If you haven’t already, please read my first post on where and how to download a trial version of User Management Resource Administrator, developed by tools4ever.
Download Trial Version of UMRA > http://www.tools4ever.com/download/
In recent posts we’ve learned how to do some user provisioning with UMRA MASS module. We’ve also learned how to use “Map Tables” and If/Then/Elses. However, there is another key “Action” in UMRA that we have not touched on yet, and that is the “For Each” Action. What is this you ask? The “For Each” Action allows you to loop through a table of data, such as users, OU’s, groups, or different types of Active Directory Objects. Pass the Objecs data to another UMRA project script and have it execute actions on that Object. How did this help me with my identity management needs…simple it allowed me to make smaller more manageable scripts that really helped keep my Active Directory clean, and unpolluted. I am now able to run a specific UMRA project script, have it do all of my user management tasks in 1 run, rather then having to run multiple scripts or use other programs to finish these needs.
So let me show you how I was able to create a very small UMRA script that was able to help me with my user provisioning of student accounts.
If you need help with setting up data from a CSV please see my post here.
Steps for Creating the UMRA script:Step 1: Create a New UMRA script can call it “For Each Loop Test”
A. Set up your CSV in the “data tab” see this post for help.
Step 2: Drag/Drop 1 “Generate generic table” action to your script. This can be found under the tree Variable actions > Table > Generate generic Table
Step 3: Configure the “Gernerate gerneric table”
A. Click “configure”, then in the “Table Type” select “LDAP query
B. Click “LDAP binding” tab, and the click the radio button Binding string, and enter your binding, see the examples on the screen on how to format this string
C. Click “LDAP Filter” tab, and in the drop down, select the filter “All users” and then press “Insert”
D. Click “Attributes” tab, and Add the attributes, Samaccountname, and description
E. Click “Variable” tab, and give the table the variable “%user_table%”
F. You now can click “Run Test” tab, and see your users within your OU that you selected.
Step 4: Drag/Drop 1 “For-Each” Action to your script. This can be found under the tree Variable actions > Programming > For-Each
Step 5: Configure your “For-Each” action like below:
A. The Table variable name will be the table we created earlier of users
B. The Project name is the project we will send this table of data to
C. The Variable of project column is the variable we set for each loop through the table.
Step 6: Create a New UMRA script can call it “For Each Loop Test 2” This will be the script that we will execute when we lop through our table.
Step 7: Drag/Drop 1 “Get user (AD)” Actions to your new UMRA script. This action can be found under the tree User > Active Directory > Get User (AD)
A. Configure your “Get user (AD)” similar to the pics below
a. If you need help with this, please see this post here.
Step 7: Drag/Drop 1 “Export variables” Actions to your new UMRA script. This action can be found under the tree Variable actions > Variable operations > Export variables
B. Configure your “Export variables” similar to the pics below
With that, your UMRA scripts are ready to go. What does this script do you ask? It will help you with getting users in your Active Directory information, and write that data to a CSV file. Now that you have this CSV file, you can either run this data through another UMRA project you have or email or send the CSV to someone. This particular method has helped me out in nervous projects.
If you haven’t already, please read my first post on where and how to download a trial version of User Management Resource Administrator, developed by tools4ever.
Download Trial Version of UMRA à http://www.tools4ever.com/download/
In this blog post I am going to tell you about a scenario I ran into when trying to manage my Active Directory User Accounts. I was given a task to update over 3500 User accounts in 2 days. I was given a CSV of the user’s data, and was told I need to make sure the data in the CSV matched what was in Active Directory; I also needed to make sure each account was given groups based on a special column in the CSV. This type of User Provisioning is a huge task, however, since I’ve been using UMRA for sometime now, I knew this task would now take a few hours to create the script and run it, compared to 4 or 5 days of updating each user account singly. So how did I update all these Active Directory User Accounts so fast……see the below steps on how I did it.
I was looking through some of the UMRA Actions and noticed an action called “Map Variable”. You can find this action under the tree Variable Actions à Programming à Map variable. This action allows you take a value passed in from CSV, Network data, Active Directory Object etc. and do a check on it. So you can now pass this action, some data and have it do a check to see if it matches anything in the “Map Table” if it does, assign another variable the value that it matched. How did this help me? I was now able to pass the description from my CSV of User Data, to this Script Action, and have it check to see if that description matched anything in my “Map Table” if it did, kick out a variable with the Active Directory Group’s name that I needed to add to the user.
Here is a screen shot of my “Map Variable” action:
If you need help with attaching a CSV to your project see this blog: here
If you need help with if/then/else clauses see this blog: here
As you can see, I have a variable called %csv_description% that I am passing into this “Map Variable” action, and its going to see if that matches any of my Input values, if it does, it will update the variable called %group_dn% with the matching output value.Now that we have the “Map Variable” action down, here is a quick look at the rest of my script. Let me explain a bit what’s going on here in my UMRA script.
