• State Verified Answer
  • Replies 12 replies
  • Subscribers 62 subscribers
  • Views 1664 views
  • Users 0 members are here
Options
Related

AR Script - Pass SamAccountName

craig mcfarlane
over 1 year ago

Hi Team. 

I dont do a lot with AR scripts that use the AR functions and i seem to always get lost 

So I have a VA and lets call it VA1 , when this is set to TRUE i have a workflow that should kick off the below script. 

Am i passing the SamAccountName when $Request is used or am i missing something here? 

# Connect to ARS
Connect-QADService -Service "AR-Server-Name" -Proxy
#Import Duo PowerShell Module
Import-Module Duo

#Date
$DateYear = $((Get-Date).ToString('yyyy'))
$DateMonth = $((Get-Date).ToString('MMM'))
$DateDay = $((Get-Date).ToString('dd'))
#Time
$Time = Get-Date -Format "HH-mm"

#Create Folder structure based on Date
New-Item -ItemType Directory -Path "PATH-Here\$DateYear\$DateMonth\$DateDay" -Force
New-Item -ItemType Directory -Path "PATH-Here\$DateYear\$DateMonth\$DateDay\Logs" -Force

$logfile = "PATH-Here\$DateYear\$DateMonth\$DateDay\Logs\Duo-User-Sync-$time.txt"

function onPostModify($Request)
{

duoSyncUser -username $Request | out-file $logfile -Append

}

Parents Reply Children
  • 0 over 1 year ago in reply to JohnnyQuest

    Thanks Johnny. 

    I have moved it all inside the function and updated the command below but this still does not seem to fire. 

    duoSyncUser -username $Request.Name | out-file $logfile -Append

    function onPostModify($Request)
{

# Connect to ARS
Connect-QADService -Service "AR-Server-Name" -Proxy
#Import Duo PowerShell Module
Import-Module Duo

#Date
$DateYear = $((Get-Date).ToString('yyyy'))
$DateMonth = $((Get-Date).ToString('MMM'))
$DateDay = $((Get-Date).ToString('dd'))
#Time
$Time = Get-Date -Format "HH-mm"

#Create Folder structure based on Date
New-Item -ItemType Directory -Path "PATH-Here\$DateYear\$DateMonth\$DateDay" -Force
New-Item -ItemType Directory -Path "PATH-Here\$DateYear\$DateMonth\$DateDay\Logs" -Force

$logfile = "PATH-Here\$DateYear\$DateMonth\$DateDay\Logs\Duo-User-Sync-$time.txt"

duoSyncUser -username $Request.Name | out-file $logfile -Append

}

  • 0 over 1 year ago in reply to craig mcfarlane

    So i am seeing the script fire now as its creating the logfile but the log is empty as i dont think its passed the SamAccountName 

    duoSyncUser -username $Request.Name | out-file $logfile -Append

  • 0 over 1 year ago in reply to craig mcfarlane

    If i hard code my SamAccountName in to the command and set the VA then the duoSyncUser runs. So not sure why this is not being passed correctly using $Request.Name  , is there any other work around method of passing this value? 

    duoSyncUser -username SamAccountName | out-file $logfile -Append

  • +1 over 1 year ago in reply to craig mcfarlane

    Try getting it like this:

    $UserSam = $DirObj.get("samaccountname")

  • 0 over 1 year ago in reply to JohnnyQuest

    Thanks Johnny. Thats done the trick.

    Appreciate your help as always. Thank you. 

  • 0 over 1 year ago in reply to craig mcfarlane

    A couple of questions kind of related to this post. 

    I know when running the Quest CMD we can use the command below to add a reason in to the change history. Is there away to do that when not using the Quest CMDs? 

    -Control @{'OperationReason'="something something"}

    Also is there a way as part of that function to obtain who it was that made request? I am thinking i could write it out to a logfile?

  • 0 over 1 year ago in reply to craig mcfarlane

    There is a technique for adding Change History info when using ADSI-style scripting techniques:

    Here's some sample code:

    # Assumes use in Change workflow script activity - otherwise just supply a distinguished name

$CurrentUser = $Request.DN

# Bind to the in process user via Active Roles

$ADObj = [ADSI]"EDMS://$CurrentUser"

# Set a property

$ADObj.Properties["Description"].Value = "A new description"

# Set the reason for the change in the change history

$ADObj.NativeObject.GetType().InvokeMember("Control","SetProperty",$null, $ADObj.NativeObject, @("OperationReason","Description modified by script")) | Out-Null
$ADObj.commitchanges()
$ADObj.close()

    You can get the name of the Initiator from a $Request thus:

    (Note the "by reference" syntax whereby the samaccountname and DN of the Initiator will be stored in the variables specified.)

    $Request.Whoami($InitiatorSam,$InitiatorDN)

    The above is documented in the SDK.


  • 0 over 1 year ago in reply to JohnnyQuest

    There is a technique for adding Change History info when using ADSI-style scripting techniques:

    Here's some sample code:

    # Assumes use in Change workflow script activity - otherwise just supply a distinguished name

$CurrentUser = $Request.DN

# Bind to the in process user via Active Roles

$ADObj = [ADSI]"EDMS://$CurrentUser"

# Set a property

$ADObj.Properties["Description"].Value = "A new description"

# Set the reason for the change in the change history

$ADObj.NativeObject.GetType().InvokeMember("Control","SetProperty",$null, $ADObj.NativeObject, @("OperationReason","Description modified by script")) | Out-Null
$ADObj.commitchanges()
$ADObj.close()

    You can get the name of the Initiator from a $Request thus:

    (Note the "by reference" syntax whereby the samaccountname and DN of the Initiator will be stored in the variables specified.)

    $Request.Whoami($InitiatorSam,$InitiatorDN)

    The above is documented in the SDK.


  • 0 over 1 year ago in reply to JohnnyQuest

    Correction:  $Request.Whoami([ref]$InitiatorSam,[ref]$InitiatorDN)

  • 0 over 1 year ago in reply to JohnnyQuest

    Thanks Johnny. Let me go search all this. Feel like i have been soaking up info recently. Thanks for the help mate.