Hi Team,

I have Created User provisioning runbook and successfully added to SCSM.We are able creating AD user and home drive from SM portal.I need assistance on duplicate user.. scenario is lets say we have a new employee name "John Smith" and HR created User request service request which been approved by Helpdek guy then user creating runbook has been created user (JSMITH) with out issues.Now we have got one more new employee with same name "John Smith" and HR created SR for the same and Helpdek guy has been approved that but the runbook not run because of duplicate User ID.

Please let me know that

1.how can i configure mail to send to HR and helpdesk saying that the user id already exust in AD.

2.How can i create user like JSMOTH1 with runbook if JSMITH is existed.

I would recommend a "pre-check" runbook in the beginning of the SR to check if the User/Username is unique.

As far as I know it's not possible with the default Orchestrator AD activities so you need a PowerShell activity to check the Username with a conditional logic like "do-while" (maybe Jsmith1 also exists already).

Get-ADUser

Conditional Logic Using Loops

If this runbook runs first in your SR activities workflow you can update the information with the new username (JSmithxyz) before approval and the "create user" runbook.

Could you please provide me an example power shell script.

There you go:

$username = "jsmith"

$user = Get-ADUser -Filter {(SamAccountName -eq $username)}
If ($user  -eq $Null) {"User does not exist in AD"}                    
                       
Else {"User $username found in AD. Checking for valid username"
      $i = 1
      do {
            $newusername = $username+$i
            $UniqueUsername = Get-ADUser -Filter {(SamAccountName -eq $newusername)}
            $i++
      }
      until ($UniqueUsername -eq $Null)
      "$newusername is a unique Username"
     } 

Thanks Andreas,

My requirement is when HR enter all required fields include first name and last name and hit submit SR should not create with out checking the username weather existed or not in AD.If not exist SR ticket should create or else just pop up a to HR saying that USer already exist in the AD .....

Please help me.

Your requirement is not possible in SCSM.

But anyway: In my opinion the HR don't need to know which username is already in use. And to be honest, why should they care about. They want you to create a user. Why should HR try to find a unique username in AD?

From a process perspective HR is requesting "Create a user" ... that's it. And you (the IT) have to make sure the user is created based on your naming convention of usernames.

That's the way all of our customers are doing this: Input is Firstname and Lastname by HR and the username is created automatically by runbook/script or manually by IT department.

Hi Andres,

Thanks for your reply.

Our requirement is if user name ( John Smith) already exist then user id should be create with first name 2 letter and last name like "josmith".Please provide the if loop in below power shell code.

============

$securePassword = ConvertTo-SecureString "xyz@123" -AsPlainText -force
$credential = New-Object System.Management.Automation.PsCredential("test\scsmwork",$securePassword)

Import-Module activedirectory


$firstName ="\`d.T.~Ed/{86A33FB1-ECD9-4F06-A3BA-42C0DDAFC92D}.{9BDDF92A-D4F9-489E-8DF6-8E7775241131}\`d.T.~Ed/"
$LastName = "\`d.T.~Ed/{86A33FB1-ECD9-4F06-A3BA-42C0DDAFC92D}.{4D670D59-7CFC-4A8D-ACAE-288679DA553C}\`d.T.~Ed/"
$office = "\`d.T.~Ed/{86A33FB1-ECD9-4F06-A3BA-42C0DDAFC92D}.{2C6B8828-75B6-46B1-8D3D-29672D44CE83}\`d.T.~Ed/"

$num = 1

Function userName([array]$adUserNames){

    $suggestedAccountName = ($firstName.substring(0,$num) + $lastName)

    if($suggestedAccountName.length -gt 20){
        $suggestedAccountName = $suggestedAccountName.subString(0,20)
    }

    while($adUserNames -Contains $suggestedAccountName){
        $suggestedAccountName = ($firstName.substring(0,$num++) + $lastName)
    }
    return $suggestedAccountName.ToLower()
}

Function userNameIndia([array]$adUserNames){
    $suggestedAccountName = ($firstName) + $lastName.substring(0,$num)

    if($suggestedAccountName.length -gt 20){
$suggestedAccountName = $suggestedAccountName.subString(0,20)
}
    
    while($adUserNames -contains $suggestedAccountName){
        $suggestedAccountName = ($firstName + $lastName.substring(0,$num++))
    }
    return $suggestedAccountName.ToLower()
}

if($office -eq "Hyderabad"){
    $suggestedAccountName = userNameIndia($adUserNames)
}
else{
    $suggestedAccountName = userName($adUserNames)
}

$suggestedAccountName

=================

The variable $suggestedAccountName contains the UserName like "JSmith"?

If so please try to add  this at the end of you script:

$suggestedAccountName

$user = Get-ADUser -Filter {(SamAccountName -eq $suggestedAccountName)}
If ($user  -eq $Null) {"User does not exist in AD"}                    
                       
Else {"User $suggestedAccountName found in AD. Checking for valid username"
      $i = 1
      do {
            $newusername = $suggestedAccountName+$i
            $UniqueUsername = Get-ADUser -Filter {(SamAccountName -eq $newusername)}
            $i++
      }
      until ($UniqueUsername -eq $Null)
      "$newusername is a unique Username"
     } 

We are able create ID with 2 letters of the first name +Last name.If we have powershell 2.0 in the operation system.But in our environment we have Windows 2012r2 os for orchestrator (Orchestrator 2012r2).

The problem with calling PSV4 from Orchestrator 2012 is that PSV4 runs on the CLR V4, while Orchestrator runbooks and the Invoke.Net Activity run in a CLR V2 Process.

I have tried so many ways but not success .So please provide me a perfect solution for this .

Any luck.

Please provide me the Powershell 2.0 calling script so that will add that to my script which was given in my previous script.

Instead of calling the PSV4 script in a PSV2 script you can give it a try to add the following DWord regkey:

HKLM\SOFTWARE\Wow6432Node\Microsoft\.NETFramework

Reg_DWORD: OnlyUseLatestCLR

Value: 1

This will force Orchestrator to use the latest PowerShell version.

You can verify this by running the following PS command in a .Net script activity in Orchestrator:

$PSversion = $PSVersionTable.PSVersion

Use the PSversion variable as "Published Data" in your .Net Script activity to verify the result.

Hi Andreas I have already added registry key but still getting error

But the version of the PS command I posted above is shown correct (V 4.0) by the SCO runbook?

What is the full text of the error message?

Hi Andreas,

Thanks allot it's works from me.

Once again Thanks for your help.