• State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 62 subscribers
  • Views 4213 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ARS 7.0 onDeprovision action

robertm
over 7 years ago

Hello,

I'm trying to a script very simpe but it's not working, and to troubleshoot the interface is not adapted....

So I hope someone can help me here.

I would like to develop a simple script that onDeprovision push information about deprovisionned account into a file.

 

Thanks in advance.

Parents
  • 0 over 7 years ago

    From a Powershell point of view, the basic information about the object being deprovisioned is contained in an object / variable called $Request.

    As noted, $Dirobj.get can be used to obtain AD attributes (more below)

    So, if you have a workflow triggered by a deprovision action, that workflow could then fire a script that exports the details you want. Here is a small example:

    NOTE: Create this script as a Policy script in the Script Module section of your Active Roles MMC. Then add a script activity to a workflow triggered by a Deprovision. Reference the 'ExportDeprovDetails' function in the script when you setup the script activity in the workflow.

    Function ExportDeprovDetails ($Request)
    {
    # Substitute whatever attribute names you want in the
    # $Dirobj.get statements below
    # $Dirobj.get pulls attribute contents for in-process objects from AD

    # This pulls the full name of the object you see in ADUC

    $DeprovedObjectFullName = $Dirobj.get("Name")

    # This pulls the Office from the General tab in ADUC

    $DeprovedObjectLocation = $Dirobj.get("physicaldeliveryofficename")

    # NOTE: $Dirobj.get Doesn't work so well for ActiveRoles Virtual attributes
    # For these use Get-QADUser
    # Get-QADUser example - attribute name is example only

    # Note $Request.GUID is the GUID of the in-process object

    Get-QADUser -proxy -identity $Request.GUID -objectattributes @{edsvaMyVirtualAttribute}


    # Build the log file output

    $Outdata = $DeprovedObjectFullName + "," + $DeprovedObjectLocation

    # Output the data to a file - note that this file will be written to the AR server unless you
    # specify a different path via UNC
    Add-Content "MyDeprovLog.txt" $Outdata
    }

Reply
  • 0 over 7 years ago

    From a Powershell point of view, the basic information about the object being deprovisioned is contained in an object / variable called $Request.

    As noted, $Dirobj.get can be used to obtain AD attributes (more below)

    So, if you have a workflow triggered by a deprovision action, that workflow could then fire a script that exports the details you want. Here is a small example:

    NOTE: Create this script as a Policy script in the Script Module section of your Active Roles MMC. Then add a script activity to a workflow triggered by a Deprovision. Reference the 'ExportDeprovDetails' function in the script when you setup the script activity in the workflow.

    Function ExportDeprovDetails ($Request)
    {
    # Substitute whatever attribute names you want in the
    # $Dirobj.get statements below
    # $Dirobj.get pulls attribute contents for in-process objects from AD

    # This pulls the full name of the object you see in ADUC

    $DeprovedObjectFullName = $Dirobj.get("Name")

    # This pulls the Office from the General tab in ADUC

    $DeprovedObjectLocation = $Dirobj.get("physicaldeliveryofficename")

    # NOTE: $Dirobj.get Doesn't work so well for ActiveRoles Virtual attributes
    # For these use Get-QADUser
    # Get-QADUser example - attribute name is example only

    # Note $Request.GUID is the GUID of the in-process object

    Get-QADUser -proxy -identity $Request.GUID -objectattributes @{edsvaMyVirtualAttribute}


    # Build the log file output

    $Outdata = $DeprovedObjectFullName + "," + $DeprovedObjectLocation

    # Output the data to a file - note that this file will be written to the AR server unless you
    # specify a different path via UNC
    Add-Content "MyDeprovLog.txt" $Outdata
    }

Children
No Data