This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

First.Last to DN Workflow

We've got Okta pushing manager first.last to extensionAttribute3 in ARS. I need a workflow that will convert that to a DN to drop into the manager field. However, no matter what I do, it doesn't want to get from any attributes.

Workflow setup:

On Demand
EA3 Search - Filters from an OU with 4 users. No other filters in place. --> Run Script: First.Last to DN

First.Last to DN script

function onPostModify($Request)
{
$sourceObj = $workflow.FoundObject("EA3").get("DN")
$manager = get-aduser -identity $sourceObj -properties extensionattribute3 | select -expandproperty extensionattribute3
$managerDN = (get-aduser -id $manager).distinguishedname	
$dirobj.put("manager", $managerDN)
$DirObj.SetInfo()
}

The error I get when I try to run the workflow with the script is:

At line: 3 char:1. Exception calling "Get" with "1" argument(s): "Object reference not set to an instance of an object."

0 Terrance.Crombie over 5 years ago

The error message is on line 3, where you are calling the workflow.FoundObject("EA3").get("DN")

You don't have a check for $NULL. There is nothing being returned by the search.

Is there any reason why you are scripting this? It can be done completely in a Workflow, no scripting necessary.
Cancel
Up 0 Down

Cancel
0 dylan smith over 5 years ago in reply to Terrance.Crombie

Terrance.Crombie said:
Is there any reason why you are scripting this? It can be done completely in a Workflow, no scripting necessary.

Ignorance honestly. I wasn't aware that I was able to do this with strictly a workflow.

When Okta drops a new user into AD, I need to be able to pull out a first.last in a custom field into a DN to place into the Manager field. I really need it to go onCreate. However, my first instance of this was via an onCreate workflow with a variation of the above script.
Cancel
Up 0 Down

Cancel
0 JohnnyQuest over 5 years ago

I'm wondering why you are dealing with "Found Object" at all.

Your start condition should simply intercept the EA3 modification and then pick up the EA3 of the object using $Request.Get("extensionattribute3").

The object being modified you can get with $Request.GUID or $Request.DN.

So:

Function OnPostModify ($Request)

{

$ManagerFirstLast = $Request.Get("extensionattribute3")

$manager = $(get-aduser -identity $ManagerFirstLast -filter * -properties *).distinguishedname

$CurrentObject = $Request.DN

Set-qaduser -identity $CurrentObject -ManagedBy $Manager

}
Cancel
Up 0 Down

Cancel
0 Terrance.Crombie over 5 years ago in reply to dylan smith

Are your samaccountname attributes meeting the firstname.lastname format? Are you getting anything else from the source data system, like an employee ID?

You might not be getting a valid result off a straight search.
Cancel
Up 0 Down

Cancel
0 dylan smith over 5 years ago in reply to JohnnyQuest

Unfortunately I'm still getting the same error on the get. Which is weird because it's literally searching an OU with four test users, three of which definitely have first.last strings in extensionAttribute3.

It's also executing on all four users. I can see it fail four times.

Ultimately my search is doing the following:

EA3
Search in the Organizational Unit or Container
Find Users in IT-Testing OU
When searching the organizational Unit or container: retrieve any objects held in the OU or container
Retrieve ALL RECIPIENTS
No further filters.

Then it kicks off the script. All but one user in that OU have extensionAttribute3 defined in a first.last string.
Cancel
Up 0 Down

Cancel
0 JohnnyQuest over 5 years ago in reply to dylan smith

You don't need to use a search.

Why don't you just have the workflow react in real time to the setting of the EA3? (by setting its Start condition to user property modification | EA3 )

Then, you can just fire the script code I suggested above as a script activity.
Cancel
Up 0 Down

Cancel