Home Analyst Portal

Adding a Non AD user to the portal user picker

Kathy_HustKathy_Hust Customer IT Monkey ✭
Is there a way to have a non AD user added to the portal user picker?  
I have added the user to my CI database in Service Manager


  • Adam_DzyackyAdam_Dzyacky Product Owner Contributor Monkey ✭✭✭✭✭
    Can you expand a bit more on what the end goal is? And also explain what you're referring to when you say "portal user picker" I ask as I'm not clear on if this means the "on behalf of" control, a Query Result input on a Request Offering, or something else?
  • Kathy_HustKathy_Hust Customer IT Monkey ✭
    Our Support Center takes the occasional call from a outside user and we need to create a ticket for this interaction.  In our old system we had a user called Non-Company and this would be our affected user. 

    I need to have the Affected User picker in the Incidents and Service Request tickets allow me to select this Non-Company user (This is not a AD user). 

     I have added a CI User in the Service Manager database but it is not showing up when a ticket is created from the portal.

  • Adam_DzyackyAdam_Dzyacky Product Owner Contributor Monkey ✭✭✭✭✭
    Got it!

    So what Class is that user a member of? Could you possibly share the PowerShell you used to achieve this? I'm thinking there is a possibility you've chosen a class that the Cireson portal isn't referencing. In which case it may just require some re-alignment of that user or in the worst case, creating an account in your Active Directory to serve this purpose so it's not something that has to be maintained exclusively within SCSM.
  • Kathy_HustKathy_Hust Customer IT Monkey ✭
    Right now the User is a Domain User or Group class type with an SMInternal domain.  I havent ran an powershell.  I'm looking for assistance on how it at all possible to make this user visiable in the portal view
  • Adam_DzyackyAdam_Dzyacky Product Owner Contributor Monkey ✭✭✭✭✭
    So if you haven't used PowerShell or the AD connector how did you create the user? What I'm trying to understand is how the user was created as it may be a tell as to why it doesn't appear in the portal.
  • Tom_HendricksTom_Hendricks Customer Super IT Monkey ✭✭✭✭✭
    It sounds like the user was added directly in the SCSM console as a new CI.  This user should show up in the affected user pickers...

    ...unless perhaps your user query filter is filtering them out.  Admin Settings > Settings Items > UserQuery.  Perhaps this particular user, since it is not from AD, is missing something that the query tests for, or is otherwise just getting filtered out?

    If that's not it (or potentially you could do this first) you could check the database to make sure that the Cache Builder is bringing it over in the first place.  The table is dbo.CI$User.  If the user is not there, it definitely won't show up in your user picker.
  • Geoff_RossGeoff_Ross Cireson Consultant Super IT Monkey ✭✭✭✭✭
    In order to get processed by the cachebuilder and therefore end up selectable as an affected user in the Portal, a User needs to have  DistinguishedName property, which it will only have it its of class Microsoft.AD.User. A User created directly in the console will be a System.User and not have this property.

    It is possible to make a fake user for use in the portal, but you will need to create it via PowerShell and specify a dummy DistinguishedName (anything unique) will do.

    Good luck.
  • Simon_ZeinhoferSimon_Zeinhofer Customer Advanced IT Monkey ✭✭✭

    Had the same problem today. For anyone else having that problem, here is a little script to create an SMInternal User which is also pickable in an RO:

    $scsm = 'YOUR SCSM SERVER'
    $class = get-scsmclass -Name Microsoft.Ad.User$ -ComputerName $scsm
    $firstName = 'DESIRED FIRST NAME'
    $lastName = 'DESIRED LAST NAME'
    $displayName = $firstName  + " " + $lastName
    $userName = $firstName + "." + $lastName
    $CN = $lastName + " " + $firstName
    $domain = 'SMInternal'
    $distinguishedName = "CN=$CN,OU=PURPOSEOFYOURUSER,DC=SMInternal"
    $newGUID = [guid]::NewGuid().tostring()
    $newProps = @{
    "FirstName" = $firstName
    "LastName" = $lastName
    "DisplayName" = $displayName
    "UserName" = $userName
    "Domain" = $domain
    "DistinguishedName" = $distinguishedName
    "UPN" = $UPN
    $newUser = New-SCSMObject -Class $class -PropertyHashtable $newProps -ComputerName $scsm -PassThru
    $newUserGUID = $newUser.Id.Guid

    I have to add, I use the $newUserGUID and the $newGUID for an SCO Runbook, because I was not able to add the notification endpoint + relationship - seems it has to be done via the new-scsmobjectprojection command, but it seems like I am too bad to use that :D

  • Matt_Howard1Matt_Howard1 Customer Adept IT Monkey ✭✭

    @Simon_Zeinhofer Way to resurrect an old thread! The PS you provided is nice, I never considered using a dummy DN for external users. I may propose this with our external customer team, and turn off the unknown user to CMDB in our Exchange connectors.

  • Simon_ZeinhoferSimon_Zeinhofer Customer Advanced IT Monkey ✭✭✭
    edited August 2022


    I guess the most important thing here is, that users, which are created directly in the console, have class System.User, which does not have that DN property. I also came across some differences with System.Domain.User and Microsoft.Ad.User, as searching a user by UPN is not possible with the Domain.User class, when the UPN property is used in the -filter of the Get-SCSMObject smlet command. It works fine with AD.User though.

    Maybe with the new CMDB Dynamic Data it would be possible to create such user objects directly in the portal. For the creation of the notification endpoints it would still be necessary to use the console or an SCO runbook though.

Sign In or Register to comment.