This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Provision User - Notification Email

Guys.

I am provisioning my users and once the user is created i have a workflow that then sends out a notification message.

Within the notification message i would like to include the users email address. I have used the following token in the message but when the user is created and the email message go out the email address is not present.

<% =Operation.Target["mail"] %>

Now i think that when the notification message is sent out the Exchange RUS has not applied the email address to the account. So i then thought i would schedule the email notification to be sent 10 minutes after the account was created but again it did not include the email address.

Any ideas as to what i could do here?

Parents

0 lee.andrews_82510 over 12 years ago

So how I configured this was as follows - and I'll inlcude all of my code for you but I won't explian how it works line by line I dont have time for that but it's not a complex script( the script writes debug info to the event log but I don't like this idea anymore it's too difficult to make use of and prefer to write to a log file and all my later scripts do this).
1. Create a virtual attribute to hold the email address given to the user
2. Create a script to update the attribute when the mail attribute is set..
############################################################################################################
#
# User-setFirstEmailAddress
#
# Set setFirstEmailAddress virtual attribute if user's mail attribute is being modified to a non-null
# value and setFirstEmailAddress is not set
#
# Version 0.1 - Original
#
#
############################################################################################################
#
################################################
#
# Initialisation function
#
function onInit($Context)
{
$par01 = $context.AddParameter("debugging")
$par01.MultiValued = $false
$par01.PossibleValues = "0", "1", "2", "3", "4", "5", "6", "7", "8", "9"
$par01.DefaultValue = "9"
$par01.Description = "Debugging EventLog Level where: 0 is no debugging; 9 is the most verbose; 1 is the least verbose"
$par01.Required = $false
#
}
#
###
################################################
#
# Helper functions
#
function IsAttributeModified ($strAttributeName, $Request)
{
# function used to detect if a specific attribute was modified as part of the object update
# $strAttributeName = the LDAP attribute name to check
# $Request = the object modified
$objEntry = $Request.GetPropertyItem($strAttributeName, $Constants.ADSTYPE_CASE_IGNORE_STRING)
if ($objEntry -eq $null) { return $false}
$nControlCode = $objEntry.ControlCode
if ($nControlCode -eq 0) { return $false }
return $true
}
#
function OutputDebugString([int]$verbosity, [string]$str )
{
# outputs debug info to the EDM event log
if ( [string]$PolicyEntry.Parameter("debugging") -ne '0' )
{
$strDebuggingSwitch = [string]$PolicyEntry.Parameter("debugging")
if ( $verbosity -le [int]$strDebuggingSwitch )
{
 $EventLog.ReportEvent(2,$str)
}
}
}
#
###########################################################################
################# EVENT HANDLERS ##########################################
###########################################################################
#
function onPostModify($Request)
{
if ($Request.class -eq "user")
{
OutputDebugString -verbosity 9 -str "User-setFirstEmailAddress <<<<<<MODIFY >>>>onPostModify"
if ( $(IsAttributeModified -strAttributeName 'mail' -Request $Request) )
{
 OutputDebugString -verbosity 9 -str "User-setFirstEmailAddress <<<<MODIFY ATTRIBUTE CHANGED>>>>"
 try {Remove-Variable -Name user -ErrorAction SilentlyContinue -WarningAction SilentlyContinue} catch{}
