Modifying a Single Value in Active Directory

A reasonably common request I come across is how to create a request offering allowing a user to modify their own values in Active Directory – for instance mobile phone numbers. So let’s have a look at how we can use both Service Manager  and Orchestrator to do this.

I have in my environment a single Service Manager management server – synchronising with AD. This just synchronises the default values from the connector so let’s look at how we can alter one of these values.

Start with a Runbook – this will read in the value I want to change. The only other parameter I will supply is the Runbook Activity GUID – I can map this in Service Manager when I create the Runbook Automation Activity. My Runbook looks like this:-

We need to traverse through the Service Manager class structure so I can get to the service request – I use the Get Relationship activity to discover the relationship between the Runbook automation activity and the service request.

The Get Object activity will retrieve the service request for me.

I use another Get Relationship activity to discover the user objects related to the service request.

I then find the user who created the request by specifying a filter in the Orchestrator smart link and use another Get Object activity from the Service Manager integration pack to retrieve the object. I can then use an Update User activity to alter the value – in this instance it is the mobile phone number I’m allowing the user to change.

That should be all from the Orchestrator side – now I can build the request offering in Service Manager. I have already set up a connector to Orchestrator and my Runbook is synchronised into the library. Select the Runbook and use the built in Create Runbook Automation Activity Template task.

Two important details here – select the Is Ready for Automation checkbox – and edit the mapping on RB GUID parameter – it needs to be changed to the ID of the Runbook Automation Activity. This value is passed to Orchestrator when the Runbook starts and is how I discover the service request details. Save and close the activity template when done.

Now create a new template for the Service Request – add the Runbook automation activity created previously and close.

So that users can interact with the service request via the self service portal I need to create a Request Offering which will contain the service request and the prompts for the end user. Expand the Service Catalog –> Request Offering section in Library and create a new request offering.

Select the service request template created previously

Add a new user prompt to allow the user to add a new mobile phone number. In a future post we can look at how we can display the current mobile number and create a regular expression to allow us to control what is entered. But for now it is just going to be a plain text field.

Go to Map Prompts and select the Runbook Activity. Use the drop down to map the Runbook parameter to the prompt created previously.

We can now skip through the rest of the wizard – I have published the request offering so it is available before I finish the wizard. After this the request offering must be added to a service offering. Click on New Service Offering and follow the wizard. Add the request offering to the wizard when prompted. After this is done we can publish the service offering,

All that remains now is for some testing to be done! The request is published on the portal – and depending on permissions a user can access the request and change their mobile phone number. In a future post I’ll go through displaying the current user details as well as adding a review activity to the sequence to allow approval of the change.