I’m working on an IdentityNow (IDN) integration where I need to aggregate AD entitlements (AD Security Groups) and also populate the AD group owner (from the managedBy attribute) into IDN entitlement custom/extended attributes.
Goal
Aggregate the AD group attribute managedBy (DN of the owner).
Store this DN in a custom entitlement attribute like ownerDn.
Why I need custom/extended attribute?
managedBy value cannot be written directly into the OOTB entitlement owner field.
As far as I know, there’s no way to do this out of the box. I’ve implemented a custom powershell script that can perform this daily by using task scheduler.
At a high level, this script basically scans all the entitlements in your Active Directory source, uses a get-adgroup commandlet call to find the managedBy field, compares it against the current value to see if it needs to be updated, then if it does, it will use a patch request to update the field in ISC.
Let me know if you have any questions or concerns!
As far as I know, no that’s not possible. I would try what @j_place mentioned to bring in the managedBy field automatically. Otherwise, you will need to do what I suggested and stored it in either the owner field or some other patchable field like below:
requestable privileged segments owner name description manuallyUpdatedFields
Hi,
Our ‘solution’ was to create a 2nd custom connector which can bring in that value, then import data from both connectors into ServiceNow and let it combine the two.
Not pretty, but does work