Best Practice for "Domain Controller" Variable in AD Orchestration

Go to solution
joegarcia
Kilo Expert

‎10-13-2017 10:48 AM

Hey all,

We're configuring some Orchestration activities with the goal of automating user account creation. When using the Active Directory Activities, the activities require the IP address of a domain controller instead of using a hostname such as example.domaincontroller.com . Our systems team is fully against using the same IP address every time since we have multiple domain controllers that replicate. If one of them goes down and we're using that specific DC's IP address, we'll run into issues where the automation would fail. Do you all have any recommendations on best practices for this example? Would a round-robin dns entry that we resolve using the "Resolve DNS Name" activity be sufficient? Same goes for the Exchange Orchestration Activities we want to configure: we have multiple exchange servers that replicate and always connecting to one of them could possibly cause some issues.

Any guidance would be greatly appreciated. We would prefer to use best practices defined by ServiceNow. Please let me know if you need any more information or if this post should be moved to a different community. Thanks!

Labels:
0 Helpfuls
  • 3,341 Views
1 ACCEPTED SOLUTION

Go to solution
VivekSattanatha
Mega Sage
Mega Sage
In response to joegarcia

‎10-13-2017 12:32 PM

Perhaps you could add Resolve DNS capability to your activity and check. But interestingly I have it working without that capability. Do you have Discovery module in your instance?


View solution in original post

7 REPLIES 7

Go to solution
joegarcia
Kilo Expert
In response to VivekSattanatha

‎10-13-2017 12:33 PM

We do not have Discovery, only Orchestration. Maybe that's why I may need the extra step of resolving the DNS manually?


0 Helpfuls

Go to solution
VivekSattanatha
Mega Sage
Mega Sage
In response to joegarcia

‎10-13-2017 12:40 PM

Perhaps yes! Discovery used to discover DNS names and store it in this table cmdb_ci_dns_name. If the resolve DNS didn't work then you can add the values into this table manually and check


Go to solution
RD9
Kilo Contributor
In response to VivekSattanatha

‎05-16-2019 05:00 AM

Hi Vivek, 

 

I need some help/info regarding the AD orchestration. I need to add/remove user to a group in AD (which is not linked with servicenow users). Via a service catalog item and workflow I need to add/remove user from group. 

within active directory pack we can define the domain controller but where can i define its service account/password details. 

 

Thanks.

0 Helpfuls