Posts Tagged ‘#SCSM’

Automating user creation with Ochestrator and Service Manager 2012 Part 1

March 30, 2012 2 comments

Hello again.

Creating new users is boring, what if the end-user could input all the info for you and all you need to do is to approve the request? This is all possible with Orchestrator and Service Manager and in the next couple of posts i will show you how i did it for our environment, This is just one way of doing it, Orchestrator provides an almost infinite way of creating automated tasks.

This is how the runbook looks

Start Runbook designer and create a new runbook. add a “Initialize Data” step under Runbook Control and name it User Info.
Add 8 strings and name them Firstname, Lastname, Title, Department, Manager, Phone, Company,  and Type.

Next drag and drop a “Run .Net Script” right-click it and change the name to something like “Generate Password”.
Click Details and change the type to Powershell and copy and paste this scripts. The script basically generates a password for the new user, this one creates a simple password from “!?”, capital letters, lowercase letters and number with a total of 9 characters

$firs = [Char[]] "!?"
$lows = [char[]] ("ABCDEFGHIJKLMNOPQRSTUVWXYZ".tolower())
$nums = [char[]] [string[]] (0..9)

$one = Get-Random -Minimum 1 -Maximum 2
$first = Get-Random -Minimum 1 -Maximum 5
$second = Get-Random -Minimum 1 -Maximum (6-$first)
$third = 6-$first-$second
$ofs = ""
$GPassword = [string](@($firs | Get-Random -Count $one) + @($caps | Get-Random -Count $first) + @($lows | Get-Random -Count $second) + @($nums | Get-Random -Count $third) | Get-Random -Count 9)

Now click “Published Data and add a variable from the script we just copied in. Notice that the variable is GPassword and not $GPassword.

Now click “Finish” and create a link between “User Info” and “Generate Password

Next drag and drop another “Run .Net Script” and name it CreateUser in the link below is the script i use to create the user.
First i need to explain how we name our OU:s we have about 10 different company’s within the company for example company1 has 2 OU:s on for PC users and one for TS users like company1_CTX and company1_CTX_PC (dont ask) so in the script if you input company = test1 and type = PC the OU will be test1_CTX_PC.
and if type = “anything else than PC” the OU will be test1_CTX as we only have 2 different types of user OU:s.

Writing code is not something i don´t do everyday, this script is taken from PowerGui:s examples and modified by me as best i could im sure there are better ways to do it


For the script to work you need to install the Exchange 2010 console and Quest Activerole AD Management snapin and if you have Lync installed LyncCore.msi all these needs to be installed on the runbook server!!

The first 2 lines of the script is to run Powershell with 64bit as the Run .Net Script  runs powershell with 32bit and as Exchange 2010 only comes with a 64bit Powershell add-on we need to start Powershell with the 64bit version or it wont work.

All the variables in the script needs to be mapped to the strings we input in the first step (User Info) so place the cursor between the quotes, right click and choose “Subscribe > Published Data and pick the correct string from the User Info step.
Scroll down a bit until you find $TempPassword and put the cursor between the quotes and this time choose the Password variable we created earlier, it will now set the password to the random generated password from the step before.

If you have lync and want to enable the user uncomment to 2 lines on row 132 and 133

The variable $Tempuser is a user that i use as a template for security and distribution groups if you just want to test create a user called “template test” and add it to some groups, you can disable this account as its only the to copy the groups.

The last step is to send the user information via email to someone in this case firstline support, this is just for testing and in a production environment you probably want to send the user information back to Service Manager or the person that created the request. this can be done by adding another string in the first step and naming it something like RunbookID then mapping that manually from the Service Manager Automated runbook with the ID of the runbook. you can then send the password back to Service Manager and update for example the description if the Service Request with all the info you need like firstname, lastname and password.

So go ahead and drag out a “Send Email” step and name it “Send UserInfo”. Under Details input the Subject and Recipient(s). In the message is where we input the user information type in the information you want and under it input
After each right click and subscribe to the data from the previous steps

Under Connect specify the Sender address and the SMTP servername.

Under “Run Behavior” check “Flatten” and pick “Seperate with line breaks”

Run it through the “Runbook Tester” to check if it works.

In the next part we will import the runbook to Service Manager and create a request offering that makes it possible for end-users to input all the information we need via the service manager portal, we than approve the request and Orchestrator does the rest for us.

Categories: SCORCH, SCSM Tags: ,