Export Synchronization Service workflow output to CSV file

We are creating multiple accounts through Synchronization Service workflow. Once accounts are created, we need a extract of the generated userlogonname and password to be able to send to requestor.

Is there a way to output the same through step handler to run a powershell and generate a file with the userlogonname & password. We have rules set which creates a unique pattern of password when triggered.

I know that I can click on the numbers and a grey window will pop up detailing the changes that would be made were I to hit commit on the workflow. I'm wondering if there is a way to get the data that is displayed in this window out to a CSV?

Parents
  • For what it's worth, if the connector that you happening to be using for your destination system is the Active Roles connector, then you could create a scripted policy or workflow in there to capture passwords, rather than in the Sync Service itself.

    Also, on another note, you can technically capture the attributes that are populated by the Sync Service during provisioning - however the edsaPassword attribute is encrypted, and I've not been able to decrypt (possibly by design - I don't know that this value is stored as reversibly encrypted).

    Here is a very rudimentary sample showing that you can actually extract the details from the workflow run history:

    $runId = "163"
    $qcSyncHistMgr = $qcService.CreateSyncHistoryManager()
    $qcWorkflowStepRunSummaries = $qcSyncHistMgr.GetWorkflowStepRunSummaries($runId)
    $qcWorkflowStepRunDetailsProvider = $qcSyncHistMgr.GetWorkflowStepRunDetails($qcWorkflowStepRunSummaries.Current)
    
    foreach ($successOperation in ($qcWorkflowStepRunDetailsProvider.GetSuccessOperations())) {
        $successOperation.Operation.CreateRequest.Name
        foreach ($attribute in $successOperation.Operation.CreateRequest.Attributes) {
                $attribute.Name + ": " + $attribute.Values
        }
        [System.Environment]::NewLine
    }

    This produces results that look like this:

Reply
  • For what it's worth, if the connector that you happening to be using for your destination system is the Active Roles connector, then you could create a scripted policy or workflow in there to capture passwords, rather than in the Sync Service itself.

    Also, on another note, you can technically capture the attributes that are populated by the Sync Service during provisioning - however the edsaPassword attribute is encrypted, and I've not been able to decrypt (possibly by design - I don't know that this value is stored as reversibly encrypted).

    Here is a very rudimentary sample showing that you can actually extract the details from the workflow run history:

    $runId = "163"
    $qcSyncHistMgr = $qcService.CreateSyncHistoryManager()
    $qcWorkflowStepRunSummaries = $qcSyncHistMgr.GetWorkflowStepRunSummaries($runId)
    $qcWorkflowStepRunDetailsProvider = $qcSyncHistMgr.GetWorkflowStepRunDetails($qcWorkflowStepRunSummaries.Current)
    
    foreach ($successOperation in ($qcWorkflowStepRunDetailsProvider.GetSuccessOperations())) {
        $successOperation.Operation.CreateRequest.Name
        foreach ($attribute in $successOperation.Operation.CreateRequest.Attributes) {
                $attribute.Name + ": " + $attribute.Values
        }
        [System.Environment]::NewLine
    }

    This produces results that look like this:

Children
No Data