the OU structure mapped out we are able to automate things like approvals.



I guess if you have already purchased the licensing to do Service Mapping then my post is probably useless - you would most likely use the tool you paid for. We have a hard time purchasing that licensing because, for our environment, we already have many tools that do this already for us and we just integrate with them to bring it into SN.



Thanks,


Aditya Telidevara


Preview file
96 KB

rjreynolds
Kilo Contributor
In response to Aditya Telideva

‎09-24-2017 08:22 AM

robpickering



Why are you putting these into the CMDB?



To manage change to configuration items:



AD users - DN, memberof


AD groups - membership, DN, etc


AD group policy objects


AD Organization units


AD ACLs on objects, etc.



Thanks.


0 Helpfuls