none
Request Offerings: Token: Portal User Name

    Question

  • Hi all,

    I have a question about the Service Manager 2012 Token: Portal User Name in Request Offerings.

    Is there a way to filter information that this provides:

    I wish to use this information like Travis has in one of his demos, where he places the user information in the description of an SR and then uses Orchestrator to insert this into a powershell script.

    Currently what gets inserted into the Description field is domain\username where I want the username only. Some AD Powershell commands will not accept the domain\username format and fail to find the user in AD.

    example of this would be

    add-adgroupmember

    Any ideas?

    thanks

    Jason

    Wednesday, February 29, 2012 12:37 AM

Answers

  • Two groups showing up is a bug in the RC version of the SCSM integration pack.  This has been fixed for the RTM version.

    Travis Wright Senior Program Manager Microsoft

    Wednesday, March 07, 2012 8:44 PM
    Owner

All replies

  • You can remove DOmain substring with powershell before process it.

    http://www.scsmsolutions.com/ freemanru (at) gmail (dot) com

    Wednesday, February 29, 2012 7:57 AM
    Moderator
  • Thanks Anton,

    Any suggestions as to how I could do this?

    I'd love to know how Travis does this in one of his demos. His powershell script doesn't truncate the domain.. He does it before the information reaches the Description field in the SR..


    Powershell script looks like this

    $pass = ConvertTo-SecureString -AsPlainText -Force -String <password>

    $cred= new-object -typename System.Management.Automation.PSCredential -argumentlist administrator, $pass

    Add-ADGroupMember -identity "{User Name from "Get Group Object"}" -Members "{Description from "Get Service Request"}"

    thanks

    Jason

    Wednesday, February 29, 2012 8:26 AM
  • Which exact version of the SCSM12 do you use?

    http://www.scsmsolutions.com/ freemanru (at) gmail (dot) com

    Wednesday, February 29, 2012 8:31 AM
    Moderator
  • I'm using the RC versions of both SCSM and Orchestrator
    Wednesday, February 29, 2012 8:36 AM
  • Currently I'm try to figure 'cause I'm not sure but I think what in SCSM2012 beta that token return only username.

    About powershell you can do it like this:

    $full = "DOMAIN\username"
    $username = $full.Split("\")[1]


    http://www.scsmsolutions.com/ freemanru (at) gmail (dot) com

    Wednesday, February 29, 2012 7:23 PM
    Moderator
  • Thanks Anton, I've modified the script, the .Net script fails in Orchestrator, however works perfectly fine when I run this through powershell.. Somethings definitely odd.

    I note in Travis' video: http://blogs.technet.com/b/servicemanager/archive/2011/11/10/demo-automating-service-request-fulfillment-from-the-scsm-service-catalog-with-orchestrator-real-world-examples.aspx.

    Going by the colour scheme, definitely the beta...

    This is what I've got in Orchestrator:

    I suspect the second message exists because of the first failure.

    The credentials being used in the powershell script is a domain admin..

    The power shell script looks like this:

    Import-Module ActiveDirectory
    $pass = ConvertTo-SecureString -AsPlainText -Force -String P@ssw0rd
    $cred= new-object -typename System.Management.Automation.PSCredential -argumentlist demo\administrator, $pass
    $description = "{Description from "Get Service Request"}"
    $username=$description.Split("\")[1]
    Add-ADGroupMember -identity "{User Name from "Get Group Object"}" -Members $username

    thanks again

    Jason

    Thursday, March 01, 2012 1:20 AM
  • Hi all,
    I suspect my runbook is working fine, however I believe it's a permissions issue when the runbook fires.

    What user do the runbooks run as ?

    thanks

    Jason
    Thursday, March 01, 2012 5:55 AM
  • In SCSM - workflow account.

    http://www.scsmsolutions.com/ freemanru (at) gmail (dot) com

    Thursday, March 01, 2012 6:14 AM
    Moderator
  • OK, the workflow user is a domain admin...
    Thursday, March 01, 2012 6:16 AM
  •  "{User Name from "Get Group Object"}" - issue is here.


    http://www.scsmsolutions.com/ freemanru (at) gmail (dot) com

    Thursday, March 01, 2012 6:26 AM
    Moderator
  • I'm not sure that this is the case. Are you able to elaborate?

    I've echo'd out all the variables to a text file, and this one is the group name, powershell script works perfectly fine when I execute it myself in a powershell prompt.

    I'm starting to wonder if this is actaully an orchestator permissions issue rather than a SCSM one..

    Thursday, March 01, 2012 6:47 AM
  • Look at second screenshot you provided. The Indentity is empty, so SCOrch can't execute activity which return the "Get Group Object". Did you try to execute workbook from SCOrch console? Is it OK?

    http://www.scsmsolutions.com/ freemanru (at) gmail (dot) com

    Thursday, March 01, 2012 7:03 AM
    Moderator
  • I believe it's something to do with permissions that SCSM has to execute Runbooks. I just tried a basic write to notepad file and I get the same result. Running it through the runbook tester works fine...
    Thursday, March 01, 2012 9:12 AM
  • Hi Jason,

    If you are wondering about the reuqired permissions for integration with SCO, take a look at Marcels blogpost here:
    http://blog.scsmfaq.ch/2011/11/12/news-in-scsm12-beta-8-permissions-for-triggering-system-center-orchestrator-runbooks/

    Regards
    //Anders


    Anders Asp | Lumagate | www.lumagate.com | Sweden | My blog: www.scsm.se

    Thursday, March 01, 2012 9:40 AM
    Moderator
  • Thanks Anders,

    I found that the SCSM service account did not have enough rights. All my runbooks now run perfectly fine... except this one. The issue I find is that it appears that the .net Script component runs twice...

    The first time, the user is added to the group as intended. The second time, it runs again (no idea why) and obvious fails because the user is added to the group.

    I've tried deleting and readding this particular part to Orchestrator. It's annoying because as the script fails the second time, it fails my runbook and SR in SCSM.

    Runbook looks like this.

    Any ideas as to how I can find out why it is running the run.net script object twice.

    thanks

    Jason

    PS. Thanks the Anders and Anton for your help this week, I've learnt heaps about Orchestrator and the new features of SCSM 2012 this week! :)

    Friday, March 02, 2012 8:53 AM
  • Your "Get Group object" is returning two groups/objects. Can you show us the configuration of that activity?

    Regards
    //Anders


    Anders Asp | Lumagate | www.lumagate.com | Sweden | My blog: www.scsm.se

    Friday, March 02, 2012 12:09 PM
    Moderator
  • Is this what you're after?

    thanks

    Jason

    Friday, March 02, 2012 7:58 PM
  • Yes, it is :)

    In this particular Service Request, there should be two groups specified - in one way or another. Where (in the SR) are you storing the actual group that you want to use?

    Regards
    //Anders


    Anders Asp | Lumagate | www.lumagate.com | Sweden | My blog: www.scsm.se

    Monday, March 05, 2012 9:37 PM
    Moderator
  • Hi Anders,

    From what I understand the prompt runs a query against AD:

    Wednesday, March 07, 2012 5:33 AM
  • Two groups showing up is a bug in the RC version of the SCSM integration pack.  This has been fixed for the RTM version.

    Travis Wright Senior Program Manager Microsoft

    Wednesday, March 07, 2012 8:44 PM
    Owner