locked
batch relationship change RRS feed

  • Question

  • My organization is merging with another and we are currently operating with two domains while the project to migrate all of the object from one into the other is completed.  SCSM is implemented on Domain A, but is syncing object from both domain A and Domain B's AD.  Before the AD migration/merge occurs Analysts from domain B have been given functional access to SCSM by creating a transitional account on Domain A for them and they do a run as using that account to access the console.  We found this was necessary as even with the trust relationship between the two domains we cannot ad users from domain b to groups that are part of domain A, and where I have teams of analysts which now have people form both domains I needed to be able to put them in one AD group.

    The intention is that their regular account on domain B will be migrated over to domain A with SID history, so that all their other permissions (file system, database, shared mailboxces, etc) will all function, however all the relationships they have with work items and config items in SCSM will be with the transition account.

    What I need is a way to identify every relationship a transition account has in SCSM and to automatically change those relationships so they are with the migrated account.

    I think this will apply to about a dozen accounts or so, so I have considered weather workflows could be used but I think that ballons very quickly and requires to many workflows to achieve the effect im after so I guess the nex possibility is operating on the database itself.

    Can any on provide any suggestions as to the best way to do this?

    Thanks Eden

    Monday, November 10, 2014 11:08 PM

Answers

  • powershell with the SMLets is probably the easiest:

    $BlacklistedRelIDs = @([guid]"649e37ab-bf89-8617-94f6-d4d041a05171")
    $UserClass = Get-SCSMClass microsoft.ad.User$
    $OldDomainUsers = get-scsmObject -Class $userclass -Filter "domain -eq 'lab'"
    $ForEach ($oldUser in $OldDomainUsers) { 
    	$UserName = $OldUser.UserName
    	$NewUser = Get-scscmObject -class $UserClass -filter "domain -eq 'Prod' -and UserName -eq $UserName"
    	$SourceRels = Get-SCSMRelationshipObject -BySource $OLDUser
    	ForEach ($Rel in $SourceRels) {
    		if (($BlacklistedRelIDs -notcontains [guid]($Rel.RelationshipId)) -and ($Rel.IsDeleted -eq $False)){
    			$RelClass = Get-SCSMRelationshipClass -id ($Rel.RelationshipId)
    			$TargetObject = get-scsmobject -id ($Rel.TargetObject.id)
    			New-scsmRelationshipObject -Relationship $REl -Target $TargetObject -Source $NewUser -bulk
    			Remove-SCSMRelationshipobject $rel 
    		}
    	}
    	$TargetRels = Get-SCSMRelationshipObject -ByTarget $OLDUser
    	ForEach ($Rel in $TargetRels) {
    		if (($BlacklistedRelIDs -notcontains [guid]($Rel.RelationshipId)) -and ($Rel.IsDeleted -eq $False)){
    			$RelClass = Get-SCSMRelationshipClass -id ($Rel.RelationshipId)
    			$SourceObject = get-scsmobject -id ($Rel.SourceObject.id)
    			New-scsmRelationshipObject -Relationship $REl -Source $SourceObject -Target $NewUser -bulk
    			Remove-SCSMRelationshipobject $rel 
    		}
    	}
    }

    You'll probably want to go through each of the existing relationships that are on users and build up a blacklist of relationships you DON'T want copied. alternatively, you could reverse my logic from above and build up a white list of relationships you do want copied, and check that the relationship in question is contained in the whitelist


    • Marked as answer by Eden Ravenwood Wednesday, November 12, 2014 10:53 PM
    • Edited by Thomas Bianco Thursday, November 13, 2014 5:10 PM sed s/$User/$OldUser/
    Tuesday, November 11, 2014 4:29 PM
  • New-scmRelationshipObject -Relationship $RelClass -Source $SourceObject -Target $NewUser

    The relationship parameter expects a relationship class, not a relationship object.

    You were looking too hard for the error ;) But, to clarify, objects are objects. Projections are projections. Objects can be part of a projection. A projection is just a combination of objects and relationships based on a type projection. Projections cannot be used as parameters to create a new relationship via the NewRelationshipObject cmdlets/SDK methods. Only objects can be used for that.

