Not getting any output

Feb 15, 2011 at 8:08 PM

I am having trouble getting any of the functions in this integration pack to work. Does this pack not support AD 2008? When i use for instance "Enumerate Objects in an UO" and i use the exact OU DN pulled from ADSI and do not filter anything i get no results to output. When i use the OU DN and Filter for the Object DN i still return no results. I am trying to create a custom workflow to crawl my AD and find computer accounts that are stale and delete them from AD 2008. Please advise if this pack is capable of that and how to resolve the issues. When using the Get users from group command i recieve the following error ,

 

"

Unspecified error


Exception: COMException
Target site: DirectoryEntry.Bind

Stack trace:
   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.PropertyValueCollection.PopulateList()
   at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
   at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
   at Active_Directory.GetGroupMembership.<getGroupMembers>d__0.MoveNext()
   at Opalis.QuickIntegrationKit.Framework.Core.FilterSet.Filter(IEnumerable values)
   at Opalis.QuickIntegrationKit.Framework.Core.FilteredResponse.PublishRange(IEnumerable values)
   at Active_Directory.GetGroupMembership.Execute(IOpalisRequest request, IOpalisResponse response)"

Coordinator
Feb 17, 2011 at 1:16 PM

Hey Ryan,

Yes the IP can be used for that purpose.  It expects all DNs in the format LDAP://OU=Computers,DC=Contoso,DC=com.  The IP is forest level agnostic and works off of the directory services classes from .NET.   

Feb 17, 2011 at 3:29 PM

Thanks for your response,

Maybe I am having a little bit of a problem understanding how to use the Integration Pack to do something of that nature. My brain hurts a bit from trying to digest a whole lot of opalis stuff all at once. In order for me to find an object which i would want to delete i would have to use the Enumerate Objects in an OU, would that be correct? I have figured out my mistakes in the format which you have listed above already and I am able to enumerate all objects in the OU in which I am searching. However I have not figured out how to go about filtering out the objects which I am deeming to be expired. I am attempting to search for accounts that have not changed their machine account passwords in 120 days. That is the policy we have instituted here at our company to mark an account for deletion. Which object would i use to filter the results? I thought it may be in the action objects Move/Delete/Disable but I am unable to add any filters as the functions are disabled for me.

Coordinator
Feb 21, 2011 at 5:44 PM

Hey Ryan!

I have updated the IP to help you a bit with you workflow.  I have created a 'get object values' object.  You point this object at the LDAP path of an object (user, computer etc) and it will return all the property values associated with it.  I hope this will help you in determining if a computer is 'expired'.

Feb 23, 2011 at 2:00 PM

Wow,

Thank you for that, I'm sure this will be of great help. I'll get right on checking it out.

Feb 23, 2011 at 2:28 PM

When using this feature in the OIP, i would specify the dN for the object that i would like and then the filters I specify are Object_Name, Value_Name, and Value.

Would the Value_Name be the AD Attribute that I am trying to pull information from and the Value be its value?

Also, what is the Object_Name filter refering to in AD?

Final Question! Where did the Enumerate Objects in OU Object go? Is that functionality built into another part of the OIP? That piece is what i was using to grab the list of servers to try and check the password expiration against.

Thank you for all your help!

Coordinator
Feb 24, 2011 at 12:13 PM

Hey Ryan!

I am going to be making an update to the IP that will cleanup a lot of the Object names and input value names.  This update will also include a number of example workflows and documentation on the IP.  I missed the 'enumerate objects in OU object' when i re-wrapped the latest version (it will be re-included in the new version)

 

Coordinator
Feb 24, 2011 at 6:53 PM

Hey Ryan,

I have updated the IP a bit and standardized a lot of the input names and give examples for the formats I expect as input.

Enumerate Objects in OU has been re-added

Object_Name is the LDAP Path of the object who’s properties you are looking at

Value_Name has been replaced by Property_Name. This is the name of the property the returned value is associated with (example: Memberof)

Value has been replaced by Property_Value. This is the value of property given in property name.

Hopefully this helps

From: ryandurbin [email removed]
Sent: Wednesday, February 23, 2011 9:28 AM
To: Ryan Andorfer
Subject: Re: Not getting any output [OpalisADExtension:246171]

From: ryandurbin

When using this feature in the OIP, i would specify the dN for the object that i would like and then the filters I specify are Object_Name, Value_Name, and Value.

