Anyway to retrieve AD group members in an Offering to show to users?
Zac_Robinson
Customer IT Monkey ✭
Hi Everyone,
I'm trying to give our users a list of "pre-selected authorisers" for some software, they are then supposed to see a list of 5 or 6 people, and they highlight which one is relevant to their team/service and will submit this into our runbook which will take care of the rest of the process.
The problem is, that I have no idea how to actually grab a list of users directly from within the Cireson Console, to show to the user on screen. I've not been able to find a query that will return me the list of AD users of a group, nor have I found any suitable alternative that seems like it would work. I've been able to query users before based on department, job title etc but never to such a specific set group of people. I'd prefer to have some way of having this obtained or held within the system, as the alternative is a dropdown list (and I don't like the idea of maintaining this)
My end goal was if that I can have an AD group that controls who can authorise this software, a runbook can populate those users each night and add them into a relevant area on SM/Cireson so that the form can query this information every day.
My recent development has been to assign the Software Item a "Primary User" and pick an AD Group instead, although I can't seem to get this to show the group contents on the portal either.
Does anyone know if there is a way of doing this? I've gotten nowhere all day.
Thanks
Best Answer
-
Adam_Dzyacky
Product Owner Contributor Monkey ✭✭✭✭✭
You've stumbled across a limitation of core SCSM and that is the user to group (or vice versa) mapping. However there are a few ways around this but they all involve either PowerShell/SMA, SCO, or a SCSM management pack with a stored PowerShell script.
In short, of the above general ideas, the framework I'm thinking of would entail something to the effect of:
1. Extend the Active Directory User class to support a new Boolean value like "Is Manager" or "Pre-Selected Authorizers"
2. The PowerShell script grabs members of that Active Directory group and updates values in the SCSM CMDB. This script would execute from one of the following:- either the MP via SCSM Workflow engine (not personally a fan)
- SMA/SCO so you can quickly make edits in the future (like this because code is easily accessible requiring no changes within SCSM)
6
Answers
You've stumbled across a limitation of core SCSM and that is the user to group (or vice versa) mapping. However there are a few ways around this but they all involve either PowerShell/SMA, SCO, or a SCSM management pack with a stored PowerShell script.
In short, of the above general ideas, the framework I'm thinking of would entail something to the effect of:
1. Extend the Active Directory User class to support a new Boolean value like "Is Manager" or "Pre-Selected Authorizers"
2. The PowerShell script grabs members of that Active Directory group and updates values in the SCSM CMDB. This script would execute from one of the following:
I see. I think the extension of AD would be something that I could try out, Would it be possible to have the Offering lookup a new enumerated list from Service Manager, that way it could be maintained via the console? I've not had good experience with extended MP's before that is why I ask.
Thanks
I agree with @Zac_Robinson regarding a new Cireson Custom List control, being able to create some filter to bring a list of objects back and specifying if you want a property value or the whole object to relate on a relationship would really cut down on the amount of planning and effort needed to create a workaround.