Extending sys_user_group table - loading AD groups
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-13-2014 03:30 PM
Hi all,
Does anyone have experience loading AD groups into ServiceNow?
I've recently gotten my LDAP via MID Server connection to work. Now I'm thinking of extending the sys_user_group table in order to create a new table, "AD Groups", to load all the groups from Active Directory into it (since our ServiceNow groups serve a different function in the organization than the AD groups do, I thought I'd keep them in a separate table). The problem is - it doesn't seem like sys_user_group is one of the tables that's available to extend. Is there a way around this? Can one extend a table and bypass these limitations of the table creator module? Should I be loading AD Groups into sys_user_group instead? What's the best practice here?
Thank you,
Dmitri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2014 06:37 AM
I believe the consequences are in your favor if you really want to extend it, but a word of caution, if you choose to extend the table and populate the values from AD into this custom table, there would also be a record of it in the parent sys_user_group table.
So effectively these groups would also show up in various look list for groups in Service-now.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-15-2014 02:10 AM
The solution you choose will purely be driven by what your need is. If you ask is to just hold the AD groups into Service-now then the OOB sys_user_group should serve you good.
What sort of usage these groups is going to provide, are you planning to write some ACLs around it, restrict contents or just show it in a lookup field somewhere in a form?
May be based on your requirement we can think further.
Thanks,
Dhananjay
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2014 06:27 AM
Thanks for the input Dhananjay. I'm looking to show these on a form. These AD groups are a specific type of group, so I don't think adding them to sys_user_group makes sense. I'll keep looking on how to add them to a child table.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2014 06:41 AM
Adding them to a child table is still adding them to sys_user_group. If you're just looking to have basic group information to show on forms, no membership, I would advise a seperate non-extended table. If you're looking to bring in user membership also, then I would add a new type to the sys_user_group table and put them in there.
Extending the table basically just allows you to have a different form view (though this can be accomplished with a view rule) and adding additional fields that are only needed for this type of group.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-10-2015 11:06 AM
Hi Dimitri,
i'm not sure what your desired outcome is, what are you going to use this for?
At a client, we are importing AD groups into an extended cmdb_ci table and then making relationships between Users and these groups.
This is used to achieve 2 things:
1. Validate access during requests. eg. client script is checking if user i member of group, before pushing Software
2. Request for add to AD group. We have Owner on a AD group to drive approvals.
hope that helps
