Archive | Active Directory

Show amount of AD Computers and Users with Orchestrator on webpage

This is a simple example on how you can use the “Write Web Page” to show how many computers and users there are in your Active Directory. I used a similar Runbook during a migration project when everybody wanted to get status of the migration. The example is based on three activities and will count computers and users and then add the number to a web page.

The Runbook looks like this.

Show amount of AD Computers and Users with Orchestrator on webpage1

The activity “Run .Net Script” is using commands to count computers and users in Active Directory. The activity then publishes the variables “comptot” and “usertot” to the databus. In the example below I am using the PowerShell module from Active Directory.

Show amount of AD Computers and Users with Orchestrator on webpage2

As for the next activity “Write Web Page” some parameters have been added.

Show amount of AD Computers and Users with Orchestrator on webpage3

The template file “index_template.html” that have been added is seen below.

Show amount of AD Computers and Users with Orchestrator on webpage4

The result when running this Runbook and opening the index.html looks like this.

Show amount of AD Computers and Users with Orchestrator on webpage5

0

Create AD User with Orchestrator by just using “Run .Net Script” activity and AD PowerShell module

I sometimes get the question if it is possible to use a PowerShell module in the out-of-the box activities in Orchestrator. The answer to the question is – yes off course. Just remember to deploy the module to every Runbook server that is going to run the Runbook that is using the module.

I will below show an example where I am creating an AD user by using the “Run .Net Script” activity in Orchestrator together with the “Active Directory module for Windows PowerShell” in Server 2008 R2.

This is a very easy Runbook that only will create an AD User.

Create AD User with Orchestrator by just using Run Net Script activity and AD PowerShell module1

The “Run .Net Script” activity looks like this.

Create AD User with Orchestrator by just using Run Net Script activity and AD PowerShell module2

Remember that the Runbook will execute under the Orchestrator Service account and therefore it will need rights to create the user, in this example. In the “Run .Net Scripts” activity it is not possible to execute the activity under an account other than the Runbook Service account.

Therefore I would recommend, when creating a user by PowerShell, to use an Orchestrator Integration Pack that can execute PowerShell with a user account that only have access to create AD users.

3

How to use Orchestrator to create a user in a seperate Active Directory

I received the question, is it possible to create a user in Active Direcotry (AD) other than the AD that Orchestrator belongs to when only reaching the other AD over IP number? I tried this with the “Active Directory Integration Pack for System Center 2012 – Orchestrator” and added the IP number to the configuration.

How to use Orchestrator to create a user in a seperate Active Directory1

When configured, I added a “Create User” activity and configured it to create a User in the second AD. This worked without problems. I also ran some other tests and they all worked fine. Below is some screenshots of the tests.

Create Computer, User and Group. Add Computer and User to Group

How to use Orchestrator to create a user in a seperate Active Directory2

Delete Computer, User and Group

How to use Orchestrator to create a user in a seperate Active Directory3

0

Log newly created AD Groups with Orchestrator

In the following Runbook example I log every newly created group in Active Directory. This can be useful if you have administrators that create groups and you need to keep track of which groups have been created during the day.

I will log the information in a database that will look like the Picture below. In the database every new AD Group will get the Status of New and all Groups that have been removed since last time the Runbook ran will have a NULL value. This makes it easy to pull reports on which Groups that have been created since last time the Runbook ran.

Log newly created AD Groups with Orchestrator3

Picture of the Runbook.

Log newly created AD Groups with Orchestrator2

 To try this out you will need to do the following.

Create the database with the following query.

Log newly created AD Groups with Orchestrator

Install Integration Pack “Active Direcrory” and “Orchestrator Integration Pack for PowerShell Script Execution 1.1”.

Import the Runbook and change every activity to fit your environment.

Download Runbook: Check for New Groups

0

Get AD Users with Orchestrator

This Runbook will get all Active Directory (AD) users from a specific Organizational Unit (OU) location and pass them forward in the Runbook.

To try this Runbook you need to install the Integration Pack (IP) “Orchestrator Integration Pack for PowerShell Script Execution 1.1” and enable WinRM on the Runbook server and the Domain Controller (DC) that you will execute the “Get AD Users” activity on.

This is the small Runbook that I will execute to get the Users from AD.

Get AD Users with Orchestrator2

The activity “Get AD Users” looks like the picture below and the input for PS Script 01, which gets the users, is:

Import-Module ActiveDirectory; Get-ADUser –Filter * -SearchBase “OU=LAB,DC=LAB,DC=INTRA” | Select-Object –expand SamAccountName

Get AD Users with Orchestrator1

1