Solved: Re: How to get dropdown list of members of AD grou...

gauteb · ‎10-08-2019

Hi,

I have a couple of end users that are responsible for a few service accounts in AD. They need to have the ability to change password, deactivate, activate etc the users they are responsible for. The users are in a OU that have a lot of other users they should not be able to do actions against. While researching this I stumbled upon this: Getting users in an AD Group through vRA. Basically it says to create an action that lists all members of group. After creating the action, it says to create a Property Definition that points to the ad group and add the definition to a blueprint. This works fine, but I want to use it in a workflow.

This is the code in the action:

userArray = new Array();

var usersInGroup = userGroup.userMembers

for each (user in usersInGroup) {

//System.log(user.Name)

userArray.push(user.Name);

}

//System.log(userArray);

return userArray;

I would like to use this to get at dropdown list of the users in the group and run a script (powershell) on the selected user. I found a discussion where it was suggested to use presentation tab to get the dropdown by calling the action. When I do this the actions returns no values, this I believe this is because the action doesn't have any information about the group it should get users from.

I'm able to get the list of users in the group by adding a parameter with the ad group and calling the action from a scriptable task. But I need to have the list as a dropdown for the user. I've two domains connected to vRO.

I will be very grateful if someone can nudge me in the right direction on how I can accomplish this. In the end the workflow will be used as a xaas in vRA. If you need more information, please let me know. Thanks in advance.

GB

eoinbyrne · ‎10-08-2019

If your ultimate goal is to use this workflow as XaaS in vRA then you're probably better to abandon the vRO Client presentation angle here. It is certainly a nifty thing to have but I tend to not bother with it these days when using the XaaS form builder. In prior versions of vRA/vRO the form build could interpret your workflow presentation and display controls for it. I'm not 100% sure how it operates now

Anyway, if you're in the form build you can just add a drop-down list to the form and then source your values using the 'External Values' option. This lets you call ANY vRO action using fields available in the form. Generally I try to ensure that my parameters to the actions are String type and have the actions return String arrays for listing.

If you use this approach then you are more or less there with the code you have. The only part your missing is the group name to load the member names from which you could handle using one of the following

- an additional drop-down with group names in it

- a hard-coded & hidden field on the form with the group name in it

- hard-code the group name into the vRO action

- store the group name in a ConfigurationElement attribute in vRO and load it in the action code when it executes

If you really want to get the vRO presentation bit working then you it's quite easy to add an Attribute to the workflow and then use it as a parameter in the presentation action

View solution in original post

eoinbyrne · ‎10-08-2019

If your ultimate goal is to use this workflow as XaaS in vRA then you're probably better to abandon the vRO Client presentation angle here. It is certainly a nifty thing to have but I tend to not bother with it these days when using the XaaS form builder. In prior versions of vRA/vRO the form build could interpret your workflow presentation and display controls for it. I'm not 100% sure how it operates now

Anyway, if you're in the form build you can just add a drop-down list to the form and then source your values using the 'External Values' option. This lets you call ANY vRO action using fields available in the form. Generally I try to ensure that my parameters to the actions are String type and have the actions return String arrays for listing.

If you use this approach then you are more or less there with the code you have. The only part your missing is the group name to load the member names from which you could handle using one of the following

- an additional drop-down with group names in it

- a hard-coded & hidden field on the form with the group name in it

- hard-code the group name into the vRO action

- store the group name in a ConfigurationElement attribute in vRO and load it in the action code when it executes

If you really want to get the vRO presentation bit working then you it's quite easy to add an Attribute to the workflow and then use it as a parameter in the presentation action

gauteb · ‎10-08-2019

Thanks for your reply.

I think I will be able to hard-code the group or use a configuration element, but I don¨t understand how to use a hidden field in the blueprint form. Would you mind explaining how I do that?

Thanks.

eoinbyrne · ‎10-08-2019

Here's how to hide a field in the form

If you set it to be "Read Only" = "Yes" and gave it a Constant value, also then it will look like this in the XaaS designer

Then after the XaaS has been published and a user requests this item from the catalog, they will only be shown the Visible item (which they can modify and provide a value for). The Hidden value is a constant & both will be submitted to the workflow invocation when the user clicks OK.

You can set constraints on ANY input defined on the vRO workflow you use for the XaaS BUT ALSO (IMO the most useful part of this), if you add a new field to the form which is not an defined input to the workflow, that new field will be submitted as an additional value which your scripting can access using code like the below. I usually collapse all the defined inputs and the additional form inputs into a Properties so I can pass them around everywhere as a single unit

gauteb · ‎10-08-2019

Thanks a lot, great information!

There is still one thing I don¨t quite understand. If I understood you correctly I could add the dropdown to the blueprint form as external value and point to the action and then I could add a hidden field with the ad group as value. How do I make the value of the hidden field input for the action so that the the dropdown displays the members of the group?

eoinbyrne · ‎10-09-2019

You will need to modify the action for the External values to accept a parameter and then you can do this to pass the value of the hidden field from the form

gauteb · ‎10-09-2019

Perfect, thank you so much!

gauteb · ‎10-09-2019

Thanks for all your help. I´m wondering what type of field is your hiddenField? When I use text field it never shows up as a field. If I choose a different type of field like dropdown or search it shows in the Define Field Values list.

eoinbyrne · ‎10-09-2019

The entity type for the value in the TextField is string and you can't change it

What's the type of the parameter in your vRO action here? If it's not String (i.e., if you've specified the type as AD:Group) then this might be why a Drop-Down will work?. When you add a new drop-down field the form builder asks for the entity type.

gauteb · ‎10-09-2019

The action parameter is AD:UserGroup so it makes sense that the text field cannot be used, but can text fields be used as a value for other fields? If so I find it strange that the text field doesn´t show. I created three more fields, all dropdown but with different type, AD:User, AD:UserGroup and vCAC:Alarm. They all show in the list but the only one I can select is the one with AD:UserGroup, which make sense.

I do need to change the action since we have 2 domains connected to vRA/vRO, I´ve an idea on what I need to do and that requires 2 hidden text fields, one for the group and one for AD Host. At least I think it needs text fields.

gauteb · ‎10-09-2019

I did a little testing and the text field only seems to show in the Define Field Values list when the action has a parameter with type string.

Thanks again for your help!

All

How to get dropdown list of members of AD group