• State Not Answered
  • Replies 7 replies
  • Subscribers 38 subscribers
  • Views 9259 views
  • Users 0 members are here
Options
Related

PowerShell Custom Activity

frank.mueller
over 6 years ago

Hello,

i am new to password manager and are looking on an how to remove a user from a group during a workflow.

But how to know about the user that is currently running the workflow so that i can use, for example, the samaccountname for my script?

I tried the following but getting an error message in the log.

$username = $Request["Username"]

remove-adgroupmember "groupname" -member $username -confirm:$false

It seems to be, that the varialbe $username is empty.

Thanks

Frank

Parents
  • 0 over 6 years ago
    Hello Frank,

    I'm not sure if you have figured this out yet or not, but I wrote the following code snippet that adds a user to a group via a Password Manager customer workflow step. I'll provide the whole snippet for completeness and this customer used the ARS management shell, but calling any PowerShell command should be possible.

    The section of the code you might be interested in is $workflow.UserInfo.ID. This code works with the user's GUID and not samAccountName. The UserInfo class does have a GetSamAccountName Method, so if you needed to use this attribute, it should be fairly easy to get.

    #Load ARS Management Shell, which needs to be installed on PM server
    Add-PSSnapin Quest.ActiveRoles.ADManagement
    Connect-QADService -service arsserver -proxy
    #Obtain the user's GUID
    $userguid = $workflow.userinfo.id
    #Utilize ARS MgmtShell commands to remove user from PM NotRegistered group
    Remove-QADGroupMember -identity 'target\QPM_NotRegistered' -member $userguid
    #Add user to the PM Registered group
    Add-QADGroupMember -identity 'target\QPM_Registered' -member $userguid
Reply
  • 0 over 6 years ago
    Hello Frank,

    I'm not sure if you have figured this out yet or not, but I wrote the following code snippet that adds a user to a group via a Password Manager customer workflow step. I'll provide the whole snippet for completeness and this customer used the ARS management shell, but calling any PowerShell command should be possible.

    The section of the code you might be interested in is $workflow.UserInfo.ID. This code works with the user's GUID and not samAccountName. The UserInfo class does have a GetSamAccountName Method, so if you needed to use this attribute, it should be fairly easy to get.

    #Load ARS Management Shell, which needs to be installed on PM server
    Add-PSSnapin Quest.ActiveRoles.ADManagement
    Connect-QADService -service arsserver -proxy
    #Obtain the user's GUID
    $userguid = $workflow.userinfo.id
    #Utilize ARS MgmtShell commands to remove user from PM NotRegistered group
    Remove-QADGroupMember -identity 'target\QPM_NotRegistered' -member $userguid
    #Add user to the PM Registered group
    Add-QADGroupMember -identity 'target\QPM_Registered' -member $userguid
Children
No Data