Create Groups on OU creation

Question

I would like to create groups when an OU is created. The groups will need to have the name of the OU or grab a custom variable from the OU to append to the group name. If it is possible I would like to also bring up the user creation at the same time for the newly created OU and add it to the group.

Answer 1

Update 2019

Starting with version 2019.1, you can create multiple directory objects in a single operation. For details, have a look at the following tutorial: https://www.adaxes.com/tutorials_ActiveDirectoryManagement_CreateReport.htm.

Original

Hello,

This can be done very easily with the help of a PowerShell script that will be run by a Business Rule triggered after creating an Organizational Unit in Active Directory. To create such a Business Rule:

1. Create a new Business Rule.

2. On step 2 of the Create Business Rule Wizard, select Organizational-Unit and After Creating a Organizational-Unit.
   

3. On step 3, add the Run a program or PowerShell script action and paste the below PowerShell script in the Script field:
   

    $groupNameProperty = "adm-CustomAttributeText1" # TODO: modify me
    $groupNameTemplate = "{0} Group" # TODO: modify me
    [Softerra.Adaxes.Interop.Adsi.ADS_GROUP_TYPE_ENUM]$groupType =
        "ADS_GROUP_TYPE_GLOBAL_GROUP, ADS_GROUP_TYPE_SECURITY_ENABLED" # TODO: modify me
    $userName = "%name%-admin" # TODO: modify me
    $userPassword = "secret" # TODO: modify me
   
    # Create Group
   
    try
    {
        $groupNamePart = $Context.TargetObject.Get($groupNameProperty)
    }
    catch
    {
        $groupNamePart = $NULL
        $Context.LogMessage("Group name is not specified", "Warning")
    }
   
    if ($groupNamePart -ne $NULL)
    {
        $groupName = [System.String]::Format($groupNameTemplate, $groupNamePart)
        $group = $Context.TargetObject.Create("group","CN=$groupName")
        $group.Put("groupType", [Int32]$groupType)
        try
        {
            $group.SetInfo()
        }
        catch
        {
            $group = $NULL
            $Context.LogMessage($_.Exception.Message, "Warning")
        }
    }
   
    # Create User
   
    $user = $Context.TargetObject.Create("user", "CN=$userName")
    # User Logon Name (pre-Windows 2000)
    $user.Put("sAMAccountName", "$userName")
    # User Logon Name
    $domainName = $Context.GetObjectDomain("%distinguishedName%")
    $user.Put("userPrincipalName", "$userName@$domainName")
    # Password
    $user.Put("unicodePwd", $userPassword)
    # Must change password at first logon
    $user.Put("pwdLastSet", 0)
    # Enable the user account
    $user.AccountDisabled = $False
   
    try
    {
        # Save the user account to the directory
        $user.SetInfo()
    }
    catch
    {
        $user = $NULL
        $Context.LogMessage($_.Exception.Message, "Warning")
    }
   
    # Add user to group
    if (($user) -and ($group))
    {
        $group.Add($user.AdsPath)
    }
   

4. In the script, modify the following to meet your requirements:

   • $groupNameProperty - specifies the Adaxes custom property that will be appended to the group name;
   • $groupNameTemplate - specifies a template for the group name. In the template, {0} will be replaced with the value of $groupNameProperty;
   • $groupType - specifies the group type. For a list of possible values, see ADS_GROUP_TYPE_ENUM;
   • $userName - specifies a template for the user name;
   • $userPassword - specifies the initial password of the user.

5. Enter a short description for the script and click OK.

6. Finish creation of the Business Rule.