is it possible to determine what Windows account executes a Runbook? I'm using SC Orchestrator 2012 R2. ideally, I want to determine what account (for auditing, and sending emails) launches a run book.
Thanks in advance.
Asked
Active
Viewed 1,713 times
2 Answers
4
Step 1
I am only prompting for the user id for this Runbook. User ID (data type: String)
Step 2
I need to determine the ID of the Runbook, in order to pull the SID in a later SQL query. Here is the SQL query that returns the Job ID.
SELECT POLICYINSTANCES.JobID
FROM POLICYINSTANCES INNER JOIN ACTIONSERVERS ON POLICYINSTANCES.ActionServer = ACTIONSERVERS.UniqueID
WHERE
(POLICYINSTANCES.ProcessID = '{Activity Process from "Start"}') AND
(ACTIONSERVERS.Computer = '{Runbook Server Name from "Start"}') AND (POLICYINSTANCES.Status IS NULL)
This should return something like the following GUID: {AFA8BF28-1937-4DAE-A160-30FF130AE6CD}.
Step 3
Once you have this GUID, you need to strip it of the curly braces. I use the following powershell script to do this:
$a = '{Full line as string with fields separated by ':' from "Get Runbook Job ID"}'
Write-Host $a.Trim('{}')
This should return the GUID without {} AFA8BF28-1937-4DAE-A160-30FF130AE6CD
Step 4
Once we have the GUID we can now look up the proper Runbook and grab the SID from another SQL table of the user who launched the Runbook:
Select Jobs.CreatedBy
From [Microsoft.SystemCenter.Orchestrator.Runtime].Jobs AS Jobs
INNER JOIN POLICIES ON Jobs.RunbookId = POLICIES.UniqueID
Where Jobs.Id = '{PS Execution 01 Results {with Write-Host) from "Remove {} from Runbook Job GUID"}'
This will now return the SID of the user account, something like this: S-1-5-21-1855722787-1516450073-351226437-1111
Step 5
I run the following Powershell script to get the user's ID, email address, etc.
$objSID = New-Object System.Security.Principal.SecurityIdentifier("{Full line as string with fields separated by ';' from "Get the SID of the user that executed this Runbook"}")
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$result = $objUser.Value
$UserName = $result.TrimStart("YOUR-DOMAIN-NAME\")
Step 6
Now you can get all sorts of information from the user that executed the Runbook.
Paul S.
- 203
- 3
- 9
0
Runbook Audit History or AuditTrail
"Runbook Audit History The Runbook Audit History tracks the changes to each activity in a runbook. This includes the user that made the change, the date and time that the change occurred, the activity that was changed, and the current and previous values of any changed properties. The audit history is maintained as long as the runbook exists and cannot be cleared."
"In the Orchestrator Runbook Designer you can also see some auditing information. In the console there is an Audit History tab for each runbook. In the Audit History tab you can see all changes to a runbook, for example who change the name of an activity. Below there is figure that show an example of Audit History information. The information shown in the Audit History tab is a mix of data from two tables in the Orchestrator database, the OBJECT_AUDIT table and the CHECK_IN_HISTORY table."
El Chapo Gluzman
- 396
- 2
- 16
-
Thanks Zinovy for the links. Do you if there is anyway to pass the user that ran the runbook to the runbook itself? When a user launches a runback from Orchestrator Console, I want to send them an email of the status for example. Only way to do that is to capture their windows username, and pass it along... – Paul S. May 12 '15 at 16:28
-
http://blogs.technet.com/b/meamcs/archive/2012/03/09/system-center-2012-orchestrator-runbook-activities.aspx – El Chapo Gluzman May 12 '15 at 16:32
-
There's some info on what you need towards the bottom. I know MS provides add-ons runbooks that extend email functionality and so do third parties. However, I do believe it can done native. – El Chapo Gluzman May 12 '15 at 16:35
-
I was able to get the information I required, by doing some SQL queries on the Orchestrator database and some simple Powershell commands to format the data properly. If I can figure out how to edit my question, I can post my solution. – Paul S. May 15 '15 at 13:52
-
I posted my answer. – Paul S. May 15 '15 at 14:27