«

»

Aug
01

Using System Center 2012 Orchestrator to create a new user in Office 365 from a Service Manager Service Request

In this blog post I will be sharing the latest System Center 2012 Service Manager service request and System Center 2012 Orchestrator runbook I have been working on.

This service request and runbook are designed to allow a member of HR or contacts management to raise a service request to create a new user account in Active Directory and a new mailbox. This was particularly challenging as the client has migrated all user mailboxes from their on-premise Exchange server to Office 365.

The process by which all this is delivered is as follows:

  1. The user logs onto the Service Manager Self Service Portal and completes a new user service request.
  2. A new service request is created in service manager based on a customised service request template. This customised template provides additional fields to capture the information provided by the user, and has a runbook activity assigned to the template.
  3. The runbook activity is invoked by service manager.
  4. The Orchestrator runbook starts and receives the ID of the new service request activity.
  5. Orchestrator uses the activity ID to retrieve the Service Manager Activity object.
  6. The relationship between the Activity object and the relevant Service Request object is then identified.
  7. The related Service Request object is then retrieved from Service Manager.
  8. Using the details in the Service Request object, a new user in Active Directory is created.
  9. Next, the newly created AD user is enabled.
  10. Following this, the Active Directory property proxyAddresses is set to firstname.lastname@comany.com. The reason why we do this is to ensure the client’s preferred e-mail address format is maintained when creating a new user in Office 365. If we didn’t do this, the new users e-mail address would be firstname.lastname@tenantname.onmicrosoft.com.
  11. Next we sleep for a short period of time to allow this newly created user to replicate to domain controllers in the environment.
  12. Once the sleep activity has completed, we then run a powershell script remotely on the DirSync server to force a directory synchronisation with Office 365.
  13. After this we then sleep for another 2 minutes to allow the DirSync activity to complete. Depending on the size of the environment, number of AD users, Internet link contention, this sleep time may need to be increased in other environments.
  14. Finally in order to create a new mailbox for the new user, we must run another powershell script which will log onto Office 365 powershell, find the new user, set the user locale for the new user and finally assign the necessary licenses to the new user.

 

Now, how did we do it?

In this blog I am going to focus specifically on the Orchestrator runbook which is invoked by Service Manager.

 

Below is a screen shot of all activities in the runbook.

 

 

Initialize Data gets the Activity ID from the Activity within the Service Request which invokes the Orchestrator runbook. The configuration for this activity is shown below.

 

Get the Activity get the Activity object from Service Manager which invoked the runbook. This activity is part of the Service Manager Integration Pack for Orchestrator. The configuration for this activity is shown below.

Find the related Service Request identifies the relationship between the Activity object and the Service Request to which it belongs. This activity is part of the Service Manager Integration Pack for Orchestrator. The configuration of this activity is shown below.

Get the related Service Request returns the Service Request object from Service Manager. This activity is part of the Service Manager Integration Pack for Orchestrator. The configuration of this activity is shown below.

The Create User (as the name might suggest) Activity creates a new Active Directory user using parameters such as first name and last name from the Service Request object. This activity is part of the Active Directory Integration Pack for Orchestrator. The configuration of this activity is shown below.

The Enable User activity enables the new user. This activity is part of the Active Directory Integration Pack for Orchestrator. The configuration of this activity is shown below.

The activity named Set the Users E-mail Address sets the AD property called proxyAddresses to firstname.lastname@company.com. This activity is part of the SCORCH Dev AD Integration Pack available from codeplex. The configuration of this activity is shown below.

Sleep for 5 minutes simply runs a sleep.exe program and passes an argument of the number of seconds to sleep for. The configuration of this activity is shown below.

The Run Office 365 Sync activity starts a powershell script which forces DirSync to synchronise Active Directory with Office 365. The configuration of this activity is shown below.

Below is the powershell script run by the Run Office 365 Sync activity.

Add-PSSnapin Coexistence-Configuration

Start-OnlineCoexistenceSync

 

Sleep for 2 minutes simply runs a sleep.exe program and passes an argument of the number of seconds to sleep for. The configuration of this activity is shown below.

 

The Assign Office 365 License to New User activity starts a powershell script which logs into Office 365 powershell, finds the new user, sets the locale for the new user and assigns a license to the new user. The configuration of this activity is shown below.

Below is the powershell script run by the Assign Office 365 License to New User activity.

param([String]$emailAddress=’user@company.com’)

 

Import-Module MSOnline

$Credential = New-Object System.Management.Automation.PsCredential ‘administrator@tenant.onmicrosoft.com’,(ConvertTo-SecureString -String ‘Password’ -AsPlainText -Force)

Connect-MsolService -Credential $Credential

Get-MsolUser -UserPrincipalName $emailAddress | Set-MsolUserLicense -AddLicenses tenant:ENTERPRISEPACK’

2 comments

  1. Johnavudria says:

    fantastic information

  2. Christophe Barneaud says:

    Hello,

    I would like to know if you have tried to make a direct connection to office 365 with the Exchange Admin IP in SP1.
    If I understand well it should be possible to configure the IP to Exchange online, but I didn’t success.

    thanks

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This site is protected by Comment SPAM Wiper.