Scripting Question

Need to fire an application to unlock an Active Directory user on ticket save

06/17/2015 1709 views
Hello ninjas. I need your help yet again. I am trying to find a way to fire off an application that will perform an AD unlock from a support ticket whenever it saves. We have a vbs script written that will automatically pull the logged in users credentials and use them to access the AD user database. It will then pop up a text box requesting the account name that needs to be unlocked and then tell you if it was an incorrect name, wasnt locked to begin with, or it was successfully unlocked. The trick is that i need this to fire from a support ticket. I dont particularly care if we use the aforementioned script or if it is something that is setup strictly via the ticket rules. I am unsure how to do it is the whole problem. Everything that i have found (creating triggers, Stored procedures, etc.) wont work. Currently we have not performed the LDAP import. I am working with a limited base as my boss doesnt want to do an LDAP import as of yet and we havent made the system accessible to the rest of the company. It is only accessible to our department at this time. Ideas thought or solutions are all welcome. Thanks again ninjas for all the help.
Answer Summary:
4 Comments   [ + ] Show comments


  • Maybe you could fire a custom ticket rule that on save, for the support ticket owner, associates them with a smart label. Have that smart label associated with a script that runs frequently so they can enter in the ad account. This isn't perfect and the timing won't be great but it might work. Oh and also have another custom ticket rule that removes the service desk tech from that smart label after x minutes.
  • You might be better off having an application that runs on a Windows box that checks in with the KBox periodically. That application would use the reporting user to look for tickets with the appropriate fields set and would run the unlock script based on the ticket data.
  • Chuck,
    can that be done from a script or would it have to be an exe
    • If your scripting language can read MySQL, then yes.
  • also is there any way to just do an ad unlock from the support ticket via sql coding. Im not attached to this piece of code in any way. We are trying to make something that is essentially operator proof (which i know is impossible). I dont mind it being a bit code heavy on my end if i can make it to where a new employee can walk in, sit down, and start working with minimal instruction.
    • I don't believe so. You mentioned LDAP import and that is only an import, KACE is not configured to put data back into the source (i.e. Active Directory).

Answer Chosen by the Author

You cannot use a ticket rule directly to run an application. You won't be able to rely solely on SQL here. However, as some of the comments explain you have a few options here:

1. Use a system outside the K1000 to handle this by querying the database via ODBC looking for tickets with a flag set.

2. Write a ticket rule to assign user to a label, have that label applied for a KScript (could run on the user's machine or on a server, etc.) that would run your VBS.

3. You could write a ticket rule to fire off an email to a special mailbox for this, and modify your VBS to pull/process/delete messages after extracting the data and unlocking the account.

Now one thing to consider here is that it sounds like you're going to have your users login to the K1000 to create a ticket to unlock their accounts automatically... Which won't be possible with LDAP authentication since they can't login while their account is locked out. Or are you saying you want this to auto-launch on the ticket owner's (i.e. the support tech's) machine when the ticket is assigned? If that's the case, go with option #2 and target the ticket owner's PC with the KScript.
Answered 06/19/2015 by: airwolf
Red Belt

  • We are actually considering having the ticket system only available to our department and operating it like a help desk where we can take calls and key tickets in for the end user. I appreciate the help

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