Orchestration Pack for Microsoft Active Directory 1.0

The Orchestration Pack for Microsoft Active Directory mApp® Solution allows users to execute activities and commands in external systems that are typically done manually.

This is a Cherwell Labs mApp Solution. Functionality, testing, and documentation are limited or incomplete. Cherwell support is not provided for this mApp Solution, so install it at your own risk on a test environment before installing it on a production system.

Platform Version Requirements: Tested on CSM 8.0.0

Out-of-the-Box Content Version Requirements: Tested on CSM 8.0.0

Prerequisite Requirements: None


The Orchestration Pack for Microsoft Active Directory is only available for the CSM Desktop Client. This mApp Solution includes multiple features such as automation processes, and One-Step Actions that support the following commands: Get Account Info, Reset Password, Enable Account, Unlock Account, Clear Expiration, Set Expiration, Add Account to Group, List Group Members, Set Home Directory, Get Computer Info, Disable Computer Account, and Enable Computer Account.

Functionality requires initial configuration. The mApp Solution has two lookup tables for configuring the application:

  • Orchestration Pack AD Group: Populated with common Active Directory group names, which can be modified by the User through table management. This table is used to populate prompts for Add Account to Groups functionality.
  • Orchestration Pack Prompt: Two rows, specifying either 1 or 0 for Prompt for Credentials or Do Not Prompt for Credentials. This table is not populated through Table Management.

A series of Stored Values are used to pass parameters between Object-associated One-Step Actions and generic master One-Step Actions that contain PowerShell scripts. The One-Step Actions write the PowerShell scripts to temporary files, execute the files, and store the results in Stored Values for display and logging in the Journal – Integrations Audit file.

For SaaS Customers, the provided One-Step Actions do not work with the Automation Process Service unless the Automation Process Service is installed locally.

The table below shows:

  • Runbook: The name of the runbook. This is what the Users see in the menu bar or Task Pane.
  • Business Object Associations: These are the CSM Business Objects that the runbooks can be initiated from.
  • Description: What the runbook does.
Runbook Business Object Associations Description
Get Account Info Customer, Incident Displays summary of Active Directory Account settings.
Reset Password Customer, Incident Prompt user for new password, set password in account, set account to change password on next login.
Disable Account Customer, Incident Disables an AD user account
Enable Account Customer, Incident Enables an AD user account
Unlock Account Customer, Incident Unlocks an AD user account
Clear Expiration Customer, Incident Clears the expiration date set on an AD account
Set Expiration Customer, Incident Sets the expiration date of the account
Add Account to Group Customer, Incident Adds the current account to an AD group
List Group Members Customer, Incident Presents a list of all accounts that are members of the group
Get Computer Info CI, Incident Displays summary of AD Computer account settings
Disable Computer Account CI, Incident Disables the Computer account
Enable Computer Account CI, Incident Enables the Computer account

These runbooks can only be run via the CSM Desktop Client. The commands cannot be run from the Browser Client.

How the mApp Solution Works

CSM provides the Orchestration Pack for Microsoft Active Directory as a mApp Solution so that Users can easily incorporate Active Directory runbooks into their existing CSM system. Download the mApp Solution from the Cherwell mApp Exchange. Use the Apply mApp wizard to apply the mApp Solution to your CSM system. The Apply mApp wizard generates a Blueprint, which can then be viewed and published to a test or Live system to commit the changes.

The mApp Solution includes the following items:

Item Category Item Typical Merge Action

Business Object

Orchestration Pack AD Group, Orchestration Pack Credential Prompt, Journal - Integrations Audit Import
Config - Computer, Config - Server, Customer, Incident, Journal, Customer, Customer-Internal Don't Change
Image Definitions Windows 128x128, Windows 32x32, Windows 64x64 Import
One-Step Action Check Prereq, CI-Disable Computer Account, CI-Enable Computer Account, CI-Get Computer Info, CI-Server Disable Server Account, CI-Server Enable Server Account, CI-Server Get Server Info, Customer-Add Account to Group, Customer-Clear Account Expiration, Customer-Disable Account, Customer-Enable Account, Customer-Get Account Info, Customer-List Group Members, Customer-Reset Password, Customer-Set Account Expiration, Customer-Set Home directory, Customer Unlock Account, Incident-Clear Account Expiration, Incident-Disable Account, Incident-Disable Computer Account, Incident-Enable Account, Incident-Enable Computer Account, Incident-Get Account Info, Incident-Get Computer Info, Incident-List Group Members, Incident, Reset Password, Incident-Set Account Expiration, Incident-Set Home Directory,Incident-Unlock Account, Master-Add Account to Group, Master-Clear Account Expiration, Master-Disable Account, Master-Disable Computer Account, Master-Enable Account, Master-Enable Computer Account, Master-Get Account Info, Master-Get Account Info-Short, Master-Get Computer Info, Master-List Group Members, Master-Reset Password, Master-Set Account Expiration, Master-Set Home Directory, Master-Unlock Account, Set Credential Prompt Import
Stored Values OP Active Directory Credentials, OP Active Directory Parameter, OP Active Directory Parameter Options, OP Active Directory Prereq Check, OP Active Directory Result Details, OP Active Directory Run Results, OP Active Directory Version Import
Themes Professional Grey Don't Change

Merge Actions

  • Import: Add new item.
  • Overwrite: Replace target item.
  • Merge: Merge differences.
  • Don't Change: Referenced by the mApp Solution, but not altered in any way. The mApp Solution includes the definition for informational purposes only (the definition is not imported into the target system).

Related Reading

Apply the mApp Solution

To apply the mApp Solution, perform the following high-level steps:

  1. Review the recommendations and considerations for applying mApp Solutions. For more information, see Considerations for Applying mApp Solutions.
  2. Extract the mApp Solution .zip file to a location that can be accessed by CSM.
  3. In CSM Administrator, use the Apply mApp Wizard to apply the mApp Solution. For more information, see Apply a mApp Solution. Select the topic that matches your version of CSM.

Configure the mApp Solution

  1. Configure the Orchestration Pack for Microsoft Active Directory.

How to Use the mApp Solution