Adaxes

Feature request - Time limited group membership

0 votes

Dear support,

Active Directory on Windows 2016 will support this much anticipated feature. It will be possible to assign a user to a group for a limited time frame

I would really love if you could investigate about this new possibility and support it in a near futur.

Cheers

by (750 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello Pierre,

The feature is on our radar as well, and with a very high priority.

0

Hello,

Its been more then 1 year. How much on the radar is this function?
It is quite critical to the way security procedures work in our company, thus I would like to escalate this request.

Kind regards.

by (0 points)
0

Hello,

The feature has been announced in Windows Server 2016. We are investigating the possibility of adding it to Adaxes.

As a workaround we suggest the following scenario:

  1. In the Web interface, there will be several Home Page Actions, using which users can be added to groups.
  2. When a user clicks a Home Page Action, they will be presented with a form where they will be able to specify the end date where their membership expires.
  3. When the action is executed, the user will be added to the selected grou or groups. the end date that the user specified and the group DN will be saved in a custom multivalued property of the user. For example, you can use one of Adaxes custom attributes, such as, for example, CustomAttributeMultiValue1. Using a multi-valued attribute will allow add the same user to multiple groups at a time.
  4. A Scheduled Task that runs, say, once a day will check the date specified for each group. When due, it will remove the user from the corresponding groups.

Will this suit your needs?

by (272k points)

Related questions

0 votes
1 answer
Only allow membership to one security group at a time

We have RBAC groups inside an OU. We would like to restrict users from being added to multiple RBAC groups at a time. For example: RBAC Roles OU Sales RBAC Group ... groups outside of this OU structure though. What's the best way to achieve this? Thanks

asked Oct 13, 2021 by bavery (250 points)
0 votes
1 answer
Feature Request: Wildcard Based Group Modifications

As part of business rules etc we are able to add\remove accounts to groups. It would be nice if this feature could be extended to allow for wildcard ... multiple groups that meet the matching condition (without resorting to PowerShell script actions). Thanks

asked Aug 5, 2014 by firegoblin (1.6k points)
0 votes
1 answer
Feature Request: Script repo examples in both powershell and ADSI

the script repo examples are almost entirely written in ADSI, however powershell is now far more widely used, is it possible to have all scripts written in both ADSI and powershell.

asked Jan 5 by i*windows (260 points)
0 votes
1 answer
feature request: Separate view for Shared Mailboxes

Shared mailboxes are treated as standard users, however they really should have a separate view. I would like to request that a new view is made avaiilable for Shared ... office location, data from HR systems, windows profile, etc are not really relevant.

asked Jun 23, 2023 by i*windows (260 points)
0 votes
1 answer
Feature Request: Add ability to make exclusions to built-in report scopes

Hello, Using the "Inactive user allowed to log in" report in Adaxes, I want to be able to select specific OUs to exclude out of the scope in this report, or have the option to filter based on a user property such as Department.

asked Nov 8, 2022 by GronTron (270 points)
3,346 questions
3,047 answers
7,782 comments
544,981 users