The Exchange Connector for SCSM is a very powerful tool but if you have ever assigned an Active Directory group as a reviewer in a Review Activity you will find that the Exchange Connector does not handle the replies from the individual group members. Whenever a group member replies to one of these Review Activity notifications with [Approved] or [Rejected], the Exchange Connector will not approve or reject the Review Activity for the group, in fact it will not affect the Review Activity at all since the Exchange Connector does not know which reviewer is responding.

Cause

This is because the user object is not related to the Review Activity but instead the AD group is. So, the Exchange Connector cannot process the replies to individual users within the AD group properly as the connector doesn’t understand who the members of the group are.

Solution

One solution to this problem is using Orchestrator automation. I have created a runbook that will rearrange these group reviewers so that the Exchange Connector can process the replies by the group members.

The runbook goes through a few steps to split the group reviewer up into individual reviewers for each user in the group.

  1. Get RAA– This gets the Runbook Automation Activity in the Service Request so the relationships can be grabbed.
  2. Get SR/CR Relationship – This gets the relationship between the RAA and the SR or CR.If Get SR Relationship doesn’t return a Related Object GUID, it is because the parent work item is a Change Request. So, it moves on to Get CR Relationship.After that, the steps are the same in both branches.
  3. Get RA Relationship – This gets the relationship(s) between the RA and the SR/CR.
  4. Get Reviewer Relationship – For each Review Activity, this activity will get all the Reviewers in each Review Activity.
  5. Get Group Reviewer – This gets details on the Reviewer object. This is mainly used for logging purposes
  6. Get Group Relationship – This gets the relationship between the Reviewer object and only Active Directory Group objects. This ensures that it will only look for Reviewers that are groups and not users. The link to the next activity will only pass if there is data returned. If there is no data returned, it’s because the reviewer was a user and not a group.
  7. Get Group– This gets details on the Active Directory Group object. This will be used to find the correct group in Active Directory.
  8. Get AD Group – This gets the group in Active Directory that has the same Display Name as the Active Directory Group object in SCSM.
  9. Delete Group From Reviewer – This deletes the relationship between the Active Directory Group object in SCSM and the Reviewer object in the Review Activity. This is the first step of the cleanup and must be done before it gets the group members because after the group members are grabbed, the runbook would try to remove the group from the reviewer for each member that is in the Active Directory group.
  10. Delete Reviewer From RA – It’s not enough to delete the group object relationship to the Reviewer, but the Reviewer object must also be deleted from the RA to complete the cleanup.
  11. Get Group Members – This gets the Active Directory users that are a member of the group and their account is not disabled.
  12. Get Member Objects – This gets the Active Directory User object in SCSM that matches the Distinguished Name of the Active Directory user found in the previous activity.
  13. Create User Reviewers – This creates a new Reviewer object in the Review Activity.One is created for each member of the group.
  14. Add Users to Reviewers – This creates the relationship between the Active Directory User object and the newly created Reviewer object.

Implementation

To use this runbook, download it here.

Import the runbook into Orchestrator and update the connection information for your environment. 

Next, create a Runbook Automation Activity for it. In the RAA template, map RunbookID to Work Item>Id.

After your RAA is created, add it to the beginning of any SR or CR template to split the group reviewers. 

Now when individual users within the AD group reply to the email approval request the Review Activity will get updated accordingly. 

Enjoy!