 try {$user = Get-QADUser -Proxy -Identity $Request.GUID -IncludedProperties mail,FirstEmailAddress,employeeID -DontUseDefaultIncludedProperties -ErrorAction SilentlyContinue -WarningAction SilentlyContinue} catch{}
 if ( $user -ne $null)
 {
 if ($user.whencreated -lt (Get-Date).adddays(-30) )
 {
 if ( (($user.FirstEmailAddress -eq $null) -or ($($user.FirstEmailAddress).length -le 0)) -and ($user.employeeID -ne $null) )
 {
 if ( ($user.mail -ne $null) -and ($($user.mail).length -gt 0) )
 {
 $mail = $user.mail
 OutputDebugString -verbosity 9 -str "User-setFirstEmailAddress <<<SETTING ON MODIFY>>>> onPostModify trying to update the FirstEmailAddress attribute $user.mail"
 try { Set-QADUser $user -Proxy -ObjectAttributes @{FirstEmailAddress=$mail } | Out-Null} catch{}
 }
 }
 }
 else
 {
 OutputDebugString -verbosity 9 -str "User-setFirstEmailAddress - User Created more than 30 days ago"
 OutputDebugString -verbosity 9 -str "User-setFirstEmailAddress - User Created $($user.whencreated)"
 }
 }
}
}
}
function onPostCreate($Request)
{
if ($Request.class -eq "user")
{
OutputDebugString -verbosity 9 -str "User-setFirstEmailAddress <<<< CREATE>>>>>onPostCreate"
try {Remove-Variable -Name user -ErrorAction SilentlyContinue -WarningAction SilentlyContinue} catch{}
try {$user = Get-QADUser -Proxy -Identity $Request.GUID -IncludedProperties mail,FirstEmailAddress -DontUseDefaultIncludedProperties -ErrorAction SilentlyContinue -WarningAction SilentlyContinue} catch{}
if ( $user -ne $null)
{
 if ($user.whencreated -lt (Get-Date).adddays(-30) )
 {
 if ( (($user.FirstEmailAddress -eq $null) -or ($($user.FirstEmailAddress).length -le 0)) -and ($user.employeeID -ne $null) )
 {
 if ( ($user.mail -ne $null) -and ($($user.mail).length -gt 0) )
 {
 OutputDebugString -verbosity 9 -str "User-setFirstEmailAddress <<<<< SETTING ON CREATE >>>> FirstEmailAddress attribute $user.mail"
 $mail = $user.mail
 #try { Set-QADUser $user -Proxy -ObjectAttributes @{FirstEmailAddress=$($user.mail)} | Out-Null} catch{}
 try { Set-QADUser $user -Proxy -ObjectAttributes @{FirstEmailAddress=$mail } | Out-Null} catch{}
 }
 }
 }
 else
 {
 OutputDebugString -verbosity 9 -str "User-setFirstEmailAddress - User Created more than 30 days ago"
 OutputDebugString -verbosity 9 -str "User-setFirstEmailAddress - User Created $($user.whencreated)"
 }
}
}
}
3. Create a script policy to invoke this "user - React to first Email address" and link to the target OU where the users are located (created)
4. Create a workflow with a trigger when the FirstEmailAddress user property is modified, Initiator Any User,
 Conditions:
 Manager attribute is not empty (all new accounts have a manager service accounts dont)
 AND Modified propety is FirstEmailAddress is not empty - stops a repeat email if someone clears the attribute
 AND country abbriviation equals UK (I have one workflow for each service desk region)
 OR country abbriviation equals IE ... etc for each country covered by this email
The email HTML is as follows:
<%@ Page Language="C#" Inherits="Quest.ActiveRolesServer.Common.Services.MailMessageTemplate"%>
<%@ Import Namespace="System"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <title>New Personal Employee Account for <% =Operation.Target["givenName"] %> <% =Operation.Target["sn"] %> ( <% =Operation.Target["mail"] %> )</title>
 </head>
 <body bgcolor="">
 <table width="900" border="0" align="center" cellpadding="0" cellspacing="0">
 <tr>
 <td height="459" valign="top" style="border:#0069b2 2px solid; padding:20px;">
 <table width="800" border="0">
 <tr>
 <td style="border-bottom:#0069b2 2px solid;">
 <img src="https://qst.ChildDomainName.ROOT.man.com/QPM/App_Themes/Custom/Images/banner_email_900_140.jpg" alt="Information Technology Group" width="900" height="140" /> 
 </td>
 </tr>
 <tr>
 <td>
 
