SCORCH Web console orgininal get logged user to use in runbook

GRASSIFrdric-0594 21 Reputation points
2023-09-03T08:00:52.6933333+00:00

Hello

Is there a way to get logged user in orchestrator console to use this info into Runbooks ?

Thx

System Center Orchestrator
System Center Orchestrator
A family of System Center products that provide an automation platform for orchestrating and integrating both Microsoft and non-Microsoft IT tools.
214 questions
0 comments No comments
{count} votes

Accepted answer
  1. Stefan Horz 3,461 Reputation points
    2023-09-04T14:00:43.7166667+00:00

    Hi,

    the Account which started a Orchestrator Runbook through Web Services in column 'Createdby' from table [Microsoft.SystemCenter.Orchestrator.Runtime.Internal].Jobs.

    You can get this SID using this Query:

    declare
    @CreatedByJobsTemp nvarchar(50)
    ,@RunbookIdJobsTemp uniqueidentifier
    ,@ParentIdJobsTemp uniqueidentifier
    ,@IdJobsTemp uniqueidentifier
    ,@ProcessIDInstanceTemp int
    select
    @CreatedByJobsTemp = Jobs.CreatedBy
    ,@RunbookIdJobsTemp = Jobs.RunbookId
    ,@ParentIdJobsTemp = Jobs.ParentId
    ,@IdJobsTemp = Jobs.Id
    ,@ProcessIDInstanceTemp = Instance.ProcessID
    from
    [Microsoft.SystemCenter.Orchestrator.Runtime].[Jobs] as Jobs with (nolock)
    inner join
    [POLICIES] as Runbooks with (nolock)
    on Jobs.RunbookId = Runbooks.UniqueID
    inner join
    [POLICYINSTANCES] as Instance with (nolock)
    on Instance.JobId = Jobs.Id
    where
    Jobs.Status = 'Running'
    and Runbooks.Name = '`d.T.~Ed/{941F35C3-B853-463B-8C55-CC15F600F64A}.{484FE830-C6EA-44EE-85DF-B050364FBCE6}`d.T.~Ed/'
    and Instance.ProcessID = '`d.T.~Ed/{941F35C3-B853-463B-8C55-CC15F600F64A}.{9D8A22DF-4B23-4DF5-8857-D502E8D9DE32}`d.T.~Ed/'
    while
    (select @ParentIdJobsTemp) is not null
    begin
    declare @ParentIdJobsTest uniqueidentifier
    select @ParentIdJobsTest = @ParentIdJobsTemp
    select
    @CreatedByJobsTemp = Jobs.CreatedBy
    ,@RunbookIdJobsTemp = Jobs.RunbookId
    ,@ParentIdJobsTemp = Jobs.ParentId
    ,@IdJobsTemp = Jobs.Id
    ,@ProcessIDInstanceTemp = Instance.ProcessID
    from
    [Microsoft.SystemCenter.Orchestrator.Runtime].[Jobs] as Jobs with (nolock)
    inner join
    [POLICIES] as Runbooks with (nolock)
    on Jobs.RunbookId = Runbooks.UniqueID
    inner join
    [POLICYINSTANCES] as instance with (nolock)
    on Instance.JobId = Jobs.Id
    where
    Jobs.Id = @ParentIdJobsTest
    end
    select
    @CreatedByJobsTemp
    
    
    

    Where the Pulished Data are the RunbookName and the Published Data from a previous Acrivity.

    who-started

    You can get the Acount from the SID with Powershell:

    $objSID = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-21-4224239753-3541631238-4107968523-500")
    $objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
    $samaccountname=($objUser.Value).split('\')[1]
    
    
    

    Regard,

    Stefan

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. XinGuo-MSFT 14,236 Reputation points
    2023-09-04T09:36:01.7333333+00:00

    Hi,

    Based on my experience, I have never seen this kind of way. If you find a way, please share it with us.

    Thanks.

    0 comments No comments

  2. GRASSIFrdric-0594 21 Reputation points
    2023-09-04T12:55:16.8033333+00:00

    I've just found a workaround

    In console's runbook before treatments run Bdd Query on orchestrator Bdd with this query


    SELECT TOP 1 j.[CreatedBy]

    FROM [Orchestrator].[Microsoft.SystemCenter.Orchestrator.Runtime.Internal].[Jobs] AS j

    INNER JOIN [Orchestrator].[dbo].[POLICIES] AS p ON j.[RunbookId] = p.[UniqueID]

    WHERE p.[Name] like '%`d.T.~Ed/{ED1D483F-9F0F-41D9-8CF1-2735E139B0A1}.Policy.Name`d.T.~Ed/%'

    ORDER BY j.[CreationTime] DESC

    (Where `d.T.~Ed/{ED1D483F-9F0F-41D9-8CF1-2735E139B0A1}.Policy.Name`d.T.~Ed/% is a reference to current runbook name execution)


    You will get an Sid

    next run powershell command and inject this sid into


    Replace 'your_sid_here' with the actual SID you want to resolve to a username

    $your_sid_here = '`d.T.~Ed/{92A9B215-3B74-4A4A-8530-5F2FE871F596}.Full-line`d.T.~Ed/'

    Create a SecurityIdentifier object from the SID

    $securityIdentifier = New-Object System.Security.Principal.SecurityIdentifier($your_sid_here)

    Resolve the SID to a username

    $ntAccount = $securityIdentifier.Translate([System.Security.Principal.NTAccount])

    Get the username from the NTAccount object

    $username = $ntAccount.Value


    next run anything you want based on logged user on the web console.

    0 comments No comments