Update an existing AD group

Sruthi17
Kilo Sage

Hi experts,

 

Can someone guide me how to update an existing AD group from servicenow?

I have a requirement to update an existing AD group to change the managedBy attribute. I have no idea where to start and how to start this.

If someone can guide me with the next steps, it would be really great. Thanks in advance

2 REPLIES 2

Goran WitchDoc
ServiceNow Employee
ServiceNow Employee

To integrate with AD, we have this Spoke, but I'm not sure if there are built-in actions for the specific use case you are looking for: https://docs.servicenow.com/bundle/tokyo-servicenow-platform/page/administer/integrationhub/concept/...

 

But if not, I wouldn't think it will be so hard to look at the existing ones and modify one of them to do what you want (as long as MS allows us to do it)

Kiran Teja1
Kilo Guru

Hi Sruthi

We need to build a custom action for updating the AD Group Information. If you want to update the AD Group Description or Owner etc, currently we don't have any OOTB Actions available to use directly in the flows.

1. Create a Custom Action - (Update AD Group)
2. Create a new MID Server Script file with the sample below information.
3. Need a Service Account (Credentials ) to connect to AD and perform the Operations to Modify the AD Group

----------

Import-Module ActiveDirectory -WarningAction SilentlyContinue

$ADGName = $ADGName -replace "%27", "'"
$Description = $Description -replace "%27", "'"
$ADGOwner = $ADGOwner -replace "%27", "'"

$CurrentDomainController = (Get-ADDomainController | select Name -ExpandProperty Name).Trim()

# Initialize variables for responses and statuses
$result1 = "No operation"
$result2 = "No operation"
$statusDesc = "Not attempted"
$statusOwner = "Not attempted"

if($Description) {
try {
Set-ADGroup -Identity $ADGName -Description $Description -Credential $cred -Server $CurrentDomainController | Out-Null
$result1 = "Description set successfully"
$statusDesc = "Success"
} catch {
$result1 = $_.Exception.Message
$statusDesc = "Error"
}
}

if($ADGOwner) {
try {
Set-ADGroup -Identity $ADGName -ManagedBy $ADGOwner -Credential $cred -Server $CurrentDomainController | Out-Null
$result2 = "Owner set successfully"
$statusOwner = "Success"
} catch {
$result2 = $_.Exception.Message
$statusOwner = "Error"
}
}

$result = [PSCustomObject]@{
ADGroupName = $ADGName
ADGroupDescription = $result1
DescriptionStatus = $statusDesc
ADGroupOwner = $result2
OwnerStatus = $statusOwner
}

$response = @{
status = if ($statusDesc -eq "Error" -or $statusOwner -eq "Error") { "Partial Error" } else { "Success" }
body = $result
} | ConvertTo-Json

Write-Output $response

-----------------------

You need to make some modifications depending on your requirements for the custom action and MID Server Script file.

I hope this will help you.

Thank You
Teja