--> First I Map my passed variable from my CSV data to the “Map Variable” action.
--> I get the Active Directory user object (see my first blog post on how to do this)
--> I remove all group memberships of the Active Directory user object
--> I add the mapped group to the Active Directory user object
--> Then we update the Active Directory User Object Attributes
If you notice we have some “error logic” added to our script now. This will be our next topic I want to go over. So until next time!
Download Trial Version of UMRA à http://www.tools4ever.com/download/
In my first blog, I talked about how I was able to run a MASS project, to quickly update/get/create an active directory object. My script was simple, and didn’t have a lot of logic built into it. However, after poking around a bit in the “scripts” section of UMRA I found a few very powerful script actions, the main one we are going to talk about is the “If-Then-Else” Action with a few “No operation” Actions. These actions will allow us to really put some logic into our scripts, and have them do more then just run top to bottom. We will now be able to check conditions, such as: If the user’s description = xxxxx do this, if it doesn’t do that….
These actions are found in tree Variable actions à ProgrammingHere is a quick break down of how an “If-Then-Else” statement works. Like most scripts, you can check a condition; it can be a numeric value, strings, date range and a few others. How can you use this…you ask? You can now run CSV, database, or network data through your script, and check values in Active Directory. For Example, if we have a CSV of userdata, and there description for a Human Resources (HR) system, we can now say something like this:
IF = User in Active Directory Description = CSV User DescriptionTHEN = Don’t Update AccountELSE = If it’s different Update Account
This is how most “If Then Else” equations work, we first check the condition, if it matches, jump to another part in the UMRA script, if it doesn’t match, let go to an “update user” section in the script. Here is a quick visual representation on how it works.
If you are wondering what the “Get User (AD)” and “Get attribute (AD)” Actions are in the UMRA script, please see my first post Basics of UMRA.
So how has this 1 simple Action helped me? With “If Then Else” equations in my scripts I am now able to add logic into my script, I can now check conditions, as if I were doing this by hand, and only run cretin parts of my script. So I hope this helps some of you out there getting your feet wet with UMRA. My next blog post will be on Using the “Map Variable” action.
Download Trial Version of UMRA à http://www.tools4ever.com/download/
Once you have installed UMRA we are ready to create a simple Mass project. Mass project you ask? A Mass project is a quick way to update or get Active Directory objects in bulk. So for example, I could update all Users in Active Directory with a new description and phone number from a CSV or Network data I have. The days of going through each account 1 by 1 is over… What use to take me around 8-10 hours to update 1500+ accounts, now takes me 8-10 seconds.
So let’s begin…
1. Click File à New à Mass Project
2. Expand the Variable Actions Tree à Variable Operations à Drag/Drop 2 “Set Variable” Options to your script window.
A. Click on the first “Set Variable” action, and give it a variable name and value
a. VariableName = %dc% VariableValue = One of Your Domain Controllers
B. Click on the second “Set Variable” action, and give it a variable name and value
a. VariableName = %domain% VariableValue = Your Domain Name
When you’re done with the above steps your script window should look like below.
3. Expand the User Tree à Active Directory à Drag/Drop “Get User” optionThis option will allow us to Bind to the User Object, and update, or get information from it.
A. Click on the “Get User” option we pulled over and double click on it.
a. Right click on %FullName% and select “Clear Value”
b. Double Click on “Domain controller” and update its value to %dc%
When you’re done with these steps your script screen should look like below.
4. Expand the Active Directory Tree à Drag/Drop “Set attribute” option
This option will allow us to “Set/Update” the User Objects account with a new value.
A. Click on the “Set attribute (AD)” option in your script
a. Right click on %ActiveDirectoryObject% and select “Clear Value”
b. Double click on LDAP attribute displayname click on Value Radio Button, then in the drop down select “description”
c. Double click on Attribute value and set the variable to %csv_description%
When you’re done with these steps your script screen should look like below.
Now that our script is completed, we can now need to provide it with some type of data.
I created a 2 column CSV with the users accountname, and the new description.
If you want my example you can download it here à Download My CSVClick the “File data” tab, next to the “Script” tab.
Right Click in the white space below the tab, and select “Import File Data”
Locate your file and click “Ok”
You will now see the data from your CSV on your screen, we will now set column variables. What this will do is, each time the script runs, it will take the data in that column, and apply it to the scripts variables.
Right Click on “Column_A” and click on “properties”, set the variable to %UserName%
Right Click on “Column_B” and click on “properties”, set the variable to %csv_description%
When you’re done with these steps your script screen should look like below.
Now your project is ready to run.Right click on 1 of your accounts, and select “Run Selection”. On the “Log Messages” lower window, you will see the actions log as to what happened when you just ran your first mass project.
Now that you’ve updated the Active Directory Account, go check the account in AD to verify.
If you want to run your complete CSV file, select “Run” instead of “Run Selection”..
If you have any questions let me know, I will post other scripts later.