The Request By Attribute process (aka REBA) allows a department administrator to programmatically submit a request to the Active Directory team via an attribute on a department's administrative organizational unit (OU) object. An automated process will retrieve and evaluate the request and then post the results of the request to a separate attribute on the same administrative OU. This process is intended to reduce the need for department administrators to open tickets with the Active Directory team.
Request Types
REBA is designed to be extensible and can support multiple request types. Each of the supported and planned request types are documented in their respective sections below. Examples of how to submit each request type and review results are included in the documentation for the respective request type.
Supported Request Types
The following requests types are currently supported by REBA process:
- Delegation - Department administrators can request changes to permissions on organizational units within a department. This process has previously been available only via a ServiceNow request.
Planned Request Types
The following requests types are expected to be supported by REBA in the future:
- DNS - Department administrators can manage DNS records associated with the department. This process will be limited to DNS records that begin with a department prefix.
PowerShell Scripts
The Active Directory team has created PowerShell scripts to simplify the process of submitting requests and viewing the results. The scripts can be downloaded from the GitHub repo linked below. Please see the README file in the repo for instructions on running the scripts:
Questions
Please contact the Active Directory team via ServiceNow for any questions or assistance with this process.