• State Verified Answer
  • Replies 3 replies
  • Subscribers 66 subscribers
  • Views 1562 views
  • Users 0 members are here
Options
Related

retrieve PowerShell command in web interface

yosefc

I have script in workflow to check LAPS password from ms-Mcs-AdmPwd and send it to initiator mail,
The workflow in WI task. it's possible to retrieve the password to Web Interface and not to mail?

Top Replies

  • +2 verified

    Hi  

    Yes, there are a couple of ways of doing this, but the easiest for POC would be to use a policy script

    The example below has two functions, 

     * Get-LAPS would be the function where you write…

Parents
  • 0

    Hi  

    A good starting point might be the below Policy Script, it is using the "OnGetEffectivePolicy" event handler, to populate a virtual attribute (in my case) with the value retrieves from another function (which you could replace with a function to retrieve your actual LAP Password.. In my case it always returns "Some Value"

    The script checks the request is for a computer object, before setting the effective policy on the objects $AttributeNAme to be server side  generated, automatically generated, then finally setting the value of the column

    function Get-LAPS($Request)
{
    return "Some value"
}

function onGetEffectivePolicy($Request)
{
    $AttributeName = "edsvaLAPS"
    
    # If the object class is not a computer object, stop
    if ($Request.Class -ne "computer")
    {
        return
    }

    $EventLog.ReportEvent($Constants.EDS_EVENTLOG_INFORMATION_TYPE, "Is a $($Request.class) object")
    
    # Mark Attribute as server-side generated,
    $Request.SetEffectivePolicyInfo($AttributeName, $Constants.EDS_EPI_UI_SERVER_SIDE_GENERATED, $true)
    $Request.SetEffectivePolicyInfo($AttributeName, $Constants.EDS_EPI_UI_AUTO_GENERATED, $true)

    $Password = Get-LAPS $Request

    $Request.SetEffectivePolicyInfo($AttributeName,$Constants.EDS_EPI_UI_GENERATED_VALUE,$Password)
    $EventLog.ReportEvent($Constants.EDS_EVENTLOG_INFORMATION_TYPE, "Attribute set")

}

    Clicking the generate (or lightening bolt) button will then display whatever the script returns

    However, if you don't want the retrieved value to get written back to the VA permantely, you'll either need to remove it from the request via workflow, or in the script onPreModify/OnPreCreate etc

Reply
  • 0

    Hi  

    A good starting point might be the below Policy Script, it is using the "OnGetEffectivePolicy" event handler, to populate a virtual attribute (in my case) with the value retrieves from another function (which you could replace with a function to retrieve your actual LAP Password.. In my case it always returns "Some Value"

    The script checks the request is for a computer object, before setting the effective policy on the objects $AttributeNAme to be server side  generated, automatically generated, then finally setting the value of the column

    function Get-LAPS($Request)
{
    return "Some value"
}

function onGetEffectivePolicy($Request)
{
    $AttributeName = "edsvaLAPS"
    
    # If the object class is not a computer object, stop
    if ($Request.Class -ne "computer")
    {
        return
    }

    $EventLog.ReportEvent($Constants.EDS_EVENTLOG_INFORMATION_TYPE, "Is a $($Request.class) object")
    
    # Mark Attribute as server-side generated,
    $Request.SetEffectivePolicyInfo($AttributeName, $Constants.EDS_EPI_UI_SERVER_SIDE_GENERATED, $true)
    $Request.SetEffectivePolicyInfo($AttributeName, $Constants.EDS_EPI_UI_AUTO_GENERATED, $true)

    $Password = Get-LAPS $Request

    $Request.SetEffectivePolicyInfo($AttributeName,$Constants.EDS_EPI_UI_GENERATED_VALUE,$Password)
    $EventLog.ReportEvent($Constants.EDS_EVENTLOG_INFORMATION_TYPE, "Attribute set")

}

    Clicking the generate (or lightening bolt) button will then display whatever the script returns

    However, if you don't want the retrieved value to get written back to the VA permantely, you'll either need to remove it from the request via workflow, or in the script onPreModify/OnPreCreate etc

Children
No Data