Hide Robot accounts
Brian_Winter
Customer Advanced IT Monkey ✭✭✭
On our HW Assets we have Custodian and Primary User (which comes from Operations Manager). On Production/Factory assets, very often the PU is a robot/run-as account which is not an actual user account, although these accounts often have their requestor's name associated with the robot.
For example, John A Jones has his account as well as a Robot Account named John Jones (notice the absence of the A - kind of stupid, but I don't make the naming rules).
What is happening is that Asset Managers are accidentally putting in the Robot account as Custodian/Owner and then emails start to fail and reports are off. Worse, the Robot account is often put in as the Affected User in IRs and SRs which also causes emails not to get delivered.
So how can I keep the Robot Account information (read-only) for the PU and not be selectable anywhere else. If I strip them out of the AD connector, they disappear from the PU field. Make sense? I want user pickers to only allow real user accounts (which I can get from an EmployeeType field) but still allow the display of any AD account.
Thanks in Advance!
Best Answers
-
Justin_Workman
Cireson Support Super IT Monkey ✭✭✭✭✭
You can change the User query in Admin Settings/Setting Items. I assume there's some other delineating property that lets you determine if it's a "robot" account or not?
5 -
LeeJones Member IT Monkey ✭
Justin is referring to "UserQuery" in Settings/Admin/SettingItems.
For example, if all your "robots" are in a container, try adding something like:
(DisplayName LIKE '%' + @Query + '%' OR UserName LIKE '%' + @Query + '%') AND (DistinguishedName NOT LIKE '%Robots,OU=run-as,DC=users,DC=winter,DC=com')5 -
Justin_Workman
Cireson Support Super IT Monkey ✭✭✭✭✭
It's the fields that are in the CI$User table in the ServiceManagement database. Your custom property won't be in there.
5
Answers
You can change the User query in Admin Settings/Setting Items. I assume there's some other delineating property that lets you determine if it's a "robot" account or not?
Justin is referring to "UserQuery" in Settings/Admin/SettingItems.
For example, if all your "robots" are in a container, try adding something like:
(DisplayName LIKE '%' + @Query + '%' OR UserName LIKE '%' + @Query + '%') AND (DistinguishedName NOT LIKE '%Robots,OU=run-as,DC=users,DC=winter,DC=com')How can get a list of all the attributes available to me for the query? We have an extended AD User object with a custom field, employeeType. However, when I add it to the UserQuery, like "AND employeeType = 'ARR'" I get nothing.
It's the fields that are in the CI$User table in the ServiceManagement database. Your custom property won't be in there.
I was going to ask if there's any way to extend that table, but I already know the answer 😋. I think I can make it work given what I got. THANKS!!!