• State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 61 subscribers
  • Views 5345 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Question - ARS 6.9 Workflow How to Filter out a specific sub OU

dyannic
over 6 years ago

I have a compliance requirement.  All new server objects must be added to X policy filtering group in 3 of our AD's

I have workflow setup - to detect a computer created under domain\Xservers  (for which there are sub OU's for IIS/SQL/FILE/SharePoint ... etc

I want to filter out further processing on any new computer creation executed in the SharePoint OU.

Everything fires off fine - except the filter.    Unless I'm misunderstanding filters ... the workflow checks for new creation under the XServers OU and only begins the if/then policy blocks defined in the GUI - if it's under XServers AND not in a sub OU named SharePoint ...

Regardless of which path property of the target object I evaluate, SharePoint servers end up in the group like the other WinServers do.

Ideas on how to prevent the workflow from continuing past the initiate 'create' trigger - based on a word in the directory path to the object?

Parents
  • 0 over 6 years ago
    You can't do a wildcard search against a DN. It's a constructed value, and it doesn't really exist. Any "Contains" or "Does Not Contain" which is run against an object with a DN syntax will always resolve to false. This is an Active Directory limitation.

    Instead, create a Virtual Attribute with a Directory String syntax. Link it to your computer objects. Set up Workflows so that this Virtual Attribute gets updated when an object is created or moved. Also run an automation Workflow to populate this Virtual Attribute on existing objects. Then, run your filter against this new Virtual Attribute.
Reply
  • 0 over 6 years ago
    You can't do a wildcard search against a DN. It's a constructed value, and it doesn't really exist. Any "Contains" or "Does Not Contain" which is run against an object with a DN syntax will always resolve to false. This is an Active Directory limitation.

    Instead, create a Virtual Attribute with a Directory String syntax. Link it to your computer objects. Set up Workflows so that this Virtual Attribute gets updated when an object is created or moved. Also run an automation Workflow to populate this Virtual Attribute on existing objects. Then, run your filter against this new Virtual Attribute.
Children
No Data