Active Roles Workflow Search function

The Search activity is implemented as a ForEach.

"For each object that you find, do this thing that many times".

Because of this, if there are no objects found, any activities which are in the Search activity is skipped - they are not executed.

To test for this, use an If-Else branch which checks the Execution Status of an activity within the scope of the search. If the Execution Status is Not Executed, then you know that it was skipped because there were no results found by the search.

Hi Terrance, 

thanks for explaining this.. it made me rethink how to perform the queries.. So I changed it so that the Search Condition looks for a specific samAccountName such as ADMTUser. in the If-Else statement I put that if the execution status equals "Not Executed" to go and create the user.

Now. in the logs. I see that the search condition is looking for "ADMTUser" and it finds 0. so you would think that if it finds 0, that the If-Else branch would kick off. but it doesn't. what is more weird, is that on the 2nd branch (the Else Branch), I didn't put any condition.. so you would think that if the IF branch doesn't kick off, the Else branch would. but nadda!! and no errors.

this is driving me mad.. hahahaha.. any thoughts?

While the built-in workflow activities can sometimes be quite useful, in this case if you really want to get the job done, why not just write a small Posh script that does the search and returns a value that you can check for your in IF-Then-Else.

Example:

# Check to see if the proposed new user name already exists

$UserData = get-aduser -identity $($Request.get("proposenameattribute"))

$CheckResult = $False

If ($UserData) {$CheckResult = $True}

# Return the search result to the workflow data context and check for it ("value generated by rule expression | value returned by script") in your If-Then-Else

$CheckResult

The If-Else which is testing the Search activity needs to be outside of the search scope.

Can you send a screenshot of the Workflow layout?

Thanks Terrance.. just didn't work.. I did put it outside of the search scope.. and it still didn't work. it only works if the search condition finds a value.

Thanks Johnny.. I think im going to run down this path.. however, I wanted to put the search results in the script.. which ive done before and it worked well. but here it does not. This is the Code I added.

function onInit($Request)

{

add-PSSnapin 'Quest.ActiveRoles.ADManagement' -ErrorAction SilentlyContinue

$UserName - $Workflow.FoundObject("Search for ADM Accounts").Get("samAccountName")

     $CheckResult = $False

     if($UserName){$CheckResult = $True}

$CheckResult

}

On the If-Else I did what you mentioned ("value generated by rule expression | value returned by script") and then I said "Equals" "False"

________________

So basically, if I don't find a user with that search condition.. create one.

$UserName - $Workflow.FoundObject("Search for ADM Accounts").Get("samAccountName")

Shouldn't that be an equals sign?

$UserName = $Workflow.FoundObject("Search for ADM Accounts").Get("samAccountName")

Oh Sorry.. I mistyped it.. I don't have access to copy and paste so I had to retype it. 

You are correct.. in my script it is an equals sign.

 but it doesn't work

add-PSSnapin 'Quest.ActiveRoles.ADManagement' -ErrorAction SilentlyContinue

You don't need this part, you aren't using the cmdlets here.

This is likely your problem:

Title: A PowerShell module with “$workflow.FoundObject (name)” works fine but fails to work in a 'If-Else' loop.
Solution: 210587
URL: https://support.oneidentity.com/kb/210587 

There is a product limitation, you cannot reference the $workflow global object in an script module within an If-Else conditional test.

ah.. I thought I was going crazy.. the article referenced was for 6.9.. has it not yet been addressed?