none
Looping through users and performing actions - Help needed RRS feed

  • Question

  • Hi there,

    I have created a runbook in Orchestrator 2012 where I want to get a list of Active Directory users based on an LDAP query and then one by one work through each user and check if they exist in a SQL database. If not then create a record for that user, if user exists then check if any values have changed, if yes then update the record.

    I have added the activities to collect the AD users, check the SQL if the record exists and do the write and update to the SQL table.

    What I do not know how to do is the passing of a single user from the Get AD Users activity to the next step and then to loop until I have worked through each user account.

    Any help would be appreciated.

    Thanks,

    Garth.
    Tuesday, May 8, 2012 2:20 PM

Answers

  • Unfortunately there are lots of guesses and some incorrect information in the replies below. Hopefully I can provide some better info.

    When you have an activity returning multiple values, as in your AD query returning a list of users, it's correct to assume that the next activity (and all activities following that one up until a Junction) will run one time for each data value. So if your AD query returned 50 values, and you have 4 activities following this one, then the set of 4 activities will run 50 times.

    The confusion centers around whether these activities will run in parallel or sequentially. The answer is that it depends on how you have them structured. If they're all in the same runbook, they're likely to run in alternating fashion as a token gets passed from one activity to another. If you have the actions in a child runbook and call that runbook with the "Wait for Completion" box unchecked, then they're more like parallel execution.

    If you want all of the actions to occur on a single user at a time and then when that user is finished, move on to the next user, then you should use a child runbook with the Invoke Runbook activity and then *check* the "Wait for Completion" box. It will then run the child runbook as a sub-process and wait until that process finishes until starting the next iteration.




    Robert Hearn • Sr. Program Manager
    Opalis / System Center Orchestrator

    • Proposed as answer by Robert_Hearn Tuesday, May 8, 2012 9:30 PM
    • Marked as answer by GTruter Thursday, May 10, 2012 2:41 PM
    Tuesday, May 8, 2012 9:30 PM

All replies

  • Hello,

    you can get a list of the Users mit the "Get User" Activity fron the AD IP (http://technet.microsoft.com/en-us/library/hh553474.aspx). Then paste the result in a database table or text file and then walk through it as described here: http://www.sc-orchestrator.eu/index.php/scoblog/49-cycles-in-pipleline-mode

    Best regards,

    Stefan


    German Orchestrator Portal , My blog in English

    Tuesday, May 8, 2012 2:32 PM
    Answerer
  • I haven't done this so take my comments with a grain of salt, but from what I've read and watched in some videos, I'm under the impression that if you get back multiple items in one step the next step will run for every item you get back unless you select the option to "flatten" the data to just one object.

    This is from the AD IP documentation and it basically says that's how it will work

    From http://technet.microsoft.com/en-us/library/hh553469.aspx

    Multi-Value Published Data Behavior

    Get activities retrieve information from another activity or outside source, and can return one or more values in the published data. For example, when you use the Get Collection Member activity, the data output from that activity might be a list of computers that belong to the specified collection.

    By default, the data from the Get activity will be passed on as multiple individual outputs. This invokes the next activity as many times as there are items in the output. Alternatively, you can provide a single output for the activity by enabling the Flatten option. When you enable this option, you also choose a formatting option:

    • Separate with line breaks. Each item is on a new line. This format is useful for creating human-readable text files for the output.
    • Separate with _ . Each item is separated by one or more characters of your choice.
    • Use CSV format. All items are in CSV (comma-separated value) format. This format is useful for importing data into spreadsheets or other applications.

    • Proposed as answer by nichoff Tuesday, May 8, 2012 3:38 PM
    Tuesday, May 8, 2012 3:19 PM
  • I confirm that if there's a multiple return of values from an activity, the next one will be performed as many time as the number of returned values.

    So if you do your LDAP query, the next activity could be an SQL query.

    SELECT ... FROM ... WHERE username='{common name from "Get User"}';

    Then separate the workflow in two with one arrow (if no returned value frome the SQL query) use the "write to database" activity, and insert a new line with the wanted information

    if it exists, another arrow. And you'll need to build something to compare each value of the LDAP object with the db columns. I think there's an IP on Codeplex to deal with multiple comparaison... But I didn't test it !

