• State Suggested Answer
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 62 subscribers
  • Views 2134 views
  • Users 0 members are here
Options
Related

Get current logged in user

kkm
over 2 years ago

Hello,

How to get current logged in user through custom script in ARS?

Thanks

  • 0 over 2 years ago

    The Initiator of the current transaction can be obtained thus:

    # This code could be executed by a workflow or embedded into a handler (e.g. onPostCreate) in a policy script

    $InitiatorSam = ""

    $InitiatorDistinguishedName = ""

    # This call will store the current user's SamAccountName and DistinguishedName in the variables initialized above

    $Request.Whoamii([ref]$InitiatorSam,[ref]$InitiatorDistinguishedName)

  • 0 over 2 years ago in reply to JohnnyQuest

    Thanks for reply.

    May be my question is not clear.

    I'm looking on which account the custom script is running?

    I've used below command in custom script and its returning the service account, is there any other cmdlet where we can fetch the account?

    $user = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name

    Thank you

  • 0 over 2 years ago in reply to kkm

    Are you talking about a custom script outside of Active Roles or inside of Active Roles?

    If the script is being executed in a script policy it will always be executed by the service account (unless you explicitly code it otherwise by loading credentials in your code - not ideal from a security point of view).

    For script activities embedded in workflows, these can be run as the service account OR the user that initiated the workflow.  This is a setting of the workflow itself.  Specifcally, if you look at the "Workflow Options and Start Conditions" of an Active Roles workflow, you will see an option in the lower left corner "Run As" options.

  • 0 over 2 years ago in reply to JohnnyQuest

    custom script inside Active Roles.

    I'm calling the custom script from the workflow script activity and I set the 'Run As' option to 'the user who initiated the workflow' but still the script running on the service account.

    Thanks

  • 0 over 2 years ago in reply to kkm

    All script modules will always execute under the security context of the Active Roles Service Account, by design. In order to execute an operation under a different security context, it will be necessary to retrieve a stored credential.

    WIthin the Active Roles SDK, the $DomainOverrideCredentials.Get method is documented. This method allows you to retrieve any credentials which are stored in a Managed Domain. If these credentials do not meet your needs, then you will need to use some other method to store and retrieve credentials. There are a number of options available.

    Feature 216497 has been tentatively requested and is hoped to appear in Active Roles 8.0. This feature will include a credential manager within Active Roles which can be used in custom scripts.