I am trying to set up a field on the Web UI to be populated when a computer object is viewed using a script. For example: Users look at the properties of a AD computer -> script is executed, and the result is shown in a read only field.
Thanks!
I am trying to set up a field on the Web UI to be populated when a computer object is viewed using a script. For example: Users look at the properties of a AD computer -> script is executed, and the result is shown in a read only field.
Thanks!
One way this could be accomplished is the use of the onPostGet event handler. Review this in the Active Roles SDK as well as the following support article. As this KB article indicates, if not coded properly, this event handler should be used with the knowledge that it can be very taxing on the Administration Service and could cause slowness/unresponsiveness as objects are viewed.
How To Populate a Virtual Attribute that is NOT Stored in the Database (4256736) (oneidentity.com)
One way this could be accomplished is the use of the onPostGet event handler. Review this in the Active Roles SDK as well as the following support article. As this KB article indicates, if not coded properly, this event handler should be used with the knowledge that it can be very taxing on the Administration Service and could cause slowness/unresponsiveness as objects are viewed.
How To Populate a Virtual Attribute that is NOT Stored in the Database (4256736) (oneidentity.com)
Thanks for the reply. I am getting a page not found when I try and view the KB.
Maybe I can give you more context on what i am trying to do. I am working on a script to try and get the Windows LAPS password from AD. Since the attribute is encrypted, I have to run powershell to get the value I am looking for. This is my first script for ARS so no idea if I am even close to being correct.
$machineName = $this function LAPSPassword($Request) { $customValue = Get-LapsADPassword -Identity "$machineName" -AsPlainText | Select-Object Password $machineName.VirtualAttributes["edsvaLAPS"] = $customValue }
function onGetEffectivePolicy($Request){
if($Request.Class -eq "user"){
$customValue = Get-LapsADPassword -Identity "$machineName" -AsPlainText | Select-Object Password
$strAttrname = "edsvaLAPS"
$Request.SetEffectivePolicyInfo($strAttrname, $Constants.EDS_EPI_UI_GENERATED_VALUE, $customValue)
$Request.SetEffectivePolicyInfo($strAttrname, $Constants.EDS_EPI_UI_AUTO_GENERATED, $strAttrname)
}#end request class
}#end on get effective policy
something like that
Look in the SDK if you need more. You can go crazy doing different things using SetEffectivePolicy
Thank you. I will try this out. For mu understanding, how does the script get the $machinename variable?
My apologies, that is marked as an internal KB. Should have noticed this before sharing. The SDK has information, as well as scripting examples, on the use of the onPostGet handler.
how are you calling this script? from a workflow or something?
If the machine name is in another attribute on the page you can use $Request.Get("attributeName")
then you'd have to add a line where it's it's a RELOAD
$Request.SetEffectivePolicyInfo($strAttrname, $Constants.EDS_EPI_UI_RELOAD_EPI_BY_RULE, 'FirstattributeName)
I was hoping to have a field on the web UI that was populated from the scripts result. I am not 100% sure how to do this complete so just taking it one step at a time.
Here is the script I have so far. I have added the virtual attribute to the web UI but still not getting any results. I have set the Workflow to run on demand and linked it to the script below.
function onPostGet($Request){ if($Request.Class -eq "computer"){ $machineName = $Request.Get("cn") $customValue = Get-LapsADPassword -Identity "$machineName" -AsPlainText | Select-Object Password $strAttrname = "edsvaLAPS" $Request.SetEffectivePolicyInfo($strAttrname, $Constants.EDS_EPI_UI_GENERATED_VALUE, $customValue) $Request.SetEffectivePolicyInfo($strAttrname, $Constants.EDS_EPI_UI_AUTO_GENERATED, $strAttrname) $Request.SetEffectivePolicyInfo($strAttrname, $Constants.EDS_EPI_UI_RELOAD_EPI_BY_RULE, $machineName) }#end request class }#end on get effective policy
Try changing the event handler from onPostGet to onGetEffectivePolicy. Also, remove the RELOAD_EPI_BY_RULE line and have those three lines resemble the following. This should result in the attribute being marked read-only and having a lightning bolt button next to it. The LAPS password will then be displayed once that button is clicked.
$Request.SetEffectivePolicyInfo($strAttrName, $Constants.EDS_EPI_UI_GENERATED_VALUE, $customValue) $Request.SetEffectivePolicyInfo($strAttrName, $Constants.EDS_EPI_UI_AUTO_GENERATED, $true) $Request.SetEffectivePolicyInfo($strAttrName, $Constants.EDS_EPI_UI_SERVER_SIDE_GENERATED, $customValue)
Also, in order for this to work, the script should be added to a Provisioning Policy and not a Workflow. The Policy should then be linked to the OU where the Computer objects reside.
If you are looking for the customValue to be displayed without needing to click a button, then use the onPostGet handler as you have above and have these lines at the top of the function:
if ($Request.class -ne "computer") {return} if ($Request.IsAttributeRequested("edsvaLAPS") -eq $false) {return}
Then remove the three SetEffectivePolicyInfo lines and replace them with this single line:
$Request.Put($strAttrname, $customValue)
Thank you. That makes alot more sense. I have made the suggested updated but now getting the error when I click on the lighting bolt:
Sys.WebForms.PageRequestManagerServerErrorException: An unknown error occurred while processing the request on the server. The status code returned from the server was: 500