Skip to main content
  • EN

I am checking for existing AD accounts in our On-Prem AD.  This is being done via the App Action, Microsoft Active Directory – Orch using the Get User Details with Email.  Email addresses are unique as no two are the same.  We use first.last@domain.com for most of the accounts.  The problem is that not everyone uses their first name, it may be a preferred first name or the last name has been shortened.

The best way to find an AD account would be to search for the employee number.  These are unique as there are only used once.  If someone leaves, their number is never reused.  If they come back, they will get their old employee number back.

I can add the EmployeeID to the properties field (this is not a required field) to check for the employee number.  The results appear in the App Action Response as customAttributes {"EmployeeID":"000000"}.

In the Condition after the App Action, for a new hire, I am checking for the customAttributes is empty.  This would tell me that there is no AD account.

After submitting a ticket and checking the WF log, the System Message is: User test.test@domain.com is not found.  There is nothing mentioned about the employee number.

The System Message is the same if I use Get User Details or Get User Details with User Principal Name.  The message is about the name and not the employee number.

FW tells me that since the employee number is in the Attribute Editor tab, they can’t look for it.

Is anyone else looking for the employee number when checking for existing AD accounts or AD accounts that aren’t there?

If so, can you share how you are doing it?

Any assistance would be greatly appreciated.

I am checking for existing AD accounts in our On-Prem AD.  This is being done via the App Action, Microsoft Active Directory – Orch using the Get User Details with Email.  Email addresses are unique as no two are the same.  We use first.last@domain.com for most of the accounts.  The problem is that not everyone uses their first name, it may be a preferred first name or the last name has been shortened.

The best way to find an AD account would be to search for the employee number.  These are unique as there are only used once.  If someone leaves, their number is never reused.  If they come back, they will get their old employee number back.

I can add the EmployeeID to the properties field (this is not a required field) to check for the employee number.  The results appear in the App Action Response as customAttributes {"EmployeeID":"000000"}.

In the Condition after the App Action, for a new hire, I am checking for the customAttributes is empty.  This would tell me that there is no AD account.

After submitting a ticket and checking the WF log, the System Message is: User test.test@domain.com is not found.  There is nothing mentioned about the employee number.

The System Message is the same if I use Get User Details or Get User Details with User Principal Name.  The message is about the name and not the employee number.

FW tells me that since the employee number is in the Attribute Editor tab, they can’t look for it.

Is anyone else looking for the employee number when checking for existing AD accounts or AD accounts that aren’t there?

If so, can you share how you are doing it?

Any assistance would be greatly appreciated.

I would use a powershell app action then. The Microsoft Active Directory – Orch app on the server use powershell commands but it’s hard coded to what the action node’s options. 

Chatgpt and other LMM are often good at powershell scripts :) 
 

Reply


Terms of Use