I have had this question again and again and again… and again…
Unfortunately the orchestration console does not show which user did trigger the runbook.
But this does not mean that it is not logged, you can actually use it as a filter in the console:
The user SID is in the “CreatedBy” field, but if you check the database, only the SID is saved.
So you will have to use the user objectSID in the filter, if you want to filter the jobs.
But this makes it possible for us to get the user info from the SID.
By using a clever SQL query, we can use the runbook process ID and runbook name to get the correct job. (since this is what we have available in the runbook)
The runbook:
- Receive runbook name and process ID
- Query the database for the user SID
- Use powershell to get samaccountname from sid (only current domain is supported. No active directory module needed)
- Return Sam Account Name
- If the sid is S-1-5-500, it has been triggered from the Runbook Designer and the runbook returns a string and not the sam account name
Testing / Using the runbook:
Please notice that the link out of the “invoke Runbook” activity will exclude if the result is the system sid and will not send an email
Download from TechNet Gallery:
http://gallery.technet.microsoft.com/Runbook-Who-started-the-2f012c9f
This is only intended as a proof of concept, runbook might not be ready for production.
Great info. More info around logging and auditing look at
Auditing in Orchestrator http://contoso.se/blog/?p=2980
I have been using Jakob’s runbook for a while and it works great. One thing though is it can only be invoked by the top level runbook. Invoking from nested runbooks, only returns the system account, S-1-5-500.
Substituting the SQL query below will allow the runbook to be called from nested runbooks as it follows the ParentID entry up the chain to find the top level runbook.
Thanks, Jakob, for the original and I hope this helps others.
Burt
–Start of SQL query
declare
@CreatedByJobsTemp nvarchar(50)
,@RunbookIdJobsTemp uniqueidentifier
,@ParentIdJobsTemp uniqueidentifier
,@IdJobsTemp uniqueidentifier
,@ProcessIDInstanceTemp int
select
@CreatedByJobsTemp = Jobs.CreatedBy
,@RunbookIdJobsTemp = Jobs.RunbookId
,@ParentIdJobsTemp = Jobs.ParentId
,@IdJobsTemp = Jobs.Id
,@ProcessIDInstanceTemp = Instance.ProcessID
from
[Microsoft.SystemCenter.Orchestrator.Runtime].[Jobs] as Jobs with (nolock)
inner join
[POLICIES] as Runbooks with (nolock)
on Jobs.RunbookId = Runbooks.UniqueID
inner join
[POLICYINSTANCES] as Instance with (nolock)
on Instance.JobId = Jobs.Id
where
Jobs.Status = ‘Running’
and Runbooks.Name = ‘`d.T.~Ed/{941F35C3-B853-463B-8C55-CC15F600F64A}.{484FE830-C6EA-44EE-85DF-B050364FBCE6}`d.T.~Ed/’
and Instance.ProcessID = ‘`d.T.~Ed/{941F35C3-B853-463B-8C55-CC15F600F64A}.{9D8A22DF-4B23-4DF5-8857-D502E8D9DE32}`d.T.~Ed/’
while
(select @ParentIdJobsTemp) is not null
begin
declare @ParentIdJobsTest uniqueidentifier
select @ParentIdJobsTest = @ParentIdJobsTemp
select
@CreatedByJobsTemp = Jobs.CreatedBy
,@RunbookIdJobsTemp = Jobs.RunbookId
,@ParentIdJobsTemp = Jobs.ParentId
,@IdJobsTemp = Jobs.Id
,@ProcessIDInstanceTemp = Instance.ProcessID
from
[Microsoft.SystemCenter.Orchestrator.Runtime].[Jobs] as Jobs with (nolock)
inner join
[POLICIES] as Runbooks with (nolock)
on Jobs.RunbookId = Runbooks.UniqueID
inner join
[POLICYINSTANCES] as instance with (nolock)
on Instance.JobId = Jobs.Id
where
Jobs.Id = @ParentIdJobsTest
end
select
@CreatedByJobsTemp
–End of SQL query
Hi,
the Published Data “Sam Account Name” from the “Get Sam Account name from SID” Activity cannot be used in further activities like e.g. “Get User”.
It works when changing the Script:
$objSID = New-Object System.Security.Principal.SecurityIdentifier(“`d.T.~Ed/{C1603DA1-B977-423B-8F1E-3EEDCBF2E5FE}.Full-line`d.T.~Ed/”)
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$samaccountname=($objUser.Value).split(”)[1]
Regards,
Stefan