We have a process during new hire onboarding that requires managers and/or ops teams to spend time creating and giving permissions to employees. Recently, we have been thinking that it would be nice for us to automate this process, i.e., through a script of sorts.
A good indication that someone has recently joined our team (under some organization), would be if it exists, for our Active Directory to post some event to some server.
So my question is, does AD have support for hooks or any sort of automation that developers can tap into?
See this about
Active Directory creating an event upon user creation.
Then you can attach a task to the event. This blog entry explains in a detailed way how to pass parameters to the powershell script defined in the task - it involves manipulating the xml export of the task itself to insert the XPath query of an event detail.
Or, depending on the size of your organization, you could query a dynamic group in which all user objects are retrieved, and work on the delta from a previous run.
Related
I want to remove entire tables from Salesforce data that I am no longer using. I also want to prevent Salesforce from writing to these tables moving forward. Where do I start?
If it's your own custom tables you should be able to delete them. Hit delete action next to the table name in object manager and see what explodes?
The rule of thumb is "if you can create it straight in production without running a deployment process - you should be able to delete it". So if by "prevent Salesforce from writing to these" you mean flows, workflows, process builder... - they'll stop your delete, you'll have to get rid of them first before deleting the table itself - but should be relatively easy if repetitive.
It gets more interesting if you have code (triggers, classes, aura/lwc). You'll need to delete them using a special deployment command, changesets are useless. You can try to craft your own so-called destructiveChanges.xml (it'll be documented in metadata API guide) and try to deploy it even without any developer tools (for example with workbench.developerforce.com) but might be better idea to poke developer to do it. Identify dependencies and edit the code / delete classes as needed.
If it's custom tables but not your own (coming from managed package) - maybe packag has some config options, worst case uninstall it?
I am investigating if it is at all possible to track assigned permission sets, profiles and roles with the sfdx cli tools. So far my findings are that Permission sets and Profiles are trackable as they get converted to source but it is up to the administrator to assign profiles / permission sets after deployment.
Can anyone confirm this and point me to some documentation on the limits of what the sfdx cli can pull.
There's https://developer.salesforce.com/docs/atlas.en-us.api_meta.meta/api_meta/meta_unsupported_types.htm but that's not exactly what are you asking, the question is bit confusing.
PermissionSetAssignment table is well, a table. Normal data like Account, not metadata. Same with Users, their Roles, group memberships... You wouldn't typically store it in version control unless you're after some "golden copy" good test dataset to load to sandboxes/scratch orgs.
SF tried once to be smart with deploying queue memberships, record folder permissions and approval process assignees and the results are... Meh. You inspect the XML file and see usernames with sandbox suffix in them that they try to magically match during deployment to target org. It's "fun" when developer who created the report folder doesn't exist in production / username doesn't match (creator automatically gets added as Manager, it's extra step to remember and maybe remove that). It's even more "fun" when you keep working on the project in different sandboxes and git keeps reporting changes of suffix from ".dev" to ".proto" or ".hotfix"...
Try to rethink your question, what are you after? You can implement single sign on with piece of apex code running on login (or look into Identity Connect) so people's permissions will be synced based on their role in Active Directory/Google apps engine / what have you. Or if you really want you should be able to periodically query & upsert back CSV of PermissionSetAssignments. Or have a script during deployment to run a bunch of permset assign commands?
What will you do when John Doe moves from Marketing department to Sales? Who's right, SF or git project? Would it really need a deployment to change it?
I am working on POC for my client to implement VSTS Pipelines for CICD.
While working on i have observed that my pipeline is picking all the components instead of one component.
Ex: I have 4 components and change was made only on one component, when i create a pull request for deployment to target org, ideally it should pick only the change which was modified, instead during deployment it is picking all the 4 components.
What's being deployed is controlled by the manifest file (package.xml). You specify what you're interested in, what you want to retrieve & deploy. Sometimes you can put wildcards in it (deploy all apex classes you can find), sometimes you really have to list stuff (standard objects, reports, email templates).