 <table width="860" border="0" align="center" cellpadding="20" cellspacing="0">
 <tr bgcolor="#DAEFF7">
 <td>
 Welcome <% =Operation.Target["givenName"] %>
 
 Your Personal Employee Account access has been set up by the IT Service Desk. 
 <a href="Click" _mce_href="https://qst.ChildDomainName.ROOT.man.com/MISelfService/Controls/MyAccount.aspx">Click">https://qst.ChildDomainName.ROOT.man.com/MISelfService/Controls/MyAccount.aspx">Click here to update your personal telephone numbers</a>
 
 The IT Service Desk is your single point of contact for all IT related issues and requests. You can contact the IT Service Desk the following ways:
 
 Internal Phone: xNNNN 
 External Phone: +44 20 7NNN NNNN 
 Out of hours Freephone: + 8007 NNN NNNN 
 Internal E-Mail: Service Desk 
 External E-Mail: servicedesk@ChildDomainName.com
 
 <a href="Click" _mce_href="https://service-now/ess/">Click">https://service-now/ess/">Click Here to log your own ticket</a>
 Opening hours: 
 Monday to Friday: 08:00 to 18:30 GMT 
 Saturday and Sunday: Emergency on call
 
 Please find local IT related information and training documents here: <a href="http:intranet/supserv/Pages/itsupport.aspx">http:intranet/supserv/Pages/itsupport.aspx</a>
 Kind Regards, 
 IT Service Desk 
 </td>
 </tr>
 </table>
 </td>
 </tr>
 <td align="center" style="font-familiy:Tahoma; font-size:10px;">
 This is an automated e-mail, please do not respond. If you have questions or need further assistance, do not hesitate to contact the Global IT Service Desk on NNNN. 
 </td>
 </table>
 </td>
 </tr>
 </table>
 </body>
</html>
I also have another workflow to send a notification to the service desk with this email - this is triggered on user creation but targetted to the OU where we create users (not service accounts although I could have filtered on specific attributes to limit the scope)
<%@ Page Language="C#" Inherits="Quest.ActiveRolesServer.Common.Services.MailMessageTemplate"%>
<%@ Import Namespace="System"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>New Personal Employee Account created for: <% =Operation.Target["displayName"] %> </title>
</head>
<body>

The following Personal Employee Account has been created via ADSync and Quest ActiveRoles Server
User details
<table border="0">
<tr><td nowrap="nowrap">• First Name</td><td nowrap="nowrap"><% =Operation.Target["givenName"] %></td></tr>
<tr><td nowrap="nowrap">• Last Name</td><td nowrap="nowrap"><% =Operation.Target["sn"] %></td></tr>
<tr><td nowrap="nowrap">• Employee Id</td><td nowrap="nowrap"><% =Operation.Target["employeeID"] %></td></tr>
<tr><td nowrap="nowrap">• Job Title</td><td nowrap="nowrap"><% =Operation.Target["title"] %></td></tr>
<tr><td nowrap="nowrap">• Department</td><td nowrap="nowrap"><% =Operation.Target["department"] %></td></tr>
<tr><td nowrap="nowrap">• City/Country</td><td nowrap="nowrap"><% =Operation.Target["l"] %> <% =Operation.Target["co"] %></td></tr>
<tr><td nowrap="nowrap">• Office</td><td nowrap="nowrap"><% =Operation.Target["physicalDeliveryOfficeName"] %></td></tr>
<tr><td nowrap="nowrap">• Manager</td><td nowrap="nowrap"><% =Operation.Target["manager"] %></td></tr>
</table>
Account details
<table border="0">
<tr><td nowrap="nowrap">• Logon Name</td><td nowrap="nowrap"><% =Operation.Target["samAccountName"] %></td></tr>
<tr><td nowrap="nowrap">• Display Name</td><td nowrap="nowrap"><% =Operation.Target["displayName"] %></td></tr>
<tr><td nowrap="nowrap">• Initial Password</td><td nowrap="nowrap"><% =Operation.Target["InitialPassword"] %></td></tr>
<tr><td nowrap="nowrap">• Account</td><td nowrap="nowrap"><% =Operation.TargetObjectName %></td></tr>
</table>
 
IMPORTANT Please ensure a ServiceNow ticket has been logged and approved prior to enabling and issuing the account details
 You can review the details of the account at <a href="HTTPS://qst.ChildDomainName.ROOT.com/MIAdmin/SearchResult.aspx?TaskID=QuickSearch&SearchID=19&ANr=<% =Operation.Target["samAccountName"] %>">qst.ChildDomainName.ROOT.com/.../SearchResult.aspx& =Operation.Target["samAccountName"] %></a>
 
Operation Details
<ul>
<li>Operation ID: <%=Operation.ID%></li>
<li>Reason: <% =Operation.Reason %></li>
<li>Requested by: <%=Operation.InitiatorName%></li>
<li>Requested on: <%=Operation.RequestTime%></li>
</ul>
</body>
</html>
HERE is how this all works
HR add a new user to PS
An SQL process creates a stub user account in a Depot OU
A scheduled task script sees the new user object and clones the information to the target OU using a contact object to define where the user object goes - I can post how this all works too if you like but in essence it uses
New-QADUser -Proxy -SamAccountName $sAMAccountName -Name $sAMAccountName -ParentContainer $newParentOu -UserPassword $userPassword
I set other attributes too and have logic to work out the samaccountname and parent OU etc
On each OU I have ARS policy to define the exchange configuration
The command creates the user ARS automation sets up the mail box and populates the mail attribute and this triggers the script policy which sets the firstEmailaddress to match the mail attribute (see script) and this triggers the workflow.
THE KEY THING IS TO USE THE -PROXY switch if you dont then the policies dont always work.
I hope this helps.
Cancel
Up 0 Down

