Solved

Active MQ and Powershell - AD Account Provisioning

Posted on 2013-01-30
8
1,026 Views
Last Modified: 2013-03-06
I don't have much experience with Active MQ http://activemq.apache.org/ and I'd like to know if Powershell can work with Active MQ. Currently, AD accounts using a Java-based system but we would like to change it to Powershell. The AD account provisioning with Powershell is not a problem, but I'm not sure about connecting it to a message broker such as Active MQ.

If you have experience with Active MQ, I'd like to hear your ideas especially if you can tell me whether or not it can work with Powershell.
0
Comment
Question by:bndit
  • 4
  • 2
  • 2
8 Comments
 
LVL 35

Expert Comment

by:mccarl
Comment Utility
I highly doubt that there would be any "built-in" path to integrate PowerShell with ActiveMQ (or anythign Java based actually).

connecting it to a message broker
What exactly does the integration need to provide? Are we just talking about your PowerShell script send a message to a queue? Or does it need to be more deeply integrated?

If you are just talking about being able to send a message to a queue, then probably the best you will be able to do is have your script call a program (written in Java) that takes the message as a parameter and sends it off to the broker.
0
 
LVL 2

Author Comment

by:bndit
Comment Utility
The integration needs to provide information about new AD accounts created. As of today, ActiveMQ runs as a service on a DC and the Java routine actually triggers a small C# code that actually is the piece that puts the new message into ActiveMQ (working on getting that piece of code so that I can share).

The idea is to create a new AD account, and put that message into the queue for processing (this message is relayed to background processes that are used to populate tables, etc.). My alternative is to export new AD user info to a CSV file, but it's not the preferred route.

It'd seem that as long as I can connect to ActiveMQ (username/password?) and pass the message to it, I should be fine but then again I can't find any info that relates Powershell to ActiveMQ.
0
 
LVL 35

Assisted Solution

by:mccarl
mccarl earned 167 total points
Comment Utility
Ok, with what you have written above and me doing some more thinking, the best way might be to use ActiveMQ's REST API. Depending on what version you are running, this is implemented as more of an addon but it has been around for a while and so I would say is fairly stable/usable. I would take a look at the following links to get you started...

http://activemq.apache.org/rest.html

http://stackoverflow.com/questions/3574723/call-rest-api-from-powershell-script
0
 
LVL 2

Author Comment

by:bndit
Comment Utility
thx...will definitely look into this suggestion. On a different note....Im trying to get my hands on the piece of code that connects to the message broker so that I can share with you. This code is C#....so as far as I understand it, it is possible to run C# code within powershell, correct?
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Assisted Solution

by:ericreid
ericreid earned 333 total points
Comment Utility
We have a project going on right now that we needed to do the same thing you are looking for.  I came across this post while doing some searching.  Mccarl's links provided some good information and helped me get the problem solved.

We ended up using PowerShell 3.0 and the Invoke-WebRequest cmdlet to submit data from an XML file to the ActiveMQ server.  I've posted my code on my site if you want to take a look.  Hopefully it will help you with your project as well.

You can find my article here:  http://www.tech-corner.org/main/2013/02/powershell-and-activemq/

Eric
0
 
LVL 2

Author Comment

by:bndit
Comment Utility
@ericreid: very interesting script...you're right, that's exactly what I'm looking to do. But, I have a couple of questions

Is Powershell 3.0 a requirement for this to work?
In this line of your code $getADUser = get-aduser -Identity $UserName -Properties *
I don't see where you're assigning a value to $UserName
You create an XML file for each user you create? What do you do with those files once you process them? delete them? move them? I'd imagine that the next time the script run, you wouldnt want to process the same users over again.
Why did you choose to create the XML file you did instead of Export-Clixml?
I dont see where you assign a value to $amq
0
 

Accepted Solution

by:
ericreid earned 333 total points
Comment Utility
Bndit,

I think PowerShell 3.0 has to be used if you want to use the Invoke-WebRequest.  I think that is when that cmdlet was implemented.  I've seen some other examples that I think did something similar in earlier versions, but there were more commands that had to be issued.  So upgrading to PowerShell 3 and using this seemed simpler.

Sorry for not showing the $UserName.  That is a variable that is set earlier in the PowerShell script we use to create our AD accounts.  We pass the user's first and last name to the script manually or through and CSV file and create our $UserName based off of that.

As for creating the XML file, I'm doing this just as a test to prove I could output the AD information in the exact format we wanted.  I'm not sure yet if we will keep those files around or not.  One thought we had was it would be a way to track when users were created and who created them.  Again we may look at doing this slightly different.  The way the script is written right now the XML file is "$UserName.xml" so for me the file would be ereid.xml.  The $UserName variable is still set to ereid until I'm done.  Once the script processes the next name the $UserName variable would change.  The only problem would be if we tried to create a new user with same username as an active account (which we check for before we even start to create the new account).

I tested the Export-Clixml command, but it added some information to the XML file that we didn't want or need.  So I manually built the XML file to contain only the information we needed.  That way the other system that we are doing this for doesn't have to parse through any more that what is needed.  I was just trying to keep the information going between the systems simple and clean.

I'm not using the $amq variable.  That was in the example that I used to make the initial web request.  However, I don't need it because I was able to create the $form variable and read the fields from that array.  I've not done a lot with PowerShell so I just didn't catch that when I was getting rid of some of the other things the example contained.  The example I used to read the ActiveMQ form was based of this TechNet article and Example 2 (logging into Facebook).

Sorry for being long winded.  I hope this helps clear some things up.

As the project I'm doing this for progresses I'll probably be making changes and updating my site.  So feel free to check back there and ask any questions about it here or there and I'll try to help.
0
 
LVL 2

Author Closing Comment

by:bndit
Comment Utility
thanks!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

In this previous article (https://oddytee.wordpress.com/2016/05/05/provision-new-office-365-user-and-mailbox-from-exchange-hybrid-via-powershell/), we made basic license assignments to users in O365. When I say basic, the method is the simplest way …
This article will help you understand what HashTables are and how to use them in PowerShell.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now