• State Suggested Answer
  • Replies 16 replies
  • Answers 1 answer
  • Subscribers 63 subscribers
  • Views 13574 views
  • Users 0 members are here
Options
Related

Synchronization Service - Step Handlers

todd harrison
over 4 years ago

Hi,

We just recently implemented the Active Roles Synchronization Service in our organization to aid in employee onboarding.

I am wondering what the "Step Handlers" can be used for? The documentation says the following:

"Sync workflow step handlers allow you to automatically perform custom actions either before running a workflow step or after the workflow step run results have been committed (written) to the data system. Out of the box, Synchronization Service includes a single predefined handler type that can automatically execute your custom PowerShell script and thus perform the desired action."

 

I was hoping to be able to use this to read the data collected from our HR software, check a specific attribute we are receiving from that system, and if it is set to a specific value, trigger an alert.

I tried using the $Srcobj hash table that is detailed in the documentation, but this appears to be only be available in the "Creation Rules".

Is there a way to reference objects in the source location from scripts running in the "Step Handlers" step?

 

Cheers

  • 0 over 4 years ago in reply to todd harrison

    Todd,

    You can use "$dstObj" to reference the target object. For example:

    $dstObj["DisplayName"]

  • 0 over 4 years ago in reply to Terrance.Crombie

    Hi Terrance,

    Thank you!

    Can you reference any target object attribute? Or only attributes that are set to be synced?

  • 0 over 4 years ago in reply to todd harrison

    I'm pretty sure the attribute has to be "mapped" in the workflow step if you want to reference it via the $DstObj hash table.

  • 0 over 4 years ago in reply to JohnnyQuest

    Hey, 

    So I tested this out, it appears to be able to reference any attribute, not just ones set for synchronization.

    I tested with the deprovision status attribute. I queried for it's value and was able to send an email based on it's value.

    This is really handy for our case!

  • 0 over 4 years ago

    Just as a follow up to this, 's response resolved our issue. From his sample script I was able to craft my own.

    I can definitely recommend this is a good solution.

  • 0 over 1 year ago in reply to JohnnyQuest

    Hello everyone from Rainy California !.  Great information on this discussion.  I have a similar but different scenario and I am trying to determine if ARSS can perform the task.  Here is the overview.

    We currently Sync users from AD to Azure AD and M365 using the connectors.  When new users are created by a provision workflow step, I then need to run afterwards, a completely separate few lines of Azure AD powershell against each created user.  I am not sure if this can be done by trying to use the $destObj and if so, where to place this code to run it.  Any advice or links to samples or information would be great if you have any ideas.

    I was trying to find more examples on Step Handlers as a post step.  I was also not sure if each of the 3 lines of pshell below need to be a separate step in the step handler, or just 1 step with all the code together.  I guess I'm just trying to sort out what, where,. how.

    Here is the detail:

    Users source from Active Directory

    1.  Run a workflow step that provisions new users in the destination (Azure AD)

    Each user has a unique 8 character ID that we place to the left of the @ sign on the UPN

    Each users email address is included when the user is created.

    I was thinking that variable to get the UPN and Mail by $destObj but not sure how or where to try it.

    2.  Once the Azure AD user is created, I need to run this code.  However, I am not sure how or where to try and run it within ARSS steps, handlers, etc.

    Example of 1 user: 37579337@example.onmicrosoft.com

    #STEP 1: Set Variable to collect the existing Azure AD user.
    $ADGraphUser = Get-AzureADUser -objectID 37579337@example.onmicrosoft.com

    #STEP 2: Set Variable for msgraph
    $msGraphUser = New-Object Microsoft.Open.MSGraph.Model.User -ArgumentList $ADGraphUser.ObjectId

    #STEP 3: convert member to external member
    New-AzureADMSInvitation -InvitedUserEmailAddress Danny.Ocean11@example.com -SendInvitationMessage $False -InviteRedirectUrl http://myapps.microsoft.com -InvitedUser $msGraphUser

    Any thoughts or advice would be much appreciated.  Thank you for your time.