cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 10

[Tool]ARM Template Generator V2 - Updated 23/08/19

Hi everyone,

I am pleased to announce the availability of the second version of the ARM Template Generator Tool.

The documentation is now included in the download package.

What´s new?

- Interface redesign

- Darkmode

- Support for User Template Import

- Option for creating a User Template based on an existing Account

- Support for Group Template Creation & Import

- Support for Open Template Creation & Import

- Help links now open in Browser and have been updated

- Tooltips and watermarks throughout the tool

- GUI for building creation rules

- Added selection of premade validation rules

- Added REGEX cheat sheet

- Multiple values are now configurable for Exchange Database and Policy fields

- Script parameter fields make autocomplete suggestions based on configured properties

- Added out of order navigation

Since i can only test so much on my own I would ask everyone using the Import feature to keep backups of the original template files or just not save over them, at least for now.

If you have any issues or see wonky behaviour please let me know, preferably with a detailed description of the expected and actual behaviour.

The old version will stay available under the old link for now.

Changelog 21/06/19:

- fixed an issue while importing templates with completely missing modules section

- fixed an issue with loading and writing the first parameter of the regexpr method

- fixed an issue with dragging list items into the builder UI when their index in the list is higher than the highest index that is displayed by default

Changelog 26/07/19:

- made sure the import function respects the order of AD Attributes (should have been the case before, if you see anything to the contrary let me know)

- added buttons for re-ordering AD Attributes

- fixed issue with the import and export function reading/writing the "IsScriptEnabledDefault" property in the scriptoptions as "IsScriptEnabledByDefault" (note that when you import a template with the faulty property name the value will have to be reconfigured manually)

Changelog 23/08/19:

- fixed a crash after editing lookuptables

- added minimum length field to password options - changed default value from 12 to 8

Download Link:

http://bit.ly/ARMtemplateV2

VirusTotal:

pastedImage_3.png

VirusTotal

Here´s a glimpse of the new interface:

pastedImage_2.pngpastedImage_3.pngpastedImage_4.pngpastedImage_5.pngpastedImage_6.pngpastedImage_8.png

24 Replies
Level 7

Hi Paul,

 

I looked for a possibility to have a lookup ( searchfield )  for the manager in a user creation template. I only saw this option available at the Open Template. I had created templates manually and there I had implemented the following option after a hint from support:

{
"Name": "manager",
"Definition": {
"Type": "SearchField",
"IsEnabled": "true",
"IsRequired": "true",
"Label": "['en-us:manager', 'de-de:Vorgesetzter']",
"ObjectType": "Account",
"Filters": {
"ActiveDirectory": "PropertyValues{TypeId = -100 AND Value='user'}"
}
}
}

 

So after creating a template with your really helpful tool I opened it with a editor and added the above code. The template verifies o.k. and the manager option is there when I use it to create a user with this template. ARMTG doesn't pick it up, when opening a template and removes it from the code as well. Is there any way to have this code stay in the template or even be able ti use that n ARMTG ?

Thanks

 

Thomas

 

0 Kudos

Hi Thomas,

see the bottom of my post for an answer to your actual question. 🙂

It is important to know in which interface you want to use the resulting template since there are some inconsistencies between controls available in the fat client and the web interface.

The approach you are currently using should work for the fat client.

To get it to work in the web interface you´ll need to use the AccountSearchTextField control (if i remember correctly that is "officially" only supported in openTemplates but works in usertemplates as well). That control does only return the displayname to the field it is defined on though so you will need an additional field to fetch the DN.

For your setup you´ll need:

1 attribute to hold the control (i´ll use extensionAttribute1 in my example, it needs to be a valid attribute)

1 attribute (the manager attribute) to fetch the result from the control

 

First the field that holds the control:

{
"Name": "extensionAttribute1",
"Definition": {
"Type": "AccountSearchTextField",
"Label": "User",
"IsRequired": false,
"LookupTableId": "AccountSuchergebnis",
"AttributesToLoad": ["distinguishedname"]
}
},

The control creates a lookuptable with the defined lookuptableId, which you can then use to fetch the distinguishedname in your second field:

{
"Name": "manager",
"Definition": {
"Type": "TextField",
"Label": "ManagerDN",
"IsHidden": true,
"Constraints": {
"CreationRule": "<lookup>(AccountSuchergebnis,distinguishedname)"
}
}
},

 

Regards

Paul

P.S. looks like i answered too fast without reading the last few sentences but i´ll leave it here for future reference. 

To answer your question in the current version of the template generator the output contains only controls that the TG explicitly supports which is not the case for the Searchfield (if i remember correctly that didnt exist in that form at the time or at least i wasnt aware of it). So unfortunately you will have to add it manually after editing a template with the TG.

0 Kudos
Level 7

Hi Paul,

is there possibly a bug relating the Exchange Mailbox creation?

When we try to toggle on Mapi and disable the toggle by the user, the checkbox in your template gen goes blank after reload.

And is it possible to add a toggle for the Email Adress policy that you can toggle in Arm in the Email adress change window on the bottom?

When we set the Home dir at the user creation with an template (or do it manually) the folder is not created.

