Query to show a list of AD groups, to which a specified AD account is a member of.
Question
-
Good news everyone,
here is another challenge with Request Offering configuration :)
RO goal: change AD group membership for a specific AD account. Sounds easy? The issue is in details, namely: i need to collect a list of AD groups. It's easy to do, when there is no Criteria configured in the "Query results" -just use "Active Directory Group" basic class.
But this is less than ideal because the query returns ALL AD groups. Instead, "Role-based" approach is requested by business, such as "Grant new user A membership in the same groups as existing user B has. User B memebership must be reviewed and validated".
So the question is: what combination class to use and how to compile Criteria in "Query results", so the list of the groups will show ONLY groups which user B is a member of.
I found a workaround, but it's long and ugly, and incudes
1. Runbook automation activity to create "User B AD groups membership list" using SCO AD IP
2. Review Activity assigned to RO requester to review and validate the list
Any feedback is appreciated.
Thanks in advance, Alex.