Cancel

Reply

0 lee.andrews_82510 over 12 years ago

So how I configured this was as follows - and I'll inlcude all of my code for you but I won't explian how it works line by line I dont have time for that but it's not a complex script( the script writes debug info to the event log but I don't like this idea anymore it's too difficult to make use of and prefer to write to a log file and all my later scripts do this).
1. Create a virtual attribute to hold the email address given to the user
2. Create a script to update the attribute when the mail attribute is set..
############################################################################################################
#
# User-setFirstEmailAddress
#
# Set setFirstEmailAddress virtual attribute if user's mail attribute is being modified to a non-null
# value and setFirstEmailAddress is not set
#
# Version 0.1 - Original
#
#
############################################################################################################
#
################################################
#
# Initialisation function
#
function onInit($Context)
{
$par01 = $context.AddParameter("debugging")
$par01.MultiValued = $false
$par01.PossibleValues = "0", "1", "2", "3", "4", "5", "6", "7", "8", "9"
$par01.DefaultValue = "9"
$par01.Description = "Debugging EventLog Level where: 0 is no debugging; 9 is the most verbose; 1 is the least verbose"
$par01.Required = $false
#
}
#
###
################################################
#
# Helper functions
#
function IsAttributeModified ($strAttributeName, $Request)
{
# function used to detect if a specific attribute was modified as part of the object update
# $strAttributeName = the LDAP attribute name to check
# $Request = the object modified
$objEntry = $Request.GetPropertyItem($strAttributeName, $Constants.ADSTYPE_CASE_IGNORE_STRING)
if ($objEntry -eq $null) { return $false}
$nControlCode = $objEntry.ControlCode
if ($nControlCode -eq 0) { return $false }
return $true
}
#
function OutputDebugString([int]$verbosity, [string]$str )
{
# outputs debug info to the EDM event log
if ( [string]$PolicyEntry.Parameter("debugging") -ne '0' )
{
$strDebuggingSwitch = [string]$PolicyEntry.Parameter("debugging")
if ( $verbosity -le [int]$strDebuggingSwitch )
{
 $EventLog.ReportEvent(2,$str)
}
}
}
#
###########################################################################
################# EVENT HANDLERS ##########################################
###########################################################################
#
function onPostModify($Request)
{
if ($Request.class -eq "user")
{
OutputDebugString -verbosity 9 -str "User-setFirstEmailAddress <<<<<<MODIFY >>>>onPostModify"
if ( $(IsAttributeModified -strAttributeName 'mail' -Request $Request) )
{
 OutputDebugString -verbosity 9 -str "User-setFirstEmailAddress <<<<MODIFY ATTRIBUTE CHANGED>>>>"
 try {Remove-Variable -Name user -ErrorAction SilentlyContinue -WarningAction SilentlyContinue} catch{}
 try {$user = Get-QADUser -Proxy -Identity $Request.GUID -IncludedProperties mail,FirstEmailAddress,employeeID -DontUseDefaultIncludedProperties -ErrorAction SilentlyContinue -WarningAction SilentlyContinue} catch{}
 if ( $user -ne $null)
 {
 if ($user.whencreated -lt (Get-Date).adddays(-30) )
 {
 if ( (($user.FirstEmailAddress -eq $null) -or ($($user.FirstEmailAddress).length -le 0)) -and ($user.employeeID -ne $null) )
