This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Possible to add a reason / justification for a request / workflow using PowerShell and Add-QADGroupMember?

Hello all,

Recently, we have implemented Workflows into ARS and I am trying to make sure that I can still automate certain processes. Currently, I am working with a security group that has a workflow implemented which sends an email to an approver which can then approve or deny a request to add or remove members from that security group.

What I have seen in the Active Roles MMC console, is that if you try to add or remove someone from the security group with the workflow implemented, it will prompt you for a reason why you need to make the change and then email the approves.

What I have seen in my initial testing is that when I make a change to the group using PowerShell, it will notify me that a workflow was created but will not ask me to enter in a reason, so when the email is submitted to the approvers, it will not contain a valid justification which the approver will then deny.

I thought PowerShell may attempt to prompt similarly to the MMC console and request a reason, but that is not the case... What I would like to be able to do is send the PowerShell command to the security group but send it with a reason into the workflow so that the approves are emailed with that reason. 

I looked at the security groups attributes and did not find anything on sending a workflow reason in with the Add-QADGroupMember command, and I also did not see anything in the workflow "QARSApprovalTask" commands when looking up the workflow ID so I'm at a roadblock.

Current command:

Add-QADGroupMember -Identity "Domain\SecurityGroup" -Member "Domain\$LoginID" -Proxy  | Out-Null

Is it possible to send the reason / justification via PowerShell when adding someone to a workflow-enabled group?

Thank you!

Jacob.