    But you can use projections to relate other objects or projections via the projection's Add() method in the SDK (and however Powershell does it)

    Friday, February 6, 2015 2:37 PM

All replies

  • powershell with the SMLets is probably the easiest:

    $BlacklistedRelIDs = @([guid]"649e37ab-bf89-8617-94f6-d4d041a05171")
    $UserClass = Get-SCSMClass microsoft.ad.User$
    $OldDomainUsers = get-scsmObject -Class $userclass -Filter "domain -eq 'lab'"
    $ForEach ($oldUser in $OldDomainUsers) { 
    	$UserName = $OldUser.UserName
    	$NewUser = Get-scscmObject -class $UserClass -filter "domain -eq 'Prod' -and UserName -eq $UserName"
    	$SourceRels = Get-SCSMRelationshipObject -BySource $OLDUser
    	ForEach ($Rel in $SourceRels) {
    		if (($BlacklistedRelIDs -notcontains [guid]($Rel.RelationshipId)) -and ($Rel.IsDeleted -eq $False)){
    			$RelClass = Get-SCSMRelationshipClass -id ($Rel.RelationshipId)
    			$TargetObject = get-scsmobject -id ($Rel.TargetObject.id)
    			New-scsmRelationshipObject -Relationship $REl -Target $TargetObject -Source $NewUser -bulk
    			Remove-SCSMRelationshipobject $rel 
    		}
    	}
    	$TargetRels = Get-SCSMRelationshipObject -ByTarget $OLDUser
    	ForEach ($Rel in $TargetRels) {
    		if (($BlacklistedRelIDs -notcontains [guid]($Rel.RelationshipId)) -and ($Rel.IsDeleted -eq $False)){
    			$RelClass = Get-SCSMRelationshipClass -id ($Rel.RelationshipId)
    			$SourceObject = get-scsmobject -id ($Rel.SourceObject.id)
    			New-scsmRelationshipObject -Relationship $REl -Source $SourceObject -Target $NewUser -bulk
    			Remove-SCSMRelationshipobject $rel 
    		}
    	}
    }

    You'll probably want to go through each of the existing relationships that are on users and build up a blacklist of relationships you DON'T want copied. alternatively, you could reverse my logic from above and build up a white list of relationships you do want copied, and check that the relationship in question is contained in the whitelist


    • Marked as answer by Eden Ravenwood Wednesday, November 12, 2014 10:53 PM
    • Edited by Thomas Bianco Thursday, November 13, 2014 5:10 PM sed s/$User/$OldUser/
    Tuesday, November 11, 2014 4:29 PM
  • That's great many thanks for the response, ill try it out today on our test system.
    Wednesday, November 12, 2014 10:54 PM
  • Hi Thomas,
     again thanks for your original response.  Theres been a bit of a delay but I've finally gotten around to trying to get the script you provided to work.  Unfortunately I've had some difficulties. 

    I may not have been clear in describing the circumstance I need to address. Without worrying about the background, essentially I will need to replace all the relationships one user has to other objects in SCSM with relationships between a different user and those objects, i.e. where ever the affected user was Windows.AD.User A it now needs to be Windows.AD.User B.  I only need to do this for a group of about a dozen users.

    So I have modified you script slightly, here's my version:

    $BlacklistedRelIDs = @([guid]"649e37ab-bf89-8617-94f6-d4d041a05171")
    $UserClass = Get-SCSMClass -name microsoft.ad.User
    $OldUser = get-scsmObject -Class $UserClass -Filter "UserName -eq 'scsm-transition'"
    $NewUser = Get-scsmObject -Class $UserClass -filter "UserName -eq 'scsm-migration'"
    $SourceRels = Get-SCSMRelationshipObject -BySource $OldUser
    ForEach ($Rel in $SourceRels) {
        if (($BlacklistedRelIDs -notcontains [guid]($Rel.RelationshipId)) -and ($Rel.IsDeleted -eq $False)){
       	    $RelClass = Get-SCSMRelationshipClass -id ($Rel.RelationshipId)
    	    $TargetObject = get-scsmobject -id ($Rel.TargetObject.id)
        	New-scsmRelationshipObject -Relationship $Rel -Target $TargetObject -Source $NewUser -bulk
        	Remove-SCSMRelationshipobject $Rel 
        }
    }
    $TargetRels = Get-SCSMRelationshipObject -ByTarget $OldUser
    ForEach ($Rel in $TargetRels) {
        if (($BlacklistedRelIDs -notcontains [guid]($Rel.RelationshipId)) -and ($Rel.IsDeleted -eq $False)){
        	$RelClass = Get-SCSMRelationshipClass -id ($Rel.RelationshipId)
    	    $SourceObject = get-scsmobject -id ($Rel.SourceObject.id)
        	New-scsmRelationshipObject -Relationship $Rel -Source $SourceObject -Target $NewUser -bulk
        	Remove-SCSMRelationshipobject $Rel 
        }
    }

