The self service portal isn't really an Orchstrator thing. you're wholly in Service Managers territory. this may not matter, however.
The issue that you are about to run into is that group membership is not recorded in the CMDB. view tokens and security in the console are all resolved by the SQL permissions engine, and the AD Connector doesn't make any provisions for storing the group memberships in the CMDB
one thing i have done in the past is create a custom "Member of Group" relationship and populate it from AD using a custom powershell script (You might be able to populate this with an orchestrator runbook that looks up each user and creates a relationship between it and every group it is a member of, then repeat for every group so you have a full mesh). Once you have this relationship in the CMDB, then you would need a custom Type Projection* for AD User that includes a component for your custom group membership relationship, and you could filter this so that it only list users that are a member of a given group. Bear in mind that group memberships can be nested, so you wouldn't retrieve members (c) of groups (b) that are members of your target group (a).
If you need examples, i'm sure i have the MPs that contain the classes, relationships and powershell workflows that i used at a previous client to gather this info for a similar process (related to automatic assignment of tickets to group members).
*(AKA Combination Class, because multiple names for things is a thing, apparently)
- Proposed as answer by Andreas BaumgartenMVP, Moderator Wednesday, September 03, 2014 5:46 AM
The self service portal isn't really an Orchstrator thing. you're wholly in Service Managers territory. this may not matter, however.
The issue that you are about to run into is that group membership is not recorded in the CMDB. view tokens and security in the console are all resolved by the SQL permissions engine, and the AD Connector doesn't make any provisions for storing the group memberships in the CMDB
one thing i have done in the past is create a custom "Member of Group" relationship and populate it from AD using a custom powershell script (You might be able to populate this with an orchestrator runbook that looks up each user and creates a relationship between it and every group it is a member of, then repeat for every group so you have a full mesh). Once you have this relationship in the CMDB, then you would need a custom Type Projection* for AD User that includes a component for your custom group membership relationship, and you could filter this so that it only list users that are a member of a given group. Bear in mind that group memberships can be nested, so you wouldn't retrieve members (c) of groups (b) that are members of your target group (a).
If you need examples, i'm sure i have the MPs that contain the classes, relationships and powershell workflows that i used at a previous client to gather this info for a similar process (related to automatic assignment of tickets to group members).
*(AKA Combination Class, because multiple names for things is a thing, apparently)
- Proposed as answer by Andreas BaumgartenMVP, Moderator Wednesday, September 03, 2014 5:46 AM
Hi,
Im working on a similiar scenario and are very interested to see how you have done your powershell workflows for populating the relationships in Service Manager. Is there any chance that you can share it with me?