How to Sync Other Properties from Active Directory to Service Manager Using Orchestrator

Author by Christopher Mank

One of the most powerful elements of Service Manager is both its integration with all of the other System Center products and its flexibility to import data from virtually any source imaginable. The out of box AD connector does a good job of bringing over many of the common properties that most organizations would want to see synced over to the CMDB.  But what about those properties that are not brought over by default or custom properties?  In following post, we'll walk through an example of how you can sync over other properties from AD to Service Manager. To demonstrate, let's look at the PasswordLastSet property of a User.  This is not synced over to the CMDB by default and may be useful for some environments if you wanted to send email notifications to your users when their password was approaching the age threshold.  As a note, the following instructions could be used to sync over any property you wish from AD to the CMDB.  Let's take a look. 1.  First, if the property doesn't already exist in Service Manager, you will need to extend the appropriate class to include it.  In our example, we can extend the User class to include a new datetime field to store our property. Extend User Class image 2.  Next, if desired, you can customize the User form so that your analysts will be able to see the synced data from the console. Extend User Form image 3.  Now on to the syncing part.  The most effective means I've found to accomplish this is by using Orchestrator.  Below is a simple, yet effective way to use an Orchestrator Runbook to facilitate this import process. AD Connector Import Image Monitor Date/Time - This activity is straightforward.  Here you can schedule when you want the import to run.  Depending on the size of the import, you may want to schedule this during a time when system is usage is minimal. Check Schedule - I like to add this activity after each monitor, although the settings indicate it will run everyday.  It gives you the flexibility to turn off certain days for holidays, special deployments, troubleshooting, etc. AD Users/Computers Import - Here is where the PowerShell magic comes in.  The script comes from this post on the Service Manager Engineering Blog, which explains how you can pull the data right from AD.  Here is what we need for our property. AD Import Script Image This script will add the appropriate data to the Users.csv file and along with the Users.xml format file, you can import the data right into Service Manager.  An example format file is shown below.  As a note, for any AD User import via CSV, you need to include the UserName and Domain fields as they are the key fields on that class. AD User import format file Image As an Added Bonus!! You can also expand this current script to include any additional logic you like.  An example would be to compare current state of the CMDB and only import those values that have changed.  This small modification can help with performance by decreasing the number of writes to the database. Until the Whole World Hears, Christopher  

Author

Christopher Mank

Systems Architect