Hey, Is it at all possible for Active Roles to trigger off of a change made in the underlying Active Directory as opposed to within Active Roles itself? Scenario: A computer has BitLocker enabled and the keys are transferred to associated Active Directory computer object. When Active Roles detects that the computer object now has keys or those keys have been updated, a script is triggered to do some thing. I suspect this is not possible because when I check the Change Log in AR, there is no mention of keys being added to the computer object. I understand why this happens and didn't expect to see that in the AR logs, but I am just curious if there are any other methods for detecting something like this. Regards, Todd

This ask can be done in Active Roles in two ways: 1) Via a custom policy script. 2) Via a scheduled Automation Workflow. A custom policy script can be triggered by native changes if the associated policy is set to "Handle changes from DirSync control" For more information, see this solution: Title: Active Roles Provisioning Policies are only triggered by Active Roles clients Solution: 311680 URL: https://support.oneidentity.com/kb/311680 Although an Automation Workflow is not a "triggered change", the end result may be just about the same due to delays resulting from Active Directory replication.

Detect changes that occur in Active Directory (not AR) and trigger an action?

todd harrison over 3 years ago

Hey,

Is it at all possible for Active Roles to trigger off of a change made in the underlying Active Directory as opposed to within Active Roles itself?

Scenario:

A computer has BitLocker enabled and the keys are transferred to associated Active Directory computer object.
When Active Roles detects that the computer object now has keys or those keys have been updated, a script is triggered to do some thing.

I suspect this is not possible because when I check the Change Log in AR, there is no mention of keys being added to the computer object. I understand why this happens and didn't expect to see that in the AR logs, but I am just curious if there are any other methods for detecting something like this.

Regards,

Todd

Top Replies

Parents

0 Terrance.Crombie over 3 years ago

This ask can be done in Active Roles in two ways:

1) Via a custom policy script.

2) Via a scheduled Automation Workflow.

A custom policy script can be triggered by native changes if the associated policy is set to "Handle changes from DirSync control"

For more information, see this solution:

Title: Active Roles Provisioning Policies are only triggered by Active Roles clients

Solution: 311680

URL: https://support.oneidentity.com/kb/311680

Although an Automation Workflow is not a "triggered change", the end result may be just about the same due to delays resulting from Active Directory replication.
Cancel
Up +1 Down

Reply

Verify Answer

Reject Answer

Cancel

Reply

0 Terrance.Crombie over 3 years ago

This ask can be done in Active Roles in two ways:

1) Via a custom policy script.

2) Via a scheduled Automation Workflow.

A custom policy script can be triggered by native changes if the associated policy is set to "Handle changes from DirSync control"

For more information, see this solution:

Title: Active Roles Provisioning Policies are only triggered by Active Roles clients

Solution: 311680

URL: https://support.oneidentity.com/kb/311680

Although an Automation Workflow is not a "triggered change", the end result may be just about the same due to delays resulting from Active Directory replication.
Cancel
Up +1 Down

Reply

Verify Answer

Reject Answer

Cancel

Children

No Data

Endpoint Privilege Management

Detect changes that occur in Active Directory (not AR) and trigger an action?

Top Replies