    so this just uses individual fixed source and target users, but since I only need to do this for such a small group of users its not really a problem to modify the script aqnd run for each affected user.

    The good news is when I run it the source user is removed from relationships with a work item, e.g I have an incident that scsm-transition is the affected user, assigned user, and primary owner on and after the script is run the history of the incident shows that the account running the script has removed those relationships, and thescsm-transition is no longer shown as affected, assigned, or primary owner in the incident form. 

    The bad news is that it has not created the replacement relationships, i.e. it has not made scsm-migration the affected user, assigned user, or primary owner.

    the out pout of the script in powershell is:

    New-SCSMRelationshipObject : Cannot bind parameter 'Relationship'. Cannot convert the "d9683971-fad3-6874-e955-1e37aaa8651a" value of type 
    "Microsoft.EnterpriseManagement.Common.EnterpriseManagementRelationshipObject`1[[Microsoft.EnterpriseManagement.Common.EnterpriseManagementObject, 
    Microsoft.EnterpriseManagement.Core, Version=7.0.5000.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]" to type 
    "Microsoft.EnterpriseManagement.Configuration.ManagementPackRelationship".
    At line:19 char:47
    +         New-scsmRelationshipObject -Relationship $Rel -Source $SourceObject -Target ...
    +                                                  ~~~~
        + CategoryInfo          : InvalidArgument: (:) [New-SCSMRelationshipObject], ParameterBindingException
        + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,SMLets.NewSCSMRelationshipObject
     
    New-SCSMRelationshipObject : Cannot bind parameter 'Relationship'. Cannot convert the "46683d3c-3f60-bc7c-22dc-544c8b6a20a7" value of type 
    "Microsoft.EnterpriseManagement.Common.EnterpriseManagementRelationshipObject`1[[Microsoft.EnterpriseManagement.Common.EnterpriseManagementObject, 
    Microsoft.EnterpriseManagement.Core, Version=7.0.5000.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]" to type 
    "Microsoft.EnterpriseManagement.Configuration.ManagementPackRelationship".
    At line:19 char:47
    +         New-scsmRelationshipObject -Relationship $Rel -Source $SourceObject -Target ...
    +                                                  ~~~~
        + CategoryInfo          : InvalidArgument: (:) [New-SCSMRelationshipObject], ParameterBindingException
        + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,SMLets.NewSCSMRelationshipObject
     
    New-SCSMRelationshipObject : Cannot bind parameter 'Relationship'. Cannot convert the "5d194ac6-1f5c-29b6-f41d-8cf9fb202b91" value of type 
    "Microsoft.EnterpriseManagement.Common.EnterpriseManagementRelationshipObject`1[[Microsoft.EnterpriseManagement.Common.EnterpriseManagementObject, 
    Microsoft.EnterpriseManagement.Core, Version=7.0.5000.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]" to type 
    "Microsoft.EnterpriseManagement.Configuration.ManagementPackRelationship".
    At line:19 char:47
    +         New-scsmRelationshipObject -Relationship $Rel -Source $SourceObject -Target ...
    +                                                  ~~~~
        + CategoryInfo          : InvalidArgument: (:) [New-SCSMRelationshipObject], ParameterBindingException
        + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,SMLets.NewSCSMRelationshipObject
     
