Relocate Home Directories after Disabling Users
In this tutorial you will learn how to automate the moving of the home directory of Active Directory users, whose account is disabled. This is useful, for example, if you want to store home directories of all disabled users in a separate network location.
To automate the relocation of user home directories, you need to create a Business Rule that will be automatically executed after an Active Directory user account is disabled.
Launch Adaxes Administration Console, right-click your Adaxes service, point to New and click Business Rule. The Create Business Rule wizard will open.
Enter the name for the new Business Rule, and click Next.
Here you need to specify when the new Business Rule must be executed. As we want to move home directories after a user account is disabled, do the following:
- Select User in the Object Type list.
- Select After in the Operation section.
- Select Disabling a User account in the Operation section and click Next.
At the next step, you need to specify what the Business Rule will do when a user account is disabled. To add the Move Home Directory action to the Business Rule, do the following:
- Click the Add Action link.
- In the dialog that opens, select the Move the home directory action.
- In the Action Parameters section, specify a template for the network path to the location where this rule will move user home directories.
Optionally, you may want the new Business Rule to move home directories to different network locations depending, for example, on the group membership of the user whose account is disabled. For this purpose, do the following:
- Select the action/condition set (click the created action to highlight the set), and click the Add Condition icon.
- In the dialog that opens, select the If is a member of <Group> condition type.
- In the Condition Parameters section, select a group, and click OK.
Click the Add action to a new set link and repeat steps 4 and 5 to specify another network location. For the second condition specify is not a member of the group.
When finished, click Next.
Here, at the Activity Scope page you need to specify where in Active directory a user must be located, or to what groups or Business Units it must belong to be affected by the Business Rule. Click Add.
In the Business Rule Activity Scope dialog that opens, select one of the following items:
All Objects - select if you want this Business Rule to be executed when disabling
user accounts in any AD domain managed by the Adaxes service.
Specific Domain - select if you want this Business Rule to be executed when
disabling user accounts in the AD domain you specify.
OU or Container - select if you want this Business Rule to be executed only
when disabling user accounts located under the selected OU or container.
Group - select a specific group if you want this Business Rule to be executed
only when disabling users that are members of the selected group.
- Business Unit - select a Business Unit if you want this Business Rule to be executed only when disabling users that are members of the selected Business Unit. To view available Business Units, select the Business Units item in the Look in drop-down list.
Select the item you need and click Add. When finished, click OK.
The specified activity scope items will be displayed in the Assignments list. Click Finish.
Now, when the Business Rule is complete, every time a user account is disabled (no matter in which way - using Administration Console, Web Interface, via PowerShell scripts, etc.), Adaxes will automatically move the home directory of this user to the specified location.