Active Directory management & automation

Relocate Home Directories after Disabling Users

In this tutorial you will learn how to automate the moving of the home directory of Active Directory users, whose account is disabled. This is useful, for example, if you want to store home directories of all disabled users in a separate network location.

To automate the relocation of user home directories, you need to create a Business Rule that will be automatically executed after an Active Directory user account is disabled.

1Launch Adaxes Administration Console, right-click your Adaxes service, point to New and click Business Rule. The Create Business Rule wizard will open.

Launching the Create Business Rule wizard

2Enter the name for the new Business Rule, and click Next.

3Here you need to specify when the new Business Rule must be executed. As we want to move home directories after a user account is disabled, do the following:

  • Select User in the Object Type list.
  • Select After in the Operation section.
  • Select Disabling a User account in the Operation section and click Next.

Selecting the triggering operation for the Business Rule

4 At the next step, you need to specify what the Business Rule will do when a user account is disabled. To add the Move Home Directory action to the Business Rule, do the following:

  • Click the Add Action link.
  • In the dialog that opens, select the Move the home directory action.
  • In the Action Parameters section, specify a template for the network path to the location where this rule will move user home directories.

Move Home Directory action

To move home directories to locations unique for each user, you need to use value references in the directory path (e.g. \\SERVER\Share\%department%\%username%). Before moving the home directory of a user, these value references will be replaced with the property values of this user.

5 Optionally, you may want the new Business Rule to move home directories to different network locations depending, for example, on the group membership of the user whose account is disabled. For this purpose, do the following:

  • Select the action/condition set (click the created action to highlight the set), and click the Add Condition icon.
  • In the dialog that opens, select the If is a member of <Group> condition type.
  • In the Condition Parameters section, select a group, and click OK.

Adding Business Rule condition

Click the Add action to a new set link and repeat steps 4 and 5 to specify another network location. For the second condition specify is not a member of the group.

Adding additional actions and conditions

When finished, click Next.

6 Here, at the Activity Scope page you need to specify where in Active directory a user must be located, or to what groups or Business Units it must belong to be affected by the Business Rule. Click Add.

Specifying rule activity scope

7 In the Business Rule Activity Scope dialog that opens, select one of the following items:

  • All Objects - select if you want this Business Rule to be executed when disabling user accounts in any AD domain managed by the Adaxes service.

  • Specific Domain - select if you want this Business Rule to be executed when disabling user accounts in the AD domain you specify.

  • OU or Container - select if you want this Business Rule to be executed only when disabling user accounts located under the selected OU or container.

  • Group - select a specific group if you want this Business Rule to be executed only when disabling users that are members of the selected group.

  • Business Unit - select a Business Unit if you want this Business Rule to be executed only when disabling users that are members of the selected Business Unit. To view available Business Units, select the Business Units item in the Look in drop-down list.
  • Viewing Business Units

Select the item you need and click Add. When finished, click OK.

8 The specified activity scope items will be displayed in the Assignments list. Click Finish.

Now, when the Business Rule is complete, every time a user account is disabled (no matter in which way - using Administration Console, Web Interface, via PowerShell scripts, etc.), Adaxes will automatically move the home directory of this user to the specified location.

? Waiting

Progress status: Checking...