Berto2002 Posted August 19, 2022 Share Posted August 19, 2022 We use the active directory Azure import facility quite often we perceive it has a limitation in that can only add users to a group. If the user is removed from the active directory group it does not remove them from the service manager organisational group on the next run. Are we missing something or is this only a one-way import? Are there ways to keep the members of an Azure active directory group in line with the members of a service manager group? I was also hoping there was a 'query group' option in the Cloud automation. If there was that, I could directly query an AD group to se if a member is in it and then not need to sync it in to service manager at all. But there is no such option. Thanks in advance Link to comment Share on other sites More sharing options...
Steve G Posted August 24, 2022 Share Posted August 24, 2022 Hi @Berto2002, As part of this release, we've added an operation that allows you to check if anAzure AD object ID (user or group) is a member of a specified group. Hope this helps. Cheers, Steve 1 Link to comment Share on other sites More sharing options...
Berto2002 Posted August 24, 2022 Author Share Posted August 24, 2022 Wow that was quick; almost as if someone had it ready to go lol! 1 Link to comment Share on other sites More sharing options...
Berto2002 Posted August 25, 2022 Author Share Posted August 25, 2022 Hi @Steve G, we have tried this and it has not worked. We have this AD group in O365 Azure: I have entered the GroupID into the Cloud Automation using the new GroupsCheckMembership feature and the Azure Active Directory connector (which works for an add/remove user in another flow/group): The Member ID I am using is the email address of our user which is both the customerID in Hornbill and the UPN (user principle name) in Azure. I think you are going to tell me that I need to use the ObjectID of the user and the email address is not correct...? Could I please request the Wiki is updated to make the features and this detail clearer? Azure Automation iBridge - Hornbill Link to comment Share on other sites More sharing options...
Steve G Posted August 25, 2022 Share Posted August 25, 2022 Hi @Berto2002, It is indeed the Object ID, as per the documentation in the workflow operation: The wiki URL you have provided is for Azure Automation, which is a different product on the Azure platform. The wiki page is actually: https://wiki.hornbill.com/index.php?title=Microsoft To get the User Object ID, you can use either of the following operations: Microsoft/Azure/Users/Get User by Email - this will search for users by emil address Microsoft/Azure/Users/Get User - this will return the user by their UPN Cheers, Steve Link to comment Share on other sites More sharing options...
Berto2002 Posted August 25, 2022 Author Share Posted August 25, 2022 Note to self; must remember to use your built-in docs! This is now working, thank you. Excellent facility to check AD group membership! 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now