If you have been a systems administrator for any amount of time, you have probably been asked “hey can I get a list of the users in group or distribution list X?” Sure thing you say, and then go run some PowerShell or have some sort of tool that will export that data or the most painful, hand entry and then send the list back. The PowerShell option is great, but it still requires someone to run it, and if you haven’t figured it out by now, I’m all about not having to do menial tasks by hand. Thus the solution: an Orchestrator Runbook with a user enabled Self-Service Request in Service Manager:
I’ll start with the Runbook and then show the Request Offering in Service Manager.
In Initialize Data we need the RBAID so we can get the Related items.
First we’ll get the Related AD Group or Distribution List that the user selected.
Next we’ll get the AD Group in Service Manager.
Next we’ll get the Related Service Requet.
And then the Service Request itself so we can use it later.
Now we’ll get the group in Active Directory. Note: the way Service Manager presents the group is domainnamegroupname which is why I have selected Username Group the Get AD Group activity in Service Manager.
Next we’ll verify that we were able to find the group by selecting the Links directory after Get Group and changing the include filter to Count Does Not Equal 0.
I also added a failure which contains “Count Equals 0” and update the Service Request with a failure.
Next we’ll do the meat and potatoes and actually get the users in the group. How we do that is by using IndirectMemberOf
Get Users Flat is the same but the Run Behavior is flattened and separated by line break.
Now that we have the users we put them in a CSV file and remember the location, I chose to use the Common Name of the group as the file name.
Now, we need the Junction so we can return only data from the Get Users Flat path, otherwise each activity after Append Users will run the same amount of times as there are members in the group.
Now we get the Related Users of the Service Request
And we have to filter by Affected User, because get Related User will get all possible fields, even if they are blank.
Its all downhill from here as we get the Affected User in Service Manager.
Then get them in AD so we can have their email address.
Then send the email with the CSV attached.
And now some final house keeping by deleting the CSV after emailing it.
and finally updating the Service Request with Completed status, I also threw in the flattened results from Get User in the Notes Section just so its documented, you could also upload the attachment into Service Manager if you wanted.
Now for the Self-Service Portion.
I’m only going to show the Request Offering, I have other posts with all the steps to go from Runbook to Request Offering.
After you’ve created your Runbook Automation Activity and Template that contains the RBA, create your Request Offering.
Give your Request Offering a Name, select the template you made.
Add the user prompt for Group Name and select Query Results.
Under class select All Basic Classes and choose Active Directory Group.
In Display Columns, check Display Name.
And under Options select Add user-selected objects to template object and choose Service Request and the same for Add user-selected objects to template object as affected configuration items and choose Runbook Automation Activity.
One caveat is that while this will get members of Security Groups and Distribution Lists, it will not get Dynamic Distribution lists, it appears Service Manager cannot see these from Exchange without another management pack or connector. I searched and couldn’t find anything on getting Dynamic Distribution Lists in Service Manager.
Now you can sit back and point people to the Self-Service portal when they ask you to find the members of a group.
This runbook is provided as an example and is not production ready, please test in your own environment. The runbook is provided as is and without warranty.
You can download this runbook here.