• State Verified Answer
  • Replies 5 replies
  • Subscribers 65 subscribers
  • Views 432 views
  • Users 0 members are here
Options
Related

Export Synchronization Service workflow output to CSV file

Megha Paul
1 month ago

We are creating multiple accounts through Synchronization Service workflow. Once accounts are created, we need a extract of the generated userlogonname and password to be able to send to requestor.

Is there a way to output the same through step handler to run a powershell and generate a file with the userlogonname & password. We have rules set which creates a unique pattern of password when triggered.

I know that I can click on the numbers and a grey window will pop up detailing the changes that would be made were I to hit commit on the workflow. I'm wondering if there is a way to get the data that is displayed in this window out to a CSV?

Parents
  • 0 1 month ago

    For what it's worth, if the connector that you happening to be using for your destination system is the Active Roles connector, then you could create a scripted policy or workflow in there to capture passwords, rather than in the Sync Service itself.

    Also, on another note, you can technically capture the attributes that are populated by the Sync Service during provisioning - however the edsaPassword attribute is encrypted, and I've not been able to decrypt (possibly by design - I don't know that this value is stored as reversibly encrypted).

    Here is a very rudimentary sample showing that you can actually extract the details from the workflow run history:

    $runId = "163"
$qcSyncHistMgr = $qcService.CreateSyncHistoryManager()
$qcWorkflowStepRunSummaries = $qcSyncHistMgr.GetWorkflowStepRunSummaries($runId)
$qcWorkflowStepRunDetailsProvider = $qcSyncHistMgr.GetWorkflowStepRunDetails($qcWorkflowStepRunSummaries.Current)

foreach ($successOperation in ($qcWorkflowStepRunDetailsProvider.GetSuccessOperations())) {
    $successOperation.Operation.CreateRequest.Name
    foreach ($attribute in $successOperation.Operation.CreateRequest.Attributes) {
            $attribute.Name + ": " + $attribute.Values
    }
    [System.Environment]::NewLine
}

    This produces results that look like this:

Reply
  • 0 1 month ago

    For what it's worth, if the connector that you happening to be using for your destination system is the Active Roles connector, then you could create a scripted policy or workflow in there to capture passwords, rather than in the Sync Service itself.

    Also, on another note, you can technically capture the attributes that are populated by the Sync Service during provisioning - however the edsaPassword attribute is encrypted, and I've not been able to decrypt (possibly by design - I don't know that this value is stored as reversibly encrypted).

    Here is a very rudimentary sample showing that you can actually extract the details from the workflow run history:

    $runId = "163"
$qcSyncHistMgr = $qcService.CreateSyncHistoryManager()
$qcWorkflowStepRunSummaries = $qcSyncHistMgr.GetWorkflowStepRunSummaries($runId)
$qcWorkflowStepRunDetailsProvider = $qcSyncHistMgr.GetWorkflowStepRunDetails($qcWorkflowStepRunSummaries.Current)

foreach ($successOperation in ($qcWorkflowStepRunDetailsProvider.GetSuccessOperations())) {
    $successOperation.Operation.CreateRequest.Name
    foreach ($attribute in $successOperation.Operation.CreateRequest.Attributes) {
            $attribute.Name + ": " + $attribute.Values
    }
    [System.Environment]::NewLine
}

    This produces results that look like this:

Children
No Data