Ivanti Automation powered by RES

Home 

Scenario: Add Active Directory users to Distribution Lists

Suppose you want to add a user in Active Directory to one or more Distribution Lists, based on user logon name and group membership. However, you are not sure that the user actually exists in Active Directory. Also, you want make any Task generic, so it can also be used for different users. To handle this situation, do the following:

  1. At Library > Modules, create two Modules, a Module Query User Properties and a Module Add User to DL_Group.
  2. The Module Query User Properties contains two Tasks Query Active Directory User and a Task Message Box.
  3. In the first Task Query Active Directory User, click the Settings tab and select Filter by OU and Include child organizational units.
  4. On the User Properties tab, add the following AD user properties: Folder, Name, Department, Member of and User logon name (pre-Windows 2000).
  5. On the Module Parameters tab, click AutoCreate > All.
  6. In addition to the automatically-created parameters, also create the parameters $[Department], $[UserLogonName] and $[MemberOf]:
    Evaluator example 2
  7. Configure an evaluator that defines that the Task should fail if the specified user does not exist in Active Directory. If the user exists, the parameter $[Department] should get the same value as the Active Directory user property Department:
    Evaluator example 2.2
  8. In the second Task Query Active Directory User, click the Settings tab and select Filter by OU and Include child organizational units.
  9. In the Domain field, specify the parameter $[Domain].
  10. In the Security context field, specify the parameter $[SecurityContext].
  11. In the Domain controller field, specify the parameter $[DomainController].
  12. In the Filter by OU field, specify the parameter $[FilterOU].
  13. On the User Properties tab, add the following AD user properties: Folder, Name, Department, Member of and User logon name (pre-Windows 2000).
  14. Configure an evaluator that defines that the Task should fail if the specified user does not exist in Active Directory. If the user exists, the parameter $[MemberOf] should get the same value as the Active Directory user property Member Of:
    Evaluator example 2.3
  15. In the Task Message Box, create a message with caption Query Active Directory Directory User (UserLogonName): $[UserLogonName] and message Department: $[Department], Member Of: $[MemberOf].
  16. In the Module Add User to DL_Group, add a Task Manage Active Directory User.
  17. On the Settings tab, specify the parameter $[Domain].
  18. In the Security context field, specify the parameter $[SecurityContext].
  19. In the Domain controller field, specify the parameter $[DomainController].
  20. Select Single User and specify the parameter $[UserLogonName] in the User logon name field.
  21. On the Member of tab, add the group DL_$[Department] with as action Add to group:
    Evaluator example 2.4
  22. At Library > Run Books, create a Run Book with three Run Book Jobs.
  23. In the first <RB Job, on the Properties tab, select the Module Query User Properties in the What field.
  24. Select Use Run Book Parameter and select the parameter $[RunBookWho].
  25. In the second <RB Job, on the Properties tab, select the Module Add User to DL_Group in the What field.
  26. Select Use Run Book Parameter and select the parameter $[RunBookWho].
  27. In the third <RB Job, on the Properties tab, select the Module Query User Properties in the What field.
  28. Select Use Run Book Parameter and select the parameter $[RunBookWho].
  29. On the Run Book Parameters tab of the Run Book, click AutoCreate and specify values that apply to your Ivanti Automation environment for the parameters $[FilterOU], $[Domain], $[DomainController] and $[SecurityContext]. For example:
    Evaluator example 2.5
  30. On the Links tab, AutoLink the Module parameters to the Run Book parameters with their default action Set initial value.
  31. Change the parameter link action for the parameter $[Department] for the first link to Get initial value:
    Evaluator example 2.6
  32. After configuring the <RB, schedule a Job with it. On the Job Parameters tab, specify the user logon name of the user whose settings you want to change and specify which Agent should execute the Task.

When the Run Book is executed, a message box shows the logon name of the user, which department the user belongs to, and to which Distribution Lists the user has been added:

Evaluator example 2.7


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other