• State Verified Answer
  • Replies 5 replies
  • Subscribers 65 subscribers
  • Views 426 views
  • Users 0 members are here
Options
Related

Export Synchronization Service workflow output to CSV file

Megha Paul
1 month ago

We are creating multiple accounts through Synchronization Service workflow. Once accounts are created, we need a extract of the generated userlogonname and password to be able to send to requestor.

Is there a way to output the same through step handler to run a powershell and generate a file with the userlogonname & password. We have rules set which creates a unique pattern of password when triggered.

I know that I can click on the numbers and a grey window will pop up detailing the changes that would be made were I to hit commit on the workflow. I'm wondering if there is a way to get the data that is displayed in this window out to a CSV?

  • +1 1 month ago

    Hello, there is unfortunately no means by which to export any of that data from within the Sync Service to a file from the Sync Service Console. To generate this type of output, you'll need to implement a script of some sort within the Sync Service.

    I was looking at a few different ways to try and approach this. Looking at the Target system's Connection Handlers, both Pre and Post Create, I'm not sure if there is a way to retrieve the password.

    So, you could consider converting the Sync Service password Rule into a PowerShell script. From this script you'd be able to output the password to a text file, for each user that is created, along with any other attribute from the source feed. A sample script could look something like below.

    # General variables
$OutFilePath = "C:\Logging\UserInfo.txt"

# Retrieve source object attributes
$FN    = $SrcObj["Firstname"]
$LN    = $SrcObj["Lastname"]
$EmpID = $SrcObj["id"]

# Generate random password
# This could also be a password rule that generates a password based off of source object attribute data
$strPwd = ([char[]]([char]33..[char]95) + ([char[]]([char]97..[char]126)) + 0..9 | sort {Get-Random})[0..11] -join ''

# Get current datetime
$dt = Get-Date -format "yyyyMMddHHmmss"

# Create user info and password output
$strOut = $dt + " " + $FN + " " + $LN + " " + $EmpID + " " + $strPwd

# Write output to file
$strOut | Out-File $OutFilePath -append

# Return generated password back to Sync Service
$strPwd

  • +1 1 month ago in reply to Richard Lambert

    Also, if you go that route, I have a couple powershell scripts with functions to generate a random password with parameterized complexity requirements, or the same with a passphrase if either of those would help.

    Powershell-Goodies/Password Scripts at main · AJLindner/Powershell-Goodies

  • 0 1 month ago

    For what it's worth, if the connector that you happening to be using for your destination system is the Active Roles connector, then you could create a scripted policy or workflow in there to capture passwords, rather than in the Sync Service itself.

    Also, on another note, you can technically capture the attributes that are populated by the Sync Service during provisioning - however the edsaPassword attribute is encrypted, and I've not been able to decrypt (possibly by design - I don't know that this value is stored as reversibly encrypted).

    Here is a very rudimentary sample showing that you can actually extract the details from the workflow run history:

    $runId = "163"
$qcSyncHistMgr = $qcService.CreateSyncHistoryManager()
$qcWorkflowStepRunSummaries = $qcSyncHistMgr.GetWorkflowStepRunSummaries($runId)
$qcWorkflowStepRunDetailsProvider = $qcSyncHistMgr.GetWorkflowStepRunDetails($qcWorkflowStepRunSummaries.Current)

foreach ($successOperation in ($qcWorkflowStepRunDetailsProvider.GetSuccessOperations())) {
    $successOperation.Operation.CreateRequest.Name
    foreach ($attribute in $successOperation.Operation.CreateRequest.Attributes) {
            $attribute.Name + ": " + $attribute.Values
    }
    [System.Environment]::NewLine
}

    This produces results that look like this: