Archive for the ‘SCORCH’ Category

Automating user creation with Ochestrator and Service Manager 2012 Part 2

April 2, 2012 Leave a comment

Hello everyone.

This is part 2 of the automated user creation using Orchestrator and Service Manager 2012.
In the previous post we created our runbook to create the user, and in this post we will import that runbook to Service Manager and using it on our service portal.

Fire up Service Manager Console and first navigate to Administration > Connectors, select your Orchestrator connector and press “Synchronize now” if you haven’t set one up yet do it now.
Now goto Library > Runbooks Here you should see the runbook we created in Runbook Designer. If you don’t make sure you checked it in after you finished.
Select it and press “Create Runbook Automation Activity Template

Input a name for the Template and a description and press OK

This will open up a new window with the actual template. Again input some information about the runbook and check “Is Ready For Automation” very important if we don’t check this we need to start it manually.

Ok now we have our new Runbook Activity, now we  need a Service Request to run it in, so again navigate to Library and right click “Templates” and click “Create Template”

Input a name and description for the Template press Browse and pick “Service Request” then press OK

This opens up a new window with the service request.
Input what information you want then select “Activities

This is where we create the activity flow, so first press the + and select “Default Review Activity” This activity “needs” to be present, in my case just because I don’t want my users to be able to create users without me approving it first. And in most other cases because it needs to be mapped to a cost.

So go ahead and input Title and Description (we could have created another string in the runbook for example “Reason for request” and mapped that to the description of the review activity)

There are many ways to setup the vote, in this case as I am the only one that will approve I put myself as the reviewer. If you for example have 10 people that you want to be able to approve the request you can simply put them all as reviewers and set the “Approval Condition” to percentage and set it to 10%. You can also set that someone like the manager has Veto or that he must vote for the activity to be approved.

Now press OK and your back to the service request. Again press the + and this time select the Runbook template we created earlier. As we already filled out this just click OK again

You activity stage should now look like this, and we are done with the Service Request Template so just press OK

Navigate to “Library > Service Catalog” right click “Request Offerings” and click “Create Request Offering

Input Title and Description of the request, select an image if you have one and select the service request template we created earlier and press Next.

On the next screen we need to map create the user prompts. These will look the same as the “User Info” step from the runbook. Press the + and create 8 prompts and name them Firtname, Lastname, Manager, Title, Department, Phone number, Company, Type.

Select Company and press “Prompt Type” click “Simple List” and do the same for “Type” if you want select Phone and change Response Type to Optional, in many cases he won’t get a phone number until he starts, now press Next

Now we need to configure the prompts first thing is to make sure that the format of Firstname and Lastname is correct so press Firstname and click “Configure” here we can pick some premade regular expressions or we can make our own which is what we will do so click “.Net Regular Expression” And type in this ^[A-Z]{1}[A-Za-z\-]+ now the first letter has to be capital and the rest lowercase, now do the same for Lastname.

We also need to configure Company and Type with a list to choose from, so click Company > Configure

Depending on what Company’s you have in the script from Part 1 you need to input them here. If you didn’t change them yet just type Test1, Test2 and Test3, select Test1 and click “Set as default” Do the same with type and input “PC” and “TS

On the next screen we need to map all the prompts to something in either the Runbook Activity the Review activity or the Service Request. We will map everything to the Runbook Activity. This is where we could also have mapped a field for “reason for request” if you did that in the runbook.

Select the “Create New User Runbook”  and map each string to the right property in the runbook, they might not end up in the right order so make sure you select the right one. Press Next

On the next screen we can specify a knowledge article for the request with relevant information or guides.

The next screen is to publish the Request Offering as this is a lab we will publish it right away.

Now click Next and then Create

Ok now we are done with the Request Offering. Now all we need to do is to publish it to the portal.

If you haven’t published any offerings yet you probably only have the default Service Offering categories so navigate to Library > Lists and double click “Service Offering Category”.

Here you can add new Categories to the self-service portal just press “Add Item” and change the name to something like “Access and Security”

Now we have a Service Offering category so we need to add a Service Offering to that category. Navigate to Library > Service Offerings, Right click and select “Create Service Offering

Give it a name like Account Management, select the “Access and Security” category we just created. You can also select a icon if you have one. Fill in the rest and press Next

Here you can fill out SLA and Cost information, as this is a lab I won’t do this right now. Next screen is for related services, same here just press next and next again on Knowledge Articles.

On  the next screen press add and select the Request Offering we created earlier and press OK.

Make sure you select “Publish” on the next screen and finish the wizard.

If you now start your favorite web browser and navigate to your self-service portal https://”Server”:444/SMPortal you will see the Category and Service Offering we created. Press Account Management and you will also see the “New User Request”

And voila here is the request and as you can see the custom tooltip / regex  we creates works like a charm.

Now fill in the rest and submit the request.

When you are done go to My Activities, select the review activity select a reviewer and press Approve enter a comment and press Save.

The review activity is now approved and it will move onto the Runbook Activity.

If you check Runbook Designer you can see the runbook is running. When it’s done the service request will automatically change status to Complete and you will have a new User. Also check you inbox to see the mail with the user info.

There you have it, i hope you have some use for this, if not everything maybe some part of it. I will keep updating as i setup my lab.

Im reallt exited about Orchestrator and ive only just begun to scratch the surface of what this awsome complement to the System Center family can do!!

Categories: SCORCH, SCSM Tags:

Automating user creation with Ochestrator and Service Manager 2012 Part 1

March 30, 2012 2 comments

Hello again.

Creating new users is boring, what if the end-user could input all the info for you and all you need to do is to approve the request? This is all possible with Orchestrator and Service Manager and in the next couple of posts i will show you how i did it for our environment, This is just one way of doing it, Orchestrator provides an almost infinite way of creating automated tasks.

This is how the runbook looks

Start Runbook designer and create a new runbook. add a “Initialize Data” step under Runbook Control and name it User Info.
Add 8 strings and name them Firstname, Lastname, Title, Department, Manager, Phone, Company,  and Type.

Next drag and drop a “Run .Net Script” right-click it and change the name to something like “Generate Password”.
Click Details and change the type to Powershell and copy and paste this scripts. The script basically generates a password for the new user, this one creates a simple password from “!?”, capital letters, lowercase letters and number with a total of 9 characters

$firs = [Char[]] "!?"
$lows = [char[]] ("ABCDEFGHIJKLMNOPQRSTUVWXYZ".tolower())
$nums = [char[]] [string[]] (0..9)

$one = Get-Random -Minimum 1 -Maximum 2
$first = Get-Random -Minimum 1 -Maximum 5
$second = Get-Random -Minimum 1 -Maximum (6-$first)
$third = 6-$first-$second
$ofs = ""
$GPassword = [string](@($firs | Get-Random -Count $one) + @($caps | Get-Random -Count $first) + @($lows | Get-Random -Count $second) + @($nums | Get-Random -Count $third) | Get-Random -Count 9)

Now click “Published Data and add a variable from the script we just copied in. Notice that the variable is GPassword and not $GPassword.

Now click “Finish” and create a link between “User Info” and “Generate Password

Next drag and drop another “Run .Net Script” and name it CreateUser in the link below is the script i use to create the user.
First i need to explain how we name our OU:s we have about 10 different company’s within the company for example company1 has 2 OU:s on for PC users and one for TS users like company1_CTX and company1_CTX_PC (dont ask) so in the script if you input company = test1 and type = PC the OU will be test1_CTX_PC.
and if type = “anything else than PC” the OU will be test1_CTX as we only have 2 different types of user OU:s.

Writing code is not something i don´t do everyday, this script is taken from PowerGui:s examples and modified by me as best i could im sure there are better ways to do it


For the script to work you need to install the Exchange 2010 console and Quest Activerole AD Management snapin and if you have Lync installed LyncCore.msi all these needs to be installed on the runbook server!!

The first 2 lines of the script is to run Powershell with 64bit as the Run .Net Script  runs powershell with 32bit and as Exchange 2010 only comes with a 64bit Powershell add-on we need to start Powershell with the 64bit version or it wont work.

All the variables in the script needs to be mapped to the strings we input in the first step (User Info) so place the cursor between the quotes, right click and choose “Subscribe > Published Data and pick the correct string from the User Info step.
Scroll down a bit until you find $TempPassword and put the cursor between the quotes and this time choose the Password variable we created earlier, it will now set the password to the random generated password from the step before.

If you have lync and want to enable the user uncomment to 2 lines on row 132 and 133

The variable $Tempuser is a user that i use as a template for security and distribution groups if you just want to test create a user called “template test” and add it to some groups, you can disable this account as its only the to copy the groups.

The last step is to send the user information via email to someone in this case firstline support, this is just for testing and in a production environment you probably want to send the user information back to Service Manager or the person that created the request. this can be done by adding another string in the first step and naming it something like RunbookID then mapping that manually from the Service Manager Automated runbook with the ID of the runbook. you can then send the password back to Service Manager and update for example the description if the Service Request with all the info you need like firstname, lastname and password.

So go ahead and drag out a “Send Email” step and name it “Send UserInfo”. Under Details input the Subject and Recipient(s). In the message is where we input the user information type in the information you want and under it input
After each right click and subscribe to the data from the previous steps

Under Connect specify the Sender address and the SMTP servername.

Under “Run Behavior” check “Flatten” and pick “Seperate with line breaks”

Run it through the “Runbook Tester” to check if it works.

In the next part we will import the runbook to Service Manager and create a request offering that makes it possible for end-users to input all the information we need via the service manager portal, we than approve the request and Orchestrator does the rest for us.

Categories: SCORCH, SCSM Tags: ,