    Regards,

    Nichoff



    • Edited by nichoff Tuesday, May 8, 2012 3:49 PM
    Tuesday, May 8, 2012 3:47 PM
  • Hello,

    yes, I know flatten. But my comment was for "What I do not know how to do is the passing of a single user from the Get AD Users activity to the next step and then to loop until I have worked through each user account."

    From there you must go line by line or single Dataset to pass the results to your activities ...

    Regards,

    Stefan


    German Orchestrator Portal , My blog in English

    Tuesday, May 8, 2012 3:57 PM
    Answerer
  • I just tested this and it's works as described in the documentation I linked to above. The next step will be called 1 time for each user, which effectivly loops through all of the users. I just wrote a simple query and then wrote a platform event, and that platform event executed 1 time for each user returned.
    Tuesday, May 8, 2012 4:01 PM
  • Hello Rich,

    I think the next step in your example will triggered for each user - at same time, yes. No loop. Multrigger or parallel execution.

    When this fits, ok.

    Best regards,

    Stefan


    German Orchestrator Portal , My blog in English


    Tuesday, May 8, 2012 4:06 PM
    Answerer
  • I'm not sure if they're supposed to be parallel or not, but in what I tested, they were all executed 1 second after each other. There were 14 users and the Send Platform Event executed 14 times over 14 seconds. It would be good to know if it was supposed to be serial or parallel though. If it's parallel, you could end up having a signifigant impact on a something in your environment if you didn't know better.

    EDIT: The documentation doesn't really specify.

    • Edited by Rich C Tuesday, May 8, 2012 4:22 PM
    Tuesday, May 8, 2012 4:21 PM
  • nicoff,

    Thanks for the reply. What I am finding is that the next activity which checks the SQL table for the user record is performed as many times as their is records returned from the ldap query but it only continues to the next activity once it has completed checking all the records. I need it to check if the record exists and then do my success or failure activity per record.

    Thanks,

    Garth.


    Thanks, Garth.

    Tuesday, May 8, 2012 5:12 PM
  • Unfortunately there are lots of guesses and some incorrect information in the replies below. Hopefully I can provide some better info.

    When you have an activity returning multiple values, as in your AD query returning a list of users, it's correct to assume that the next activity (and all activities following that one up until a Junction) will run one time for each data value. So if your AD query returned 50 values, and you have 4 activities following this one, then the set of 4 activities will run 50 times.

    The confusion centers around whether these activities will run in parallel or sequentially. The answer is that it depends on how you have them structured. If they're all in the same runbook, they're likely to run in alternating fashion as a token gets passed from one activity to another. If you have the actions in a child runbook and call that runbook with the "Wait for Completion" box unchecked, then they're more like parallel execution.

    If you want all of the actions to occur on a single user at a time and then when that user is finished, move on to the next user, then you should use a child runbook with the Invoke Runbook activity and then *check* the "Wait for Completion" box. It will then run the child runbook as a sub-process and wait until that process finishes until starting the next iteration.




    Robert Hearn • Sr. Program Manager
    Opalis / System Center Orchestrator

    • Proposed as answer by Robert_Hearn Tuesday, May 8, 2012 9:30 PM
    • Marked as answer by GTruter Thursday, May 10, 2012 2:41 PM
    Tuesday, May 8, 2012 9:30 PM
  • Robert,

    Thanks for the reply, will try your suggestion of a child runbook.

    Thanks,

    Garth.


    Thanks, Garth.

    Wednesday, May 9, 2012 6:07 AM
  • Wednesday, May 9, 2012 2:34 PM
    Answerer
  • Robert,

    Thanks again for your suggestion, got it working with 2 runbooks. Only problem I have now is when trying to test the parent runbook it does not switch over to the child when called. Is this how it is supposed to work?

    Thanks,

    Garth.


    Thanks, Garth.

    Thursday, May 10, 2012 2:41 PM