Jump to content

Integrating with Our On-Site AD


clampj
 Share

Recommended Posts

Hi

Is it possible to integrate with our on-premise active directory?

I'd like to be able to configure catalogue items on self service that would automate amending AD security group membership.  Suspect powershell would be required but not sure how to go about it (the powershell bits easy but how do we use it with Service Manager?).

Can anyone provide any pointers/further reading?  I've looked on the wiki and read the integration section but I'm none the wiser for it.

Thanks

J

Link to comment
Share on other sites

@clampj

Something to look into is Microsoft System Centre Orchestrator https://wiki.hornbill.com/index.php/Microsoft_Orchestrator

This allows you within a business process to trigger a process internally on your network which can include power shell scripts.

Kind Regards

Trevor Killick

Link to comment
Share on other sites

Thanks Trevor - Sounds expensive though!

I've decided on a different approach that will get round the need to have Orchestrator however i'm not sure if it can be done in Service Manager. 

Essentially, I have a catalogue item on self service for requesting remote access.  The process sends an email (containing "Add" in the subject and customers username in the main email body) to a mailbox monitored by a powershell script.  If the subject contains add then the powershell script adds them into the required security group.  This part is easy and I have it working.

What I would also like to happen is, and email back to Service Manager so that SM can in turn email the customer to advise access is granted but then place the call on hold for 5 days.  Call automatically comes off hold after 5 days which triggers another email to the monitored mailbox, this time with a subject of "Remove" which causes the powershell script to remove them from the group before email back to SM to confirm which would trigger and email to cusotmer advising access removed before the call is closed.

As I said, I've got the first part working where email is sent, read and then user added to the group.  I'm struggling to understand how to acheive the rest so thought I'd ask on here before spending any more time on something that might not be acheivable.  I guess what I need to know is this:

1. I cant see a way to automatically take a call off hold after 5 days in the process engine which would be needed in order to trigger the removal email.  Is this even possible?  If not are there any plans to introduce such functionality?

2. Do you see any pitfalls with this approach?

I know its a bit clunky but it will save us a lot of time and more importantly a lot of user pain!

Link to comment
Share on other sites

Or you could close the call with an email saying "This access will automatically be revoked in 5 days"
Then, in your "add" PowerShell script write the username and the date to a file and have a scheduled task that runs the "remove" script each morning and removes anyone from more than 5 days ago (optionally deleting that line from the file so it doesn't eventually fill the drive)

Link to comment
Share on other sites

Thanks both.  I'm going to go with Dans suggestion in order to keep the powershell as light as possible and thats the bit of info I was hoping for re the process manager.  The process works - once the email is sent the process suspends for a set period of time before un-suspending and sending another email requesting access is removed.

 

I'm now looking at the handling of the email generated by the powershell script but i'm not sure how to acheive what I want as I've not setup routing rules before so again, any help greatly appreciated.

 

What I'd like to do is this, when attempting to provide access, the powershell will send one of 3 emails back to service manager - subject and content can be set however I like - the plan is to contain the call reference in the sbject then the outcome in the email body.  I'd like the following action for each of the 3 different emails:

Already has access - email the customer back advising this and close the call

License count exeeded - email the customer advising this and to contact service desk

Access granted - email the customer advising this and place the call on hold for set period of time (I already have the suspend part working as per the above)

Given the status is in the body of the email coming back to Service Manager, the customer would see that status as the update email generated by SM will contain it however, how do I get the call to close?  Is this something that needs to be handled in the process manager?  I'm guessing so but not sure how its done.

 

Lastly, I've got a problem with the progressive capture I setup to trigger this process.  I dont require any input from the user, I just need them to click the catalogue item.  As a result I setup the progressive capture as follows:

Start -> Customer Search -> End

This doesnt work though - I just get the hornbill logo spinning continuously.  The only way I've been able to get it to work is to setup as follows:

Start -> Customer Search -> Request Details -> End

I set the "Request Details" node so it isnt mandatory so the user can click finish without typing anything in but i'd like to remove this step if possible.  Any suggestions?

Link to comment
Share on other sites

For the last problem you could remove the default 'Customer Search' form and create a custom form with nothing but a label which read something like 'Submitting this form will pass your request to the IT Service Desk' 

If you set it up as per the screenshot this works (tested today). 

As for the other issues I think the only way around it would be a human task set up with the 3 possible outcomes and once an analyst clicks the outcome the BPM progresses along one of the three routes. The analyst would just have to note the email subject and click the corresponding outcome in the task. 

Once the human task has been completed the call closure could be different for each outcome type.  

 

Capture.PNG

Link to comment
Share on other sites

Thanks again Dan.  I'll check that out for the progressive capture.

 

Is there no way to automatically close a ticket from an email?  I dont want any human interaction.  Even if it means we have 2 different routing rules, one for closing the ticket and one for continuing with the suspention of the ticket - I can live with that!

 

Link to comment
Share on other sites

7 hours ago, clampj said:

Lastly, I've got a problem with the progressive capture I setup to trigger this process.  I dont require any input from the user, I just need them to click the catalogue item.  As a result I setup the progressive capture as follows:

Start -> Customer Search -> End

This doesnt work though - I just get the hornbill logo spinning continuously.  The only way I've been able to get it to work is to setup as follows:

Start -> Customer Search -> Request Details -> End

I set the "Request Details" node so it isnt mandatory so the user can click finish without typing anything in but i'd like to remove this step if possible

@clampj Hmm... so you saying that if the PCF only has "Start - Customer Search - End" then when the user clicks on the catalog item on the portal and the PCF runs the user gets the spinning logo of death? If that's the case this seems like some sort of defect that our dev team might want to look at... 

Link to comment
Share on other sites

Hi Victor

Yes - the spinning logo of death.  Hang fire for now as that was only for testing - I actually need the progressive capture to record something in the call summery and details so if we happen across it at any point in the future we know what it was for - as it is, the call just gets logged with a customer.

I'll let you know if I need further assistance on the PC.

Thanks

J

Link to comment
Share on other sites

Hi @Victor - Would you be able to take a look at our progressive capture?  At the moment Dans example/suggestion is working but it adds an unessessary step in the process which I'd like to remove.
I want the user to just have to click the catalogue item then the call be logged without any further interaction so:
Start->Customer Search->End
But this produces the endless spinning logo.  I've called it remote_access_test

Thanks
J

Link to comment
Share on other sites

Awesome-thanks!

Will the upgrade occur automatically I do I need to perform the upgrade (or should I say click the button!) as with service manager?  I dont see it listed in the "Add More Apps" screen so not sure how to do it.

Thanks

J

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...