Adaxes

Generate email or report when a users email address changes

0 votes

Hi

We've had a request to forward to a mailbox any user who has had their username and email address changed, the email is to show old user name, new user name, old email address and new email address. My plan is to use the 'After User Rename' business rule and 'Send e-mail notification' but I'm not sure how to show the old and new user name and email address, would it need to be a Powershell script for this?

Thanks in advance.

by (700 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

A Business Rule triggered after renaming a user won't help you in this case. The thing is that renaming a user means changing a user's Name property. The Name property specifies sets a name under which a user account appears in Active Directory, for example, John Doe. A username specifies the name under which a user can log in to Active Directory, for example, jdoe@example.com or EXAMPLE\jdoe. That is, a Business Rule triggered after renaming a user will be executed only when the Name property is changed, but not when you set a different username.

To achieve what you want, you'll actually need not 1, but 2 Business Rules. One of the Business Rules will be triggered before updating a user. If an operation changes a username and an e-mail address of a user account, the Business Rule will save the old username and e-mail in certain Adaxes custom attributes of the user account, for example, CustomAttributeText1 and CustomAttributeText2. Such attributes are not stored in Active Directory, but can be used the same as any other attributes of AD objects.

Another Business Rule triggered after updating a user will send the e-mail message. The old values for the properties will be taken from the Adaxes custom attributes that you used in the 1st Business Rule. The new values for the properties will be taken from their current values after the operation is complete.

To create such Business Rules:

I. Create Business Rule triggered before updating username and e-mail to save old values to custom attributes

A Business Rule created per the following instructions will save the old username to the CustomAttributeText1 property, and the old e-mail to the CustomAttributeText2 property.

  1. Create a new Business Rule.

  2. On Step 2 of the Create Business Rule wizard, select User and Before Updating a User.

  3. On Step 3, add the Run a program or PowerShell script action and paste the following script in the Script field:

     # Get current username and mail property values
 $currentUsername = $Context.TargetObject.Get("sAMAccountName")
 $currentMail = $Context.TargetObject.Get("mail")

 # Save current username and mail to the custom attributes
 $Context.TargetObject.Put("adm-CustomAttributeText1", $currentUsername)
 $Context.TargetObject.Put("adm-CustomAttributeText2", $currentMail)
 $Context.TargetObject.SetInfo()

  4. Enter a short description for the script and click OK.

  5. Now, you need to add conditions for the Business Rule to be triggered only when username and e-mail are changed. For this purpose, double-click Always.

  6. Select the If <property> Changed condition type.

  7. Specify If User Logon Name has changed.

  8. Click OK.

  9. Right-click the condition that you've just added and click Add New Condition.

  10. Select the If <property> Changed condition type.

  11. Specify If Email has changed.

  12. Click OK and finish creation of the Business Rule.

Now, in a Business Rule triggered after updating a user, you can use value references to insert the old and the new values for the properties in the e-mail template. To insert the old values, use value references for the virtual attributes that you used, e.g. %adm-CustomAttributeText1% and %adm-CustomAttributeText2%. To get the new values, use the %username% and %mail% value references. Here's a sample mail template:

The Business Rule that you need to configure will look something like this:

Related questions

0 votes
1 answer
Is it possible to generate a report of all of the business rules carried out on a user when they are disabled?

I'd like to be able to either send an email report or export a CSV of all of the business rules carried out when a user is disabled. This would be ... Management Activity section but this includes things that weren't part of the disable operation. Thanks

asked Feb 19, 2020 by bavery (250 points)
0 votes
1 answer
Is there a script to generate a report of all users whose customattribitedate2 matches the current day?

We use this date to determin transfers and start dates. Basicaly on this day the Adaxes resets the password. In the report I would like to ... name, first name, last name, employeeID, CustomAttributeboolean1, customattributeboolean2, and customattributedate2.

asked May 17, 2023 by mightycabal (1.0k points)
0 votes
1 answer
Is there a way to generate a report on "what" is locking out a user's account?

We used to run AD Audit and it would provide additional details on what was locking a user's account (workstation name, application, etc...). Is there are way with Adaxes ... on what is locking an account? Or a way to pull historical data on locked accounts?

asked Nov 16, 2020 by pulsifers (20 points)
0 votes
1 answer
Report: Display the time when members were added or removed from a group

Hi, I've tried to modify a existing report to my needs, without success. The requirement ist to see the add/moved from a group. Like here: Would this be possible with Adaxes? Thanks

asked Feb 20, 2023 by boris (470 points)
0 votes
1 answer
When creating users, does Adaxes generate any type of unique number after user creation?

I’m looking for a way to take a unique number from Adaxes and use part of it to create an employee ID for the AD attribute field.

asked Dec 25, 2023 by cewilson (140 points)
3,346 questions
3,047 answers
7,782 comments
544,984 users