Orchestration Pack for Microsoft Active Directory 1.0
The Orchestration Pack for Microsoft Active Directory mApp® Solution allows users to execute activities and commands in external systems that are typically done manually.
This is a Cherwell Labs mApp Solution. Functionality, testing, and documentation are limited or incomplete. Cherwell support is not provided for this mApp Solution, so install it at your own risk on a test environment before installing it on a production system.
Platform Version Requirements: Tested on CSM 8.0.0
Out-of-the-Box Content Version Requirements: Tested on CSM 8.0.0
Prerequisite Requirements: None
The Orchestration Pack for Microsoft Active Directory is only available for the CSM Desktop Client. This mApp Solution includes multiple features such as automation processes, and One-Step Actions that support the following commands: Get Account Info, Reset Password, Enable Account, Unlock Account, Clear Expiration, Set Expiration, Add Account to Group, List Group Members, Set Home Directory, Get Computer Info, Disable Computer Account, and Enable Computer Account.
Functionality requires initial configuration. The mApp Solution has two lookup tables for configuring the application:
- Orchestration Pack AD Group: Populated with common Active Directory group names, which can be modified by the User through table management. This table is used to populate prompts for Add Account to Groups functionality.
- Orchestration Pack Prompt: Two rows, specifying either 1 or 0 for Prompt for Credentials or Do Not Prompt for Credentials. This table is not populated through Table Management.
A series of Stored Values are used to pass parameters between Object-associated One-Step Actions and generic master One-Step Actions that contain PowerShell scripts. The One-Step Actions write the PowerShell scripts to temporary files, execute the files, and store the results in Stored Values for display and logging in the Journal – Integrations Audit file.
For SaaS Customers, the provided One-Step Actions do not work with the Automation Process Service unless the Automation Process Service is installed locally.
The table below shows:
- Runbook: The name of the runbook. This is what the Users see in the menu bar or Task Pane.
- Business Object Associations: These are the CSM Business Objects that the runbooks can be initiated from.
- Description: What the runbook does.
|Runbook||Business Object Associations||Description|
|Get Account Info||Customer, Incident||Displays summary of Active Directory Account settings.|
|Reset Password||Customer, Incident||Prompt user for new password, set password in account, set account to change password on next login.|
|Disable Account||Customer, Incident||Disables an AD user account|
|Enable Account||Customer, Incident||Enables an AD user account|
|Unlock Account||Customer, Incident||Unlocks an AD user account|
|Clear Expiration||Customer, Incident||Clears the expiration date set on an AD account|
|Set Expiration||Customer, Incident||Sets the expiration date of the account|
|Add Account to Group||Customer, Incident||Adds the current account to an AD group|
|List Group Members||Customer, Incident||Presents a list of all accounts that are members of the group|
|Get Computer Info||CI, Incident||Displays summary of AD Computer account settings|
|Disable Computer Account||CI, Incident||Disables the Computer account|
|Enable Computer Account||CI, Incident||Enables the Computer account|
These runbooks can only be run via the CSM Desktop Client. The commands cannot be run from the Browser Client.
How the mApp Solution Works
CSM provides the Orchestration Pack for Microsoft Active Directory as a mApp Solution so that Users can easily incorporate Active Directory runbooks into their existing CSM system. Download the mApp Solution from the Cherwell mApp Exchange. Use the Apply mApp wizard to apply the mApp Solution to your CSM system. The Apply mApp wizard generates a Blueprint, which can then be viewed and published to a test or Live system to commit the changes.
The mApp Solution includes the following items:
|Item Category||Item||Typical Merge Action|
|Orchestration Pack AD Group, Orchestration Pack Credential Prompt, Journal - Integrations Audit||Import|
|Config - Computer, Config - Server, Customer, Incident, Journal, Customer, Customer-Internal||Don't Change|
|Image Definitions||Windows 128x128, Windows 32x32, Windows 64x64||Import|
|One-Step Action||Check Prereq, CI-Disable Computer Account, CI-Enable Computer Account, CI-Get Computer Info, CI-Server Disable Server Account, CI-Server Enable Server Account, CI-Server Get Server Info, Customer-Add Account to Group, Customer-Clear Account Expiration, Customer-Disable Account, Customer-Enable Account, Customer-Get Account Info, Customer-List Group Members, Customer-Reset Password, Customer-Set Account Expiration, Customer-Set Home directory, Customer Unlock Account, Incident-Clear Account Expiration, Incident-Disable Account, Incident-Disable Computer Account, Incident-Enable Account, Incident-Enable Computer Account, Incident-Get Account Info, Incident-Get Computer Info, Incident-List Group Members, Incident, Reset Password, Incident-Set Account Expiration, Incident-Set Home Directory,Incident-Unlock Account, Master-Add Account to Group, Master-Clear Account Expiration, Master-Disable Account, Master-Disable Computer Account, Master-Enable Account, Master-Enable Computer Account, Master-Get Account Info, Master-Get Account Info-Short, Master-Get Computer Info, Master-List Group Members, Master-Reset Password, Master-Set Account Expiration, Master-Set Home Directory, Master-Unlock Account, Set Credential Prompt||Import|
|Stored Values||OP Active Directory Credentials, OP Active Directory Parameter, OP Active Directory Parameter Options, OP Active Directory Prereq Check, OP Active Directory Result Details, OP Active Directory Run Results, OP Active Directory Version||Import|
|Themes||Professional Grey||Don't Change|
- Import: Add new item.
- Overwrite: Replace target item.
- Merge: Merge differences.
- Don't Change: Referenced by the mApp Solution, but not altered in any way. The mApp Solution includes the definition for informational purposes only (the definition is not imported into the target system).
Apply the mApp Solution
To apply the mApp Solution, perform the following high-level steps:
- Review the recommendations and considerations for applying mApp Solutions. For more information, see Considerations for Applying mApp Solutions.
- Extract the mApp Solution .zip file to a location that can be accessed by CSM.
- In CSM Administrator, use the Apply mApp Wizard to apply the mApp Solution. For more information, see Apply a mApp Solution. Select the topic that matches your version of CSM.