Need to fire an application to unlock an Active Directory user on ticket save
06/17/2015 1709 views
Hello ninjas. I need your help yet again. I am trying to find a way to fire off an application that will perform an AD unlock from a support ticket whenever it saves. We have a vbs script written that will automatically pull the logged in users credentials and use them to access the AD user database. It will then pop up a text box requesting the account name that needs to be unlocked and then tell you if it was an incorrect name, wasnt locked to begin with, or it was successfully unlocked. The trick is that i need this to fire from a support ticket. I dont particularly care if we use the aforementioned script or if it is something that is setup strictly via the ticket rules. I am unsure how to do it is the whole problem. Everything that i have found (creating triggers, Stored procedures, etc.) wont work. Currently we have not performed the LDAP import. I am working with a limited base as my boss doesnt want to do an LDAP import as of yet and we havent made the system accessible to the rest of the company. It is only accessible to our department at this time. Ideas thought or solutions are all welcome. Thanks again ninjas for all the help.
Answer Chosen by the Author
Please log in to answer
You cannot use a ticket rule directly to run an application. You won't be able to rely solely on SQL here. However, as some of the comments explain you have a few options here:
1. Use a system outside the K1000 to handle this by querying the database via ODBC looking for tickets with a flag set.
2. Write a ticket rule to assign user to a label, have that label applied for a KScript (could run on the user's machine or on a server, etc.) that would run your VBS.
3. You could write a ticket rule to fire off an email to a special mailbox for this, and modify your VBS to pull/process/delete messages after extracting the data and unlocking the account.
Now one thing to consider here is that it sounds like you're going to have your users login to the K1000 to create a ticket to unlock their accounts automatically... Which won't be possible with LDAP authentication since they can't login while their account is locked out. Or are you saying you want this to auto-launch on the ticket owner's (i.e. the support tech's) machine when the ticket is assigned? If that's the case, go with option #2 and target the ticket owner's PC with the KScript.
Answered 06/19/2015 by: airwolf