• State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 23 subscribers
  • Views 567 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Starting a 2nd template after job of 1st template is done

swg

Hello everyone,

We use a template to create an AD user.

If the job has finished we would like to immediately open a second template for different other things e.g. create a security group right after

Or is it possible to put CreateNewUser  and  CreateNewGroup  inside one template which creates both user and the group?

Thanks

  • 0

    Hi swg,

    the way to do that would be to execute a call against the Web API from the attached script execution. There are methods in the API that allow you to create Objects either by template or without (and also a bit more other stuff).

    Please ask your rep for documentation.

    Regards

    Paul

  • 0 in reply to 8paul

    I have the same question. It would be nice to open a second template then an open order for example.

    @8paul, do you have some examples how to emplement it?

    Regards,
    Patrick

  • 0 in reply to paddy75

    Hi Patrick,

    i dont have an example that´s calling a template based function right now. I hope the following works as a general example, the different methods and parameters should be available in the docs. At the moment I am not aware of any method to call OpenTemplates through the API though.

    Here is an example of how to use the API with powershell to add an account to a group (log in with username and password):

    $baseUrl = "https://localhost"

    $session = New-Object Microsoft.PowerShell.Commands.WebRequestSession

    $loginUrl = $baseUrl + '/Session/login?username=demoadmin&domain=8man-demo&password=Passw0rd'

    $webrequest = Invoke-RestMethod -uri $loginUrl -Method Get -SessionVariable websession

    $webrequest

    $cookies = $websession.Cookies.GetCookies($loginUrl)

    $cookies

    $session.Cookies.Add($cookies);

    $body = '{"groupAccountDn":"CN=Clean - Marketing,OU=clean!,DC=8man-demo,DC=local","accountDnsToAdd":["CN=testuser,OU=Sales,OU=Berlin,DC=8man-demo,DC=local"],"comment":"blub"}'

    $changeGM_URI= $baseUrl + "/api/v1/account/groupmember"

    $webrequest = Invoke-RestMethod -Uri $changeGM_URI -WebSession $session -Method Post -Body $body -ContentType "application/json"

    When calling the API through a script that has been executed by ARM itself like in the suggested scenario you can also define {authZtoken} as an additional parameter and use that token value to authenticate to the API like this:

    param(

    [string] $authZToken,

    [string] $groupname,

    ...

    )

         ....

        $baseUrl = "https://localhost"

        $session = New-Object Microsoft.PowerShell.Commands.WebRequestSession

        $loginUrl = $baseUrl + "/Session/loginWithToken?token=$authZToken"

         ...

    If you are using a self signed or untrusted SSL certificate you might also run into certificate verification errors using the above code. To temporarily disable the SSL verification you can execute this function:

    function Disable-SslVerification

    {

        if (-not ([System.Management.Automation.PSTypeName]"TrustEverything").Type)

        {

            Add-Type -TypeDefinition  @"

    using System.Net.Security;

    using System.Security.Cryptography.X509Certificates;

    public static class TrustEverything

    {

        private static bool ValidationCallback(object sender, X509Certificate certificate, X509Chain chain,

            SslPolicyErrors sslPolicyErrors) { return true; }

        public static void SetCallback() { System.Net.ServicePointManager.ServerCertificateValidationCallback = ValidationCallback; }

        public static void UnsetCallback() { System.Net.ServicePointManager.ServerCertificateValidationCallback = null; }

    }

    "@

        }

        [TrustEverything]::SetCallback()

    }

    To enable it again you can use this function:

    function Enable-SslVerification

    {

        if (([System.Management.Automation.PSTypeName]"TrustEverything").Type)

        {

            [TrustEverything]::UnsetCallback()

        }

    }

    Best

    8Paul

  • 0 in reply to paddy75

    Hi Patrick and swg,

    unfortunately there is now way to generate new "Request" with Workflow for the GrantMa. The only ways is like 8Paul said, do everything within a script. There are two ways:

    1.) Within a template, but here you have not the possiblity of single sign on tooken ("AuthZToken"). Within the template you can add direct Group Membership. The Syntax is:

    "Memberof": {

      "IsHiddenFromRequester": false,

      "IsHidden": false,

      "Accounts": [

       "sid:///ad/S-1-5-21-1545227963-2195427628-2857504096-20134"

      ]

    },

    2.) After creating a user / Group you can define scripts within the ARM Configuration and here you can use the  ("AuthZToken") see Picture. The rest is like 8Paul descriped.

    pastedImage_5.png

    Hope that helps too.

    regards,

    Mike

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.