Would the Value_Name be the AD Attribute that I am trying to pull information from and the Value be its value?

Also, what is the Object_Name filter refering to in AD?

Final Question! Where did the Enumerate Objects in OU Object go? Is that functionality built into another part of the OIP? That piece is what i was using to grab the list of servers to try and check the password expiration against.

Thank you for all your help!

Feb 24, 2011 at 7:58 PM

Ryan,

I like the fact that you put in the examples, this definitely would help to explain how the pack is working. When matching your OIP to Active Directory the fields that are associated with your filter options are "Atrribute = Property_Name" and "Value = "Property_Value". Just clarifying for any others who may be reading this.

I have tried to see if the OIP will do what i need it to now, but I appear to still be having some issues with it.

Here is what I am trying to do.

I am using Enumerate Objects in an OU to pull down a list of objects (objects being any containers/groups/users/computers in this OU) and using no filters against this. As a result I get a list of every object in the OU.

Then I am using Get Object Properties and subscribing the Object LDAP Path property of this object to {"Enumerate Objects in an OU"} which is going to use this object against every single object in the specified OU. I am then attempting to filter these results to only the value for the pwdLastSet attribute.

I am attempting to do this by setting the filter of "Property_Name" Equals Value "pwdLastSet"

In my mind this would allow me to subscribe to this object and pull "Object_Name" and "Property_Value" as an output for my next object in line. Meaning i would be able to get "ComputerName"

When trying this what I am finding is that the code is enumerating every object in the OU, then enumerating every attribute name for the objects found then enumerating every attribute value for the objects found.

I have not been able to get the values of the specific objects in the specified field without retrieving EVERYTHING at once.

Coordinator
Feb 25, 2011 at 1:43 PM

Ryan,

You are exactly correct. I forgot to actually implement the filtering on the object, I am doing that right now and re-releasing. Thanks for testing!

Ryan Andorfer - MMS 2011 Speaker – Automation Engineer

From: ryandurbin [email removed]
Sent: Thursday, February 24, 2011 2:59 PM
To: Ryan Andorfer
Subject: Re: Not getting any output [OpalisADExtension:246171]

From: ryandurbin

Ryan,

I like the fact that you put in the examples, this definitely would help to explain how the pack is working. When matching your OIP to Active Directory the fields that are associated with your filter options are "Atrribute = Property_Name" and "Value = "Property_Value". Just clarifying for any others who may be reading this.

I have tried to see if the OIP will do what i need it to now, but I appear to still be having some issues with it.

Here is what I am trying to do.

I am using Enumerate Objects in an OU to pull down a list of objects (objects being any containers/groups/users/computers in this OU) and using no filters against this. As a result I get a list of every object in the OU.

Then I am using Get Object Properties and subscribing the Object LDAP Path property of this object to {"Enumerate Objects in an OU"} which is going to use this object against every single object in the specified OU. I am then attempting to filter these results to only the value for the pwdLastSet attribute.

I am attempting to do this by setting the filter of "Property_Name" Equals Value "pwdLastSet"

In my mind this would allow me to subscribe to this object and pull "Object_Name" and "Property_Value" as an output for my next object in line. Meaning i would be able to get "ComputerName"

When trying this what I am finding is that the code is enumerating every object in the OU, then enumerating every attribute name for the objects found then enumerating every attribute value for the objects found.

I have not been able to get the values of the specific objects in the specified field without retrieving EVERYTHING at once.

Feb 25, 2011 at 3:51 PM

Ryan,

Your changes have made the OIP much more user friendly and useable!! Thank you for doing that! I am able to filter down to the exact attribute name and values that I need and output them properly. The only problem that I have now is that instead of outputting the value for certain fields, pwdLastSet for example, which is normally a very long number string, it is outputting , "System.__ComObject" rendering that output useless in the workflow. I'm not sure if that is something that can be browsed a different way or if thats just how it passes the information through .net. Hopefully i can find another attribute they will let me use in AD to verify whether or not a computer account is still needed. Thanks again for the prompt support of your OIP. Kudos from me.