Hi,
I'm trying to write an approval workflow based on a specific attribute.
We populate an attribute with "Deprovisionned by <name>"
Now I need to run a check on the <name> to see if they are included in a specific group.
function GSOC($Request)
{
# Specify the user and group names
$group = "Approval-TEST"
$userattributes = get-aduser -identity $request -properties "attributeX"
##remove first 42 characters
$deproBy = $userattributes.attributeX -replace "^.{42}"
# Get all members of the specified group (including nested groups)
$members = Get-ADGroupMember -Identity $group -Recursive | Select-Object -ExpandProperty Name
# Check if the user exists in the group
if ($members -contains $deproBy) {
$result = "memberOf"
}
$result
}
I then use this in a workflow which only runs if Parameter (XX) equals "memberOf"
I'm pretty sure my issue is with the "$userattributes = get-aduser -identity $request -properties "attributeX"" line.
The context of the workflow is to force an approval on an undo-depro if the account was deprovisioned by someone in a specific group.