Customize metadata sent to Pendo with Active Directory (AD) scripts

Last updated:

You can pass the data stored in your Active Directory (AD) in Windows to the Pendo Launcher extension for visitor identification in Pendo. This involves accessing the AD data store with scripts and passing this demographic data to the registry on the visitor's managed endpoint. 

This article describes how to find the demographic data in your AD that you can pass to Pendo as metadata, and how to pull and apply the data maintained in your AD to the Pendo Launcher with PowerShell scripts.

The schema

The schema defines the structure and type of visitor information that you can pass to Pendo. Our schema is in JavaScript Object Notation (JSON) format, consisting of key-value pairs (properties), which you can add to in order to customize the metadata in Pendo. For example, the "visitor" key takes the property of "id" in the computer's registry.


The exact property values you use in your registry depend on your installation, and what data you would like to use with your third-party Pendo installation.

For more information about JSON format, see the W3Schools article: JSON – Introduction.

Retrieve a list of available properties

Windows AD has a number of properties about a user that you can use to better identify your users and personas. You can review what properties are available using PowerShell.

Open a PowerShell terminal with the Windows AD module and run the following command: Get-ADUser -Identity “<User’s SID>” -Properties * | Select *.

Graphical user interface, text, application

Description automatically generated

Customize the Pendo user install script

As part of the installation process, you create a PowerShell Login Script called "PendoUserInstall.ps1", which allows you to set the user's Visitor ID and metadata.

This section describes how to modify the PendoUserInstall.ps1 script in order to pass additional identifying information to Pendo using an example that involves adding the user’s job title to the Pendo metadata.

1. Modify the script to include the user's SID. This allows us to pull the user data from an AD administrator script.

# Get the current user’s SID
$sid = ([System.Security.Principal.WindowsIdentity]::GetCurrent()).User.Value

2. Remove the following line from the code block: $visitorJson= "{ `"id`": `"$($visitorId)`" }".


3. Update the content of the metadata file to capture just the $visitorId variable instead of the now-removed $visitorJson variable. Add the following code block to the script:

# Write the metadata to the metadata file the admin script reads from
New-Item "C:\temp\PendoMetadata.txt"
Set-Content -Path "C:\temp\PendoMetadata.txt" -Value $visitorId

4. Create a new file to capture the user's SID. Add the following code block to the script:

# Set the user's SID
New-Item "C:\temp\PendoUserSID.txt"
Set-Content -Path "C:\temp\PendoSID.txt" -Value $sid

The full PendoUserInstall.ps1 script should look something like the following

# Get the current user’s SID
$sid = ([System.Security.Principal.WindowsIdentity]::GetCurrent()).User.Value

# Get the visitor ID of the logged-in user
$visitorId = $env:username + “”

# Make sure our metadata path exists
if(!(Test-Path “C:\temp”)) {
New-Item “C:\” -Name “temp” -ItemType “directory” -ErrorAction SilentlyContinue

# Write the metadata to the metadata file the admin script reads from
New-Item “C:\temp\PendoMetadata.txt”
Set-Content -Path “C:\temp\PendoMetadata.txt” -Value $visitorId

# Set the user’s SID
New-Item “C:\temp\PendoUserSID.txt”
Set-Content -Path “C:\temp\PendoUserSID.txt” -Value $sid

This allows you to use Get-ADUser in your admin script to retrieve information from the user that you might need, described below.

Customize the Pendo admin install script

You can now update the "PendoAdminInstall.ps1" script to get the user's SID value stored with the PendoUserInstall.ps1 script. This allows you to pull the desired information from the AD.

The example that follows involves gathering the user's job title to store it in the registry. You can add multiple fields by duplicating step 3 and expanding the JSON payload as required.

1. Modify the script to capture the information coming from the metadata file as the Visitor ID instead of the pre-formed JSON schema.

# Get Visitor ID
$visitorId = Get-Content -Path “C:\temp\PendoMetadata.txt”

2. Add a new variable to capture the user's SID.

# Get User SID
$userSID = Get-Content -Path “C:\temp\PendoUserSID.txt”

3. Use the user's SID to gather the user's job title from the AD.

# Get User Job Title
$userJobTitle = Get-ADUser -Identity $userSID -Properties Title | Select Title ExcludeProperty Title

4. Format the user's information into the JSON schema that Pendo expects. 

# Format Visitor JSON payload
$visitorJson = “{ ‘“id’”: ‘“$($visitorId)’” , “JobTitle”: ‘“$($userJobTitle)’” }”

5. Remove the new file used to capture the user's SID along with the other temporary files.

# Cleanup
New-Item “C:\temp\PendoMetadata.txt”
New-Item “C:\temp\PendoUserSID.txt”
New-Item “C:\temp\”

The full PendoAdminInstall.ps1 script should look something like the following:

# Wait for metadata file
while (!(Test-Path "C:\temp\PendoMetadata.txt")) { Start-Sleep 10 }

# Get Visitor ID
$visitorId = Get-Content -Path "C:\temp\PendoMetadata.txt"
$registryPath = "HKLM:\Software\Policies\Google\Chrome\3rdparty\extensions\epnhoepnmfjdbjjfanpjklemanhkjgil\policy"

# Get User SID
$userSID = Get-Content -Path "C:\temp\PendoSID.txt"

# Get User Job Title
$userJobTitle = Get-ADUser -Identity $userSID -Properties Mail | Select Mail -ExcludeProperty Mail

# Set Visitor JSON in the registry
$visitorJson= "{ `"id`": `"$($visitorId)`", `"JobTitle`": `"$($userJobTitle)`" }"
New-ItemProperty -Path $registryPath -Name "visitor" -Value $visitorJson -Type ExpandString

# Cleanup
Remove-Item -Path "C:\temp\PendoMetadata.txt"
Remove-Item -Path "C:\temp\PendoSID.txt"
Remove-Item -Path "C:\temp”


Was this article helpful?
0 out of 0 found this helpful