Obtain Direct Reports from Active Directory
Updated: 21 Jan 2011 | 12 comments
This issue has been solved. See solution.
I'm trying to pull a list of direct reports (for a manager) from active directory. I'm able to use the "Get Users With details" component and use the ADUserInfo datatype, but it doesn't look like direct reports is part of the data that is returned. Anyone know how to pull this info from AD through WF?
Discussion Filed Under:
Comments
7.0 SP3 Does not have a comp to do this
So the only solution would be to create a custom LDAP compnent that would take the Manager DN and find all the users that have that DN in the Manager field.
Or, if you have a SQL server, you can link it to you AD server and use OpenQuery to get all kinds of info, you just can't write any data.
rob
I would use the "Code
I would use the "Code (Script) Component" component to fetch the Distinguished Name for each "Direct Reports" user.
Here is an example below (the userDN input is the Manager's DN
(Sorry for the image layout, couldn't manage to fit the screen)
Use Additional Attributes in Get Users With Details
As an alternative solution, you can always search on additional attributes in any of the native Active Directory search components. To get direct reports for a given user, try these steps:
1) Open a Get Users with Details Component and go to the Input Tab, make sure to select the "set of fields" radio button.
2. Click the Ellipsis next to "Additional Attributes", Select "Dynamic Value" and click "Edit"
3. In the Mapping Portion, make sure you add a single value mapping for "Attribute" then right click on "name" and create a constant mapping with the value of 'manager' all lower case. Then map the target manager's "DistinguishedName" to the "Value" on the right.
This should provide a list of all direct reports with the proper data type. You can also do this with any other AD Attribute native to active directory or custom.
Jason
Hi Jason, I'm trying to
Hi Jason,
I'm trying to reproduce your solution and having some hard time getting parts of point 3 to work.
By "create a constant mapping with the value of 'manager' all lower case" do you mean the "Constant Object" input in the Configuration tab?
Each time I try to map the DistringuishedName to Values (on the right) I get the "the destination field is an array but the source field is not" validation error as the Values (Custom attribute) is a collection/array of Strings.
You state mapping to the Value on the right but the image shows Values[].
Thanks in advance
Jason, I watched the video
Jason,
I watched the video and followed it verbatim, but am still having trouble. I get to the first web form and display distinguished name etc.
When my process gets to the second "get users" component, it takes the not found path. I know that the user i plugged into the first component has direct reports in AD (im one of them).
Any suggestion on what to check or what could cause this?
Thanks
I had no problems by
I had no problems by following the video.
Did you change the defaults in the Context tab?
If yes then; set
Container Option as Pick
Container Type as Entire Domain
(some users misstakes the Users option as the object type to search for but it's the Organizational unit called Users located in the root)
Same thing
I get the same results when I go to do the mapping.
Direct Reports How-To Video
Here is a link to a video on how to get direct reports.
https://www-secure.symantec.com/connect/videos/get-active-directory-reports-ad-workflow
I get restricted access
I get restricted access
Ouside Link
Well, that will teach me to use the Connect infrastructure. Here is a link to the same video posted outside http://www.screencast.com/t/Or4EEGR7qoH
Thanks Jason, That was a
Thanks Jason,
That was a sweet solution!
You can access that video on Connect as well
At the moment you'll have to download it for viewing but it will be availble for inline viewing shortly.
Cheryl
Endpoint Management,
Endpoint Virtualization
Community Manager
www.twitter.com/EMnV_symc
Need Altiris help? IRC chat #Altiris
Would you like to reply?
Login or Register to post your comment.