 {
 if ( ($user.mail -ne $null) -and ($($user.mail).length -gt 0) )
 {
 $mail = $user.mail
 OutputDebugString -verbosity 9 -str "User-setFirstEmailAddress <<<SETTING ON MODIFY>>>> onPostModify trying to update the FirstEmailAddress attribute $user.mail"
 try { Set-QADUser $user -Proxy -ObjectAttributes @{FirstEmailAddress=$mail } | Out-Null} catch{}
 }
 }
 }
 else
 {
 OutputDebugString -verbosity 9 -str "User-setFirstEmailAddress - User Created more than 30 days ago"
 OutputDebugString -verbosity 9 -str "User-setFirstEmailAddress - User Created $($user.whencreated)"
 }
 }
}
}
}
function onPostCreate($Request)
{
if ($Request.class -eq "user")
{
OutputDebugString -verbosity 9 -str "User-setFirstEmailAddress <<<< CREATE>>>>>onPostCreate"
try {Remove-Variable -Name user -ErrorAction SilentlyContinue -WarningAction SilentlyContinue} catch{}
try {$user = Get-QADUser -Proxy -Identity $Request.GUID -IncludedProperties mail,FirstEmailAddress -DontUseDefaultIncludedProperties -ErrorAction SilentlyContinue -WarningAction SilentlyContinue} catch{}
if ( $user -ne $null)
{
 if ($user.whencreated -lt (Get-Date).adddays(-30) )
 {
 if ( (($user.FirstEmailAddress -eq $null) -or ($($user.FirstEmailAddress).length -le 0)) -and ($user.employeeID -ne $null) )
 {
 if ( ($user.mail -ne $null) -and ($($user.mail).length -gt 0) )
 {
 OutputDebugString -verbosity 9 -str "User-setFirstEmailAddress <<<<< SETTING ON CREATE >>>> FirstEmailAddress attribute $user.mail"
 $mail = $user.mail
 #try { Set-QADUser $user -Proxy -ObjectAttributes @{FirstEmailAddress=$($user.mail)} | Out-Null} catch{}
 try { Set-QADUser $user -Proxy -ObjectAttributes @{FirstEmailAddress=$mail } | Out-Null} catch{}
 }
 }
 }
 else
 {
 OutputDebugString -verbosity 9 -str "User-setFirstEmailAddress - User Created more than 30 days ago"
 OutputDebugString -verbosity 9 -str "User-setFirstEmailAddress - User Created $($user.whencreated)"
 }
}
}
}
3. Create a script policy to invoke this "user - React to first Email address" and link to the target OU where the users are located (created)
4. Create a workflow with a trigger when the FirstEmailAddress user property is modified, Initiator Any User,
 Conditions:
 Manager attribute is not empty (all new accounts have a manager service accounts dont)
 AND Modified propety is FirstEmailAddress is not empty - stops a repeat email if someone clears the attribute
 AND country abbriviation equals UK (I have one workflow for each service desk region)
 OR country abbriviation equals IE ... etc for each country covered by this email
The email HTML is as follows:
<%@ Page Language="C#" Inherits="Quest.ActiveRolesServer.Common.Services.MailMessageTemplate"%>
<%@ Import Namespace="System"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <title>New Personal Employee Account for <% =Operation.Target["givenName"] %> <% =Operation.Target["sn"] %> ( <% =Operation.Target["mail"] %> )</title>
 </head>
 <body bgcolor="">
 <table width="900" border="0" align="center" cellpadding="0" cellspacing="0">
 <tr>
 <td height="459" valign="top" style="border:#0069b2 2px solid; padding:20px;">
 <table width="800" border="0">
 <tr>
 <td style="border-bottom:#0069b2 2px solid;">
 <img src="https://qst.ChildDomainName.ROOT.man.com/QPM/App_Themes/Custom/Images/banner_email_900_140.jpg" alt="Information Technology Group" width="900" height="140" /> 
 </td>
 </tr>
 <tr>
 <td>
 
