workflow trigger not an Active Roles operation

I often use Managed Units to dynamically group together objects into sort of a "queue" to be acted upon by scheduled Automation Workflows.

Try creating a Managed Unit (MU) to collect together the objects meeting your required criteria - the membership rule of the MU is where you will define your criteria - e.g. Operating System contains Windows 11.  Then from a script-based enumeration point of view, you just treat the Managed Unit as a "-SearchRoot" just as you would an OU.

Here's a snippet to give you an idea of how this might work

Get-QADComputer -proxy -SearchRoot <DN of Managed Unit> | foreach {

# Do something with each of the computers returned from the Managed unit enumeration

# Optionally clear your "queueing" attribute (see below)

}

If your script already alters one of your criteria attributes then the processed objects should just "fall out" of your Managed Unit.  If not, then I often use a Virtual attribute to "queue" objects and then clear it at the end of my script to drop the processed objects out of my "queue" Managed Unit.

'Hope this helps.

Hi,

Thanks very much, I didn't think of using Managed Units, I've only used those for basic reporting and delegating Access templates.  I'm new to using automated workflows so please forgive my potentially daft question; how do I get them to run?  I've created an automated workflow with the same if-else makeup as before, and a managed unit.  I tested your powershell line on the server's management shell and it works fine so I put it in as the parameter script with the function premove but the Run Workflow button doesn't become clickable so I must've set up the starting conditions wrong. I tried putting it in the initialization script bit as well but that didn't help.  Is there an idiot's guide to setting up automated workflows anywhere?

I've got the MU set up in a way that looks in the Windows 10 OU so as you say, once the workflow has run the machine will be moved into the Windows 11 OU and therefore drop out of the MU.  

Thanks again for your help so far.

C

Hi charleneforbes 

For a non-scripted option, you could use a workflow, with a series of Search Activity steps. The below is a collection of "Search", "If/Else" and "Move" activity steps.

Where in an automation workflow you'd

1. Search for a list of all your workstation OUs starting at Domain\Workstations (in my case, I'd have "Domain\Workstations\Windows 11" and "Domain\Workstations\Windows 10"), then for each OU found 
   1. Search for all workstation contained directly in the current found OU
      1. Then check if the Workstation is in the correct OU, by comparing the Found object "Get Workstation OUs"'s description value to the current workstations operatingSystem property
      2. If it does match, I move on and check the next workstation (1a)
      3. If it does not match, I search for an new OU under "Domain\Workstations"
         1. If an OU is found where the description matches the workstations listed Operation System, I move the object to that OU...

You could also play around with the search task for 1a, to only return computers that dont match the description, as the method above would check every workstation, including the ones in the correct OUs, which for large environments may take a while. Also bear in mind, in this example you'd need to ensure an OU exists with a description for each possible value of Operating System in your environment, otherwise the computer would be left where it was.

Alternatively, as JohnnyQuest suggests you could use MU's, and a script module to do the changes, and move according to which ever business rules you need.

Four ways to start them:

1) Go to the workflow in the Active Roles MMC and run it

2) Go to the workflow in the Active Roles Web UI and run it (you can delegate this too if you want using Access Templates)

3) In the properties of the workflow, setup a schedule for the workflow to run however often you like

4) To launch it programmatically on demand, stamp the virtual attribute edsvaStartWorkflow of the Workflow to TRUE using PoSh (Set-QADObject -proxy -identity <Workflow DN>) -ObjectAttributes @{edsvaStartWorkflow=TRUE}

The code I provided you should be added into a Policy Script and then that should be added to your workflow included in a script Activity.

 Stu.Pollock 's suggested approach is indeed a good one if your use cases around  the If /Then logic and what needs to be done with / to your computers are fairly simple.

To elaborate on my Policy Script point above...here's how the actual policy script might look:

Function MoveMyComputersAround ($Request)

{

Get-QADComputer -proxy -SearchRoot <DN of Managed Unit> | foreach {

# Do something with each of the computers returned from the Managed unit enumeration

# Optionally clear your "queueing" attribute (see below)

}

} # End of function

When configuring your Script Activity within the workflow to launch your script, you would specify MoveMyComputersAround as the name of the function to run in the selected script.

Hi,

Thanks very much for your reply.  I've got something like your first screenshot except probably a little simpler, where the if-else are on one level.  Our corporate machines are names DPCxxx, LPCxxx and TABxxx depending on their type, so anything starting that gets moved into the W11 Corp\ Desktop, Laptop and Tablet OUs.  Then for the school ones, which all have a code per school on them rather than named by the type of machine, I look at the parent OU and move them into W11 Schools\Laptops, Desktops or tablets, if that makes sense.  When I used the description field changing as the trigger to run tests it worked perfectly.  The action works fine when I use a simple trigger like changing the description, it's getting it to use the OperatingSystem changing as the trigger instead I'm struggling with because that isn't changed by Active Roles itself.  I'll try using your get method and let you know how I get on, or stick to the MU version, which is working as a collection method, I just need to figure out how to start it.  I thought as long as Allow workflwo to be manually triggered was ticked I could run it using the Run workflow button any time I wanted but that's greyed out at the moment.

Ta

Charlene

Hi,

I've got a combination of your suggestions going, creating a Managed Unit to identify the machines I want to move and the search step to look in the Managed Unit but the Run Workflow is still greyed out.  I can create the exact same workflow with an automatic trigger (I used the description changing) and it works fine but my on demand one won't run, either on a schedule or on demand and I'm a bit stuck.  I raised it with support and they've recommended asking here.  Has anyone ever come across this before please? I'd add a screenshot but I don't see a way to add an image, only a URL to one.

Thanks again for all your help so far, I'm sooooo close. 

You say you have a search step to look in the Managed Unit but you didn't mention if you have any Activity(ies) below the search step that will act upon the objects found by the search step?

Secondly, have you tried right clicking your Workflow in the left pane of the MMC and running it that way?

Hi,

Thanks for the reply. once the search is run it gets the DN then there is a group of if-else activities that look at the name of the machine and move it accordingly. e.g. if the DN starts LPCxxx it gets moved to Corporate Laptops and if the DN starts BHSxxx (one of our schools) it looks at the Parent OU to identify whether it's a desktop or laptop and moves it to School Laptops/Desktops.

There is no run option in the left hand pane of my mmc.  I don't know if it's a bug with our installation (7.5.0) or if I've done something wrong.  All I've done in the options and start conditions is set the schedule so I don't know if I've just missed something in the parameters and script bits, although in my first attempt I tried adding the DN parameter it uses after the search and get the MMC contents with the script initialization and it didn't make any difference, and looking at the other comments that was wrong anyway.  Sorry if that's me being daft, I've only ever used change workflows before. 

Thanks

Charlene