Is there an option we miss?

Anyways, thanks for the amazing tool.

0 Kudos

Hi Paul,

the support told me that ARM wont create the Home dir, only the values are added. If you do it with "AD Users and Computers", Microsoft is doing some fancy stuff in the background to create the home dir. Solarwinds will not recreate this function.

0 Kudos
Level 7

Hi,

I'm trying to get this to work, however I'm having some difficulty with the username creation. Our usernames are the first 3 letters of the surname and the first 3 letters of the first name.. so for example, if the user was James Dean, his username should be deajam. How do I set this in the template??

At the moment its taking the first letter of the firstname. surname...

0 Kudos

Hi bevan,

this creationrule should work for your case:

<toLowerCase>(<regExpr>('.{0,3}',{sn})<regExpr>('.{0,3'},{firstname}))

it selects the first 0 to 3 characters of sn and firstname, the 0 to 3 part is important in case you have names that are less than 3 characters long.

Regards

Paul

0 Kudos

Thanks Paul,

That worked successfully!

Last question, is it possible when creating the exchange mailbox as part of the template that it applies our corporate retention policy to the newly created  mailbox?

I thought I could make use of the Exchange Scripting Agent, however it looks like its not being called when creating a user based off a template in ARM. Works when i manually create a mailbox in exchange though.

0 Kudos

Hi Bevan,

in the template is now way at the moment. In scripting, like Paul was writing, it should work.

The order is:

first create a user in AD then,

a powershell is starting and do enable-mailbox for that user and all that stuff

and if that all is successful the customized powershell will start.

You should see in LOGBOOK or in the LOG File arnServer.log (C:\ProgramData\protected-networks.com\8MAN\log) what is going on and what could be the problem.

But if you are writing "Exchange Scripting Agent" I believe that you do not use the scripting possibility of the template  right? Or do you use it and it does not work.

0 Kudos

Hi Bevan,

the way to do this is to use the script execution you can define in the template and set the retention policy in that script (for example via powershell: set-mailbox -retentionpolicy "policyname").

Regards

paul

0 Kudos
Level 7

Hi Paul,

nice tool, thanks.

I got an Error whren editing lookup table entries. After pressing ok the program dies. Tested with the user-example and a self created template.

tg2-1.JPG tg2-2.JPG

Hope you have an idea.

Edit: And the minimum password length for user creation schould be chooseable or 8 for me.

Regards

Richard

0 Kudos

Hi Richard,

thanks for your feedback. I have fixed the crash and added the minimum length as editable field.

Regards

Paul

0 Kudos

Hi Paul,

great, it works. Solved in a fantastic reaction time.

Thank you.

Best regards

Richard

0 Kudos
Level 8

Hi,

how can I order manually the AD Properties, so that they have a desired order in the Workflow form.

It would be really nice to have this possibility.

I observed, that sometimes the Template Generator (V2) will rorder the AD Properties automatically by himself.

Regards

Adrian

0 Kudos

Hi Adrian,

for OpenOrder Templates you can change the order by editing the Hierarchy (there should be a button there somewhere ).

For all other templates currently you can not change the order in the Generator.

I might add that in a future release but at the moment you will probably have to manually reorder them in the template.

Regards

0 Kudos

Hi Adrian,

normally on the web frontend it should be shown in the order which are in the template file. If that is not the case it is a bug. In the rich client you have mandatory fields, like samaccountname, givenname, surname and description where you can't change the order, but the LDAP properties itself should be the same as in the template file.

When it is reordered by the TG then it would be great if Paul find time to fix it.

kind regards,

Mike

0 Kudos
Level 8

Hi Paul

Great job and very useful This helps me a lot

Pirmin

0 Kudos
Level 9

Hi Paul,

I keep getting this error popup whenever I try modifying any of the AD Properties. Any idea why?  I don't think I have multiple properties with the same name as this is the only one I've modified.

pastedImage_1.png

Also - Is there some secret to saving new templates in the C:\ProgramData\protected-networks.com\8MAN\data\templates folder?  It seems like 90% of the time when I drop a new template in that folder it doesnt get detected by ARM even after I restart the Windows service.

pastedImage_0.png

0 Kudos

Hi Eric,

thanks for your feedback, I have updated the download link with a version that should fix the problem with the duplicate name. Sorry for the inconvenience.

Regarding the templates folder ARM should automatically (without service restart and immediately) try to parse new templates. Do you see any information in the Health Check (lower right corner of fat client or config client) regarding the import?

Regards

Paul

0 Kudos

Hi Paul,

Thanks for the tip.  There was a problem with the way one of the values was formatted.  I fixed this which resolved my problem.  The new version of the wizard is working better now and im not getting the error.  However when i hit "Save" the window doesnt close automatically and doesnt register that the change has been made unless i click 'Next' in the wizard and then go back.  Not a huge issue but just something to be aware of.  Thanks for the quick response on this.

0 Kudos

Hi Eric,

thanks again, normally after saving the window should close and the table should be updated. I just found one case where this does not work as intended and fixed it. Can you try if the problem still occurs for you? If so please send me a screenshot of the property definition.

Regards

Paul

0 Kudos