 <table width="860" border="0" align="center" cellpadding="20" cellspacing="0">
 <tr bgcolor="#DAEFF7">
 <td>
 Welcome <% =Operation.Target["givenName"] %>
 
 Your Personal Employee Account access has been set up by the IT Service Desk. 
 <a href="Click" _mce_href="https://qst.ChildDomainName.ROOT.man.com/MISelfService/Controls/MyAccount.aspx">Click">https://qst.ChildDomainName.ROOT.man.com/MISelfService/Controls/MyAccount.aspx">Click here to update your personal telephone numbers</a>
 
 The IT Service Desk is your single point of contact for all IT related issues and requests. You can contact the IT Service Desk the following ways:
 
 Internal Phone: xNNNN 
 External Phone: +44 20 7NNN NNNN 
 Out of hours Freephone: + 8007 NNN NNNN 
 Internal E-Mail: Service Desk 
 External E-Mail: servicedesk@ChildDomainName.com
 
 <a href="Click" _mce_href="https://service-now/ess/">Click">https://service-now/ess/">Click Here to log your own ticket</a>
 Opening hours: 
 Monday to Friday: 08:00 to 18:30 GMT 
 Saturday and Sunday: Emergency on call
 
 Please find local IT related information and training documents here: <a href="http:intranet/supserv/Pages/itsupport.aspx">http:intranet/supserv/Pages/itsupport.aspx</a>
 Kind Regards, 
 IT Service Desk 
 </td>
 </tr>
 </table>
 </td>
 </tr>
 <td align="center" style="font-familiy:Tahoma; font-size:10px;">
 This is an automated e-mail, please do not respond. If you have questions or need further assistance, do not hesitate to contact the Global IT Service Desk on NNNN. 
 </td>
 </table>
 </td>
 </tr>
 </table>
 </body>
</html>
I also have another workflow to send a notification to the service desk with this email - this is triggered on user creation but targetted to the OU where we create users (not service accounts although I could have filtered on specific attributes to limit the scope)
<%@ Page Language="C#" Inherits="Quest.ActiveRolesServer.Common.Services.MailMessageTemplate"%>
<%@ Import Namespace="System"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>New Personal Employee Account created for: <% =Operation.Target["displayName"] %> </title>
</head>
<body>

The following Personal Employee Account has been created via ADSync and Quest ActiveRoles Server
User details
<table border="0">
<tr><td nowrap="nowrap">• First Name</td><td nowrap="nowrap"><% =Operation.Target["givenName"] %></td></tr>
<tr><td nowrap="nowrap">• Last Name</td><td nowrap="nowrap"><% =Operation.Target["sn"] %></td></tr>
<tr><td nowrap="nowrap">• Employee Id</td><td nowrap="nowrap"><% =Operation.Target["employeeID"] %></td></tr>
<tr><td nowrap="nowrap">• Job Title</td><td nowrap="nowrap"><% =Operation.Target["title"] %></td></tr>
<tr><td nowrap="nowrap">• Department</td><td nowrap="nowrap"><% =Operation.Target["department"] %></td></tr>
<tr><td nowrap="nowrap">• City/Country</td><td nowrap="nowrap"><% =Operation.Target["l"] %> <% =Operation.Target["co"] %></td></tr>
<tr><td nowrap="nowrap">• Office</td><td nowrap="nowrap"><% =Operation.Target["physicalDeliveryOfficeName"] %></td></tr>
<tr><td nowrap="nowrap">• Manager</td><td nowrap="nowrap"><% =Operation.Target["manager"] %></td></tr>
</table>
Account details
<table border="0">
<tr><td nowrap="nowrap">• Logon Name</td><td nowrap="nowrap"><% =Operation.Target["samAccountName"] %></td></tr>
<tr><td nowrap="nowrap">• Display Name</td><td nowrap="nowrap"><% =Operation.Target["displayName"] %></td></tr>
<tr><td nowrap="nowrap">• Initial Password</td><td nowrap="nowrap"><% =Operation.Target["InitialPassword"] %></td></tr>
<tr><td nowrap="nowrap">• Account</td><td nowrap="nowrap"><% =Operation.TargetObjectName %></td></tr>
</table>
 
IMPORTANT Please ensure a ServiceNow ticket has been logged and approved prior to enabling and issuing the account details
 You can review the details of the account at <a href="HTTPS://qst.ChildDomainName.ROOT.com/MIAdmin/SearchResult.aspx?TaskID=QuickSearch&SearchID=19&ANr=<% =Operation.Target["samAccountName"] %>">qst.ChildDomainName.ROOT.com/.../SearchResult.aspx& =Operation.Target["samAccountName"] %></a>
 
Operation Details
<ul>
<li>Operation ID: <%=Operation.ID%></li>
<li>Reason: <% =Operation.Reason %></li>
<li>Requested by: <%=Operation.InitiatorName%></li>
<li>Requested on: <%=Operation.RequestTime%></li>
</ul>
</body>
</html>
HERE is how this all works
HR add a new user to PS
An SQL process creates a stub user account in a Depot OU
A scheduled task script sees the new user object and clones the information to the target OU using a contact object to define where the user object goes - I can post how this all works too if you like but in essence it uses
New-QADUser -Proxy -SamAccountName $sAMAccountName -Name $sAMAccountName -ParentContainer $newParentOu -UserPassword $userPassword
I set other attributes too and have logic to work out the samaccountname and parent OU etc
On each OU I have ARS policy to define the exchange configuration
The command creates the user ARS automation sets up the mail box and populates the mail attribute and this triggers the script policy which sets the firstEmailaddress to match the mail attribute (see script) and this triggers the workflow.
THE KEY THING IS TO USE THE -PROXY switch if you dont then the policies dont always work.
I hope this helps.
Cancel
Up 0 Down

Cancel

Children

No Data