locked
Query to show a list of AD groups, to which a specified AD account is a member of. RRS feed

  • Question

  • Good news everyone,

    here is another challenge with Request Offering configuration :)

    RO goal: change AD group membership for a specific AD account. Sounds easy? The issue is in details, namely: i need to collect a list of AD groups. It's easy to do, when there is no Criteria configured in the "Query results" -just use "Active Directory Group" basic class. 

    But this is less than ideal because the query returns ALL AD groups. Instead, "Role-based" approach is requested by business, such as "Grant new user A membership in the same groups as existing user B has. User B memebership must be reviewed and validated".

    So the question is: what combination class to use and how to compile Criteria in "Query results", so the list of the groups will show ONLY groups which user B is a member of.

    I found a workaround, but it's long and ugly, and incudes

    1. Runbook automation activity to create "User B AD groups membership list" using SCO AD IP

    2. Review Activity assigned to RO requester to review and validate the list

    Any feedback is appreciated.

    Thanks in advance, Alex.

    Wednesday, October 10, 2012 2:23 PM