    New-SCSMRelationshipObject : Cannot bind parameter 'Relationship'. Cannot convert the "a1af6514-6003-f946-66d1-c1adf3aa0808" value of type 
    "Microsoft.EnterpriseManagement.Common.EnterpriseManagementRelationshipObject`1[[Microsoft.EnterpriseManagement.Common.EnterpriseManagementObject, 
    Microsoft.EnterpriseManagement.Core, Version=7.0.5000.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]" to type 
    "Microsoft.EnterpriseManagement.Configuration.ManagementPackRelationship".
    At line:19 char:47
    +         New-scsmRelationshipObject -Relationship $Rel -Source $SourceObject -Target ...
    +                                                  ~~~~
        + CategoryInfo          : InvalidArgument: (:) [New-SCSMRelationshipObject], ParameterBindingException
        + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,SMLets.NewSCSMRelationshipObject
     
    New-SCSMRelationshipObject : Cannot bind parameter 'Relationship'. Cannot convert the "4f540b48-4750-f47b-f69d-fbea3bb2ed58" value of type 
    "Microsoft.EnterpriseManagement.Common.EnterpriseManagementRelationshipObject`1[[Microsoft.EnterpriseManagement.Common.EnterpriseManagementObject, 
    Microsoft.EnterpriseManagement.Core, Version=7.0.5000.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]" to type 
    "Microsoft.EnterpriseManagement.Configuration.ManagementPackRelationship".
    At line:19 char:47
    +         New-scsmRelationshipObject -Relationship $Rel -Source $SourceObject -Target ...
    +                                                  ~~~~
        + CategoryInfo          : InvalidArgument: (:) [New-SCSMRelationshipObject], ParameterBindingException
        + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,SMLets.NewSCSMRelationshipObject
     
    Remove-SCSMRelationshipobject : Cannot process extension elements as EnterpriseManagementObject. User EnterpriseManagementObjectProjection for all extension 
    element CRUD operations.
    At line:20 char:6
    +         Remove-SCSMRelationshipobject $Rel
    +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (4f540b48-4750-f47b-f69d-fbea3bb2ed58:Guid) [Remove-SCSMRelationshipObject], InvalidOperationException
        + FullyQualifiedErrorId : Object,SMLets.RemoveSMRelationshipObjectCommand

    Do you have any suggestion as to what I've got wrong?

    Thanks Eden


    • Edited by Eden Ravenwood Thursday, February 5, 2015 11:39 PM clarity
    Thursday, February 5, 2015 11:36 PM
  • Okay been doing some digging and based on some info in this thread I suspect that the incident Im working with might be a projection rather than an object.  The form it uses is customized and I seem to recall that customization involved creating a projection. according to the conversation in the linked thread new-scsmrelationshipobject cannot be used to create a relationship with a projection, although I must admit im a bit fuzzy on the technical detail.

    could that explain the errors like:

    New-SCSMRelationshipObject : Cannot bind parameter 'Relationship'. Cannot convert the "4f540b48-4750-f47b-f69d-fbea3bb2ed58" value of type 
    "Microsoft.EnterpriseManagement.Common.EnterpriseManagementRelationshipObject`1[[Microsoft.EnterpriseManagement.Common.EnterpriseManagementObject, 
    Microsoft.EnterpriseManagement.Core, Version=7.0.5000.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]" to type 
    "Microsoft.EnterpriseManagement.Configuration.ManagementPackRelationship".
    At line:19 char:47
    +         New-scsmRelationshipObject -Relationship $Rel -Source $SourceObject -Target ...
    +                                                  ~~~~
        + CategoryInfo          : InvalidArgument: (:) [New-SCSMRelationshipObject], ParameterBindingException
        + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,SMLets.NewSCSMRelationshipObject
     
    

    and is there any way around that?

    Friday, February 6, 2015 3:29 AM
  • New-scmRelationshipObject -Relationship $RelClass -Source $SourceObject -Target $NewUser

    The relationship parameter expects a relationship class, not a relationship object.

    You were looking too hard for the error ;) But, to clarify, objects are objects. Projections are projections. Objects can be part of a projection. A projection is just a combination of objects and relationships based on a type projection. Projections cannot be used as parameters to create a new relationship via the NewRelationshipObject cmdlets/SDK methods. Only objects can be used for that.

    But you can use projections to relate other objects or projections via the projection's Add() method in the SDK (and however Powershell does it)

    Friday, February 6, 2015 2:37 PM
  • Thanks Aaron,

    your correction worked fine. :)

    Monday, February 9, 2015 10:48 PM