SCORCH Web console orgininal get logged user to use in runbook

Question

Hello

Is there a way to get logged user in orchestrator console to use this info into Runbooks ?

Thx

Answer 1

Hi,

the Account which started a Orchestrator Runbook through Web Services in column 'Createdby' from table [Microsoft.SystemCenter.Orchestrator.Runtime.Internal].Jobs.

You can get this SID using this Query:

declare
@CreatedByJobsTemp nvarchar(50)
,@RunbookIdJobsTemp uniqueidentifier
,@ParentIdJobsTemp uniqueidentifier
,@IdJobsTemp uniqueidentifier
,@ProcessIDInstanceTemp int
select
@CreatedByJobsTemp = Jobs.CreatedBy
,@RunbookIdJobsTemp = Jobs.RunbookId
,@ParentIdJobsTemp = Jobs.ParentId
,@IdJobsTemp = Jobs.Id
,@ProcessIDInstanceTemp = Instance.ProcessID
from
[Microsoft.SystemCenter.Orchestrator.Runtime].[Jobs] as Jobs with (nolock)
inner join
[POLICIES] as Runbooks with (nolock)
on Jobs.RunbookId = Runbooks.UniqueID
inner join
[POLICYINSTANCES] as Instance with (nolock)
on Instance.JobId = Jobs.Id
where
Jobs.Status = 'Running'
and Runbooks.Name = '`d.T.~Ed/{941F35C3-B853-463B-8C55-CC15F600F64A}.{484FE830-C6EA-44EE-85DF-B050364FBCE6}`d.T.~Ed/'
and Instance.ProcessID = '`d.T.~Ed/{941F35C3-B853-463B-8C55-CC15F600F64A}.{9D8A22DF-4B23-4DF5-8857-D502E8D9DE32}`d.T.~Ed/'
while
(select @ParentIdJobsTemp) is not null
begin
declare @ParentIdJobsTest uniqueidentifier
select @ParentIdJobsTest = @ParentIdJobsTemp
select
@CreatedByJobsTemp = Jobs.CreatedBy
,@RunbookIdJobsTemp = Jobs.RunbookId
,@ParentIdJobsTemp = Jobs.ParentId
,@IdJobsTemp = Jobs.Id
,@ProcessIDInstanceTemp = Instance.ProcessID
from
[Microsoft.SystemCenter.Orchestrator.Runtime].[Jobs] as Jobs with (nolock)
inner join
[POLICIES] as Runbooks with (nolock)
on Jobs.RunbookId = Runbooks.UniqueID
inner join
[POLICYINSTANCES] as instance with (nolock)
on Instance.JobId = Jobs.Id
where
Jobs.Id = @ParentIdJobsTest
end
select
@CreatedByJobsTemp

Where the Pulished Data are the RunbookName and the Published Data from a previous Acrivity.

You can get the Acount from the SID with Powershell:

$objSID = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-21-4224239753-3541631238-4107968523-500")
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$samaccountname=($objUser.Value).split('\')[1]

Regard,

Stefan

Answer 2

Hi,

Based on my experience, I have never seen this kind of way. If you find a way, please share it with us.

Thanks.

Answer 3

I've just found a workaround

In console's runbook before treatments run Bdd Query on orchestrator Bdd with this query

---

SELECT TOP 1 j.[CreatedBy]

FROM [Orchestrator].[Microsoft.SystemCenter.Orchestrator.Runtime.Internal].[Jobs] AS j

INNER JOIN [Orchestrator].[dbo].[POLICIES] AS p ON j.[RunbookId] = p.[UniqueID]

WHERE p.[Name] like '%`d.T.~Ed/{ED1D483F-9F0F-41D9-8CF1-2735E139B0A1}.Policy.Name`d.T.~Ed/%'

ORDER BY j.[CreationTime] DESC

(Where `d.T.~Ed/{ED1D483F-9F0F-41D9-8CF1-2735E139B0A1}.Policy.Name`d.T.~Ed/% is a reference to current runbook name execution)

---

You will get an Sid

next run powershell command and inject this sid into

---

Replace 'your_sid_here' with the actual SID you want to resolve to a username

$your_sid_here = '`d.T.~Ed/{92A9B215-3B74-4A4A-8530-5F2FE871F596}.Full-line`d.T.~Ed/'

Create a SecurityIdentifier object from the SID

$securityIdentifier = New-Object System.Security.Principal.SecurityIdentifier($your_sid_here)

Resolve the SID to a username

$ntAccount = $securityIdentifier.Translate([System.Security.Principal.NTAccount])

Get the username from the NTAccount object

$username = $ntAccount.Value

---

next run anything you want based on logged user on the web console.