So out of the box deployment is always a complete package, whether files changed or not. It's bit overkill but on the other hand what are you going to sign-off in user acceptance test phase? Not just the tickets changed, the state of whole system including regression tests.
If you don't want that - you'd need a script that cherry-picks files changed from commit X to commit Y or something. There's been some attempts to do it, check answers to How to create Salesforce incremental package.xml automatically?
Next year (safe harbor blah blah blah) SF plans to release better DevOps tools: https://admin.salesforce.com/blog/2020/new-devops-center-is-awesome-for-admins
I have added some custom steps to some of my SSRS jobs however they are being removed after a couple of days every time. I know that if you add custom jobs and then change the report or the subscription in the UI then it overwrites the jobs. However they are not being touched yet they are still disappearing.
Has anyone else come across this problem ?
Although I often customize jobs that run subscriptions - no, I haven't come across that problem. I did not customize the jobs that were created automatically, instead I created my own ones.
For a subscription to successfully fire, the name of the job isn't important. Instead, the SQL code to execute the subscription (to be more specific: the SubscriptionID) is what you need to know. Since you were able to find the jobs that execute specific subscriptions, I think that you don't have a problem in finding this information, neither. The code you need looks like this:
exec [ReportServer].dbo.AddEvent #EventType='TimedSubscription', #EventData='<YourSubscriptionID>'
You can use this code in your own jobs as well, and it will work as long as the subscription is there.
The name of the SSRS-generated job is the ID of the report schedule that you define for the subscription. This name is needed by SSRS to know where to change the schedule when you change the schedule of the subscription. As you found out, SSRS resets these jobs not only when a subscription is changed. But you don't need all these jobs when creating your own jobs that run the subscription.
To get rid of the auto-generated job with that cryptic name, don't just delete it yourself (as SSRS would re-create it), instead change the schedule of the subscription to a shared schedule that will never run. For this, I created a shared schedule (under site settings) named "Disabled Schedule" and disabled that schedule.
We currently have a single business unit and 90% records are owned by a single Scribe user. Now we have added a new business unit and out of 400K contacts, 30K contacts will be moving under this new business unit.
I have created a new user in CRM who belong to this new business unit. Next step is to change the owner of these 30K contacts to newly created user.
Correct me if I am wrong, but this is the only way I can move these 30K contacts in to the new business unit?
Problem I am having is changing owner field of these 30K contacts in one go. I can use advance find and then change owner that way but imagine doing 30K this way?! I can also export excel sheet with all records, change owner and import it back in but that gives error (may be because I am changing a very important security related record?)
One last option for me is to make this change directly in to the CRM database but that is not my favorite choice.
Any suggestion will be very appreciated.
You can also write a console application using the CRM 2011 SDK
http://www.microsoft.com/en-us/download/details.aspx?id=24004
this application will execute a RetrieveMultiple
http://msdn.microsoft.com/en-us/library/gg328149.aspx
and because are more than 5K need to do paging as explained here:
http://msdn.microsoft.com/en-us/library/gg327917.aspx
for each retrieved record you need to set the new owner using an AssignRequest message
http://msdn.microsoft.com/en-us/library/microsoft.crm.sdk.messages.assignrequest.aspx
The MSCRMToolkit on Codeplex has a Workflow Execution Manager utility which allows you to run an On Demand workflow on a FetchXML recordset. Haven't tried it myself yet but have been keeping it in my back pocket, just in case.
I know this is an old question but the easiest way I find to change the Owner on a large amount of records is to (carefully) edit the database directly. If you know what you're doing with SQL then it's a piece of cake, otherwise I would steer clear.
To Update the Owner of a Lead:
USE <DEPLOYMENT>_MSCRM
GO
UPDATE LeadBase
SET OwnerID = <guid of owner here which can be found in the OwnerBase Table>
It is similar for other entities, OpportunitiesBase for Opportunities etc.
***** WARNING, this will update every record in the LeadBase Table *****