• State Suggested Answer
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 62 subscribers
  • Views 1479 views
  • Users 0 members are here
Options
Related

Trigger Workflow on Computer Domain Join

todd harrison
over 1 year ago

Hi,

*Disclaimer* I am still really new to workflows, so I apologize if this is a stupid question or has been answered already.

I am in the very early stages on designing a workflow that would modify a virtual attribute on computer objects with a value that would then be used to update information in another system.

I believe I have figured out how to trigger the workflow if the computer object is moved to a different OU.

I am struggling a bit with how to trigger the worklfow when a computer is joined to the domain. The majority of our domain joins happen during our OS deployments automatically.

The domain joins happen directly against AD.

When I check recently joined computers, ARS doesn't show the account as being "Created", which makes sense.

Would there be another way of triggering the workflow on a newly domain joined computer? Maybe I could do it based on create date of the object itself?

Cheers,

Todd

Parents
  • 0 over 1 year ago

    I would create a virtual attribute that would tell you if the computer account has been "seen" by Active Roles.  

    Then create an Automation workflow that containing a Search activity.  The workflow can be scheduled to search for computer accounts (in a specific location - probably the Computers container) where this attribute is not populated.

    (If the Computers container is not practical, then you could also create a Managed Unit that would hold computers from various OU('s) you specify) that are missing your "seen" virtual attribute

    The workflow would modify the "seen" attribute and make whatever other changes are needed using an Update Activity.

    References:

    Automation Workflow

    Search Activity


    Managed Unit

  • 0 over 1 year ago in reply to JohnnyQuest

    That is a very creative solution.

    I guess this "seen" attribute could just a simple "TRUE/FALSE"? Assuming I don't intend to do anything else with it.

    And yeah, the Computer OU would probably not work for us since when we do domain joins during provisioning the computers go directly into their respective OU. Computers will only end up in the default Computers OU if we do a manual disjoin/delete/rejoin.

    Although, talking about it now, I see how I could even change that and us a workflow to move computer accounts based on their name.

    I may do this anyway to move computers out of that OU in the event someone forgets to move the computer account.

    Thank you  for the great suggestion as usual!

    Cheers

  • 0 over 1 year ago in reply to todd harrison

    'Glad I could help you get the wheels turning in the right direction. Relaxed

Reply Children
No Data