Active Directory management & automation

Tutorials

Send E-mail on Adding Members to Specific Groups

With the help of Adaxes, it is possible to automatically send e-mail notifications of any operation performed in Active Directory. In this tutorial, you will learn how to configure Adaxes to automatically send an e-mail when a new member is added to specific Active Directory groups. This is useful, for example, if you need to control the group membership of critical Active Directory groups.

To send e-mail notifications about new group members, you need to create a Business Rule that will be automatically executed after a member is added to an AD group.

1Launch Adaxes Administration Console, right-click your Adaxes service, point to New and click Business Rule . The Create Business Rule wizard will open.

Launching the Create Business Rule wizard

2Enter the name for the new Business Rule and click Next.

3Here you need to specify when the new Business Rule must be executed. As we want to send notifications after a member is added to a group, do the following:

  • Select Group in the Object Type list.
  • Select After in the Operation section.
  • Select Adding a member to a Group in the Operation section and click Next.

Selecting the triggering operation for the Business Rule

4 At the next step, you need to specify what the Business Rule will do when a member is added to a group. To add the 'Send e-mail notification' action to the Business Rule, do the following:

  • Click the Add Action link.
  • In the dialog that opens, select the Send e-mail notification action.
  • In the To field, specify semicolon-separated e-mail addresses of the notification recipients. To send this notification to all members of the group, to which a new member is added, provided that this group has an e-mail address established, you can use value reference %mail%. This value reference will be replaced with the e-mail address of the group.
  • In the Subject filed, specify a subject for the notification.
  • In the Text filed, specify the notification text.
  • Click OK.

Send e-mail notification action

If you want the notification to include information about the group, to which a new member is added, you can use value references (e.g. %name%). Before sending a notification, Adaxes will replace these value references with the property values of this group. To include the logon name of the user who added a new member to the group, you can use value reference %initiator%. For example, you can enter the following notification text:
Group Name: %name%
New Member: %member%
Initiator: %initiator%
After replacing value references, the notification text will be as follows:
Group Name: Enterprise Admins
New Member: CN=John Doe,CN=Users,DC=example,DC=com
Initiator: aaron.dorben@example.com
If you want the e-mail notification to include the description of the operation that triggered the Business Rule, you need to insert value reference %adm-OperationDescription% into the text of the notification. Before sending a notification, Adaxes will replace this value references with the operation description. For example, if user Oliver Brune is added to group EMEA Group, %adm-OperationDescription% will be replaced with the following text:

Add 'Oliver Brune (example.com\HR Department)' to 'EMEA Group (example.com\HR Department)'.

5 Optionally, you may want the Business Rule to send e-mail notifications, only if certain conditions are met. For example, to send notifications, only if the user who performed the operation is not a member of a specific AD group, do the following:

  • Select the action/condition set (click the created action to highlight the set) and click the Add Condition icon.
  • In the dialog that opens, select the If the initiator is a member of <Group> condition type.
  • Select is not in the drop-down list located in the Condition Parameters section.
  • Click the Select Group button and select the group you need.
  • Click OK.

Adding Business Rule condition

When finished, click Next.

6 Here, at the Activity Scope page you need to specify, for which AD groups the Business Rule will send notifications. Click Add.

Specifying rule activity scope

7 In the Business Rule Activity Scope dialog that opens, select one of the following items:

  • All Objects - select if you want this Business Rule to send a notification, if a member is added to any group located in any AD domain managed by the Adaxes service.

  • Specific Domain - select if you want this Business Rule to send a notification, if a member is added to any group located in the AD domain you specify.

  • OU or Container - select if you want this Business Rule to send a notification, if a member is added to any group located under the selected OU or container.

  • Group - select a specific group, if you want this Business Rule to send a notification, if a member is added either to this group or to a group that is a member of this group. Once selected, you will need to specify the assignment scope in the Assignment Options dialog.

    Assignment Options

    To send a notification if a member is added to the selected group only, select This Group object .

    To send a notification if a member is added to a group that is a member (direct or indirect) of the selected group, select Members of this Group.

    To send a notification if a member is added to a group that is a direct member of the selected group, select Direct members only.

    Assignment Options

  • Business Unit - select a Business Unit, if you want this Business Rule to to send a notification, if a member is added to a group that is a member of the selected Business Unit. To view available Business Units, select the Business Units item in the Look in drop-down list.

    • Viewing Business Units

Select the item you need and click Add. When finished, click OK.

8 The specified activity scope items will be displayed in the Assignments list. Click Finish.

Now, when the Business Rule is complete, every time a member is added to a certain AD group (no matter in which way - using Administration Console, Web Interface, via PowerShell scripts, etc.), Adaxes will automatically send a notification to the specified recipients.


To enable Adaxes to send e-mail notifications, you need to configure the outgoing mail settings for your Adaxes service:

  • Right-click your Adaxes service and click Properties in the context menu.
  • Click the Mail Settings tab and change the SMTP settings.

Specifying SMTP settings for Adaxes service

Delegating Permissions

Hide Active Directory objects from users
Grant rights to create users
Grant rights to modify account options
Allow managers to manage their teams
Grant rights to modify AD group membership
Grant rights to reset passwords and unlock accounts
Grant rights to create and modify Business Units
Deny rights to delete users
Grant rights to execute Custom Commands
Grant rights to modify specific properties of AD objects
Grant rights to move users between OUs

Automating Daily Tasks

Automate user home directory creation
Relocate home directories after disabling users
Automatically add users to groups by department
Add users to a specific group when they are disabled
Automatically change group membership using scripts
Move newly created users to a specific OU
Request approval for user deletion
Run PowerShell script after creating a user
Automate Exchange mailbox creation for new users
Automate Exchange mailbox configuration
Schedule tasks for AD management
Automatically set profile path for Remote Desktop Services
Send e-mail on adding members to specific groups
Send initial password to newly created users via SMS
Delete inactive computers from Active Directory
Automatically deprovision inactive AD users

Simplifying Data Entry

Auto-populate the company name when creating users
Change template for auto-generating users' full name
Specify list of departments to avoid repetitive typing
Disallow specifying telephones without country code
Make Employee ID a required property & specify its format
Set default account options for creating users
Validate/modify user input using a script
Predefine selection of Exchange mailbox stores
Automatically set account expiration date for new users
Generate initial password on user creation
Automatically set users' address based on their office
Provide custom help and tips for AD object properties

Active Directory Management

View & manage AD objects collectively
Create a Custom Command
Rename multiple AD users with one operation
Reset passwords for multiple users
Import user accounts from a CSV file
Schedule import of users from a CSV file
Modify Remote Desktop Services settings in bulk
Update user account options in bulk
Update multiple AD objects using PowerShell
View AD operations performed via Adaxes
Manage Fine-Grained Password Policies
Configure user deprovisioning

Web Interface Customization

Set custom logo and colors
Customize forms for user creation and editing
Customize Sign-In page and logon name options
Prevent users from viewing the Active Directory structure
Allow/deny access to the Web Interface
Disallow certain operations on Active Directory objects
Customize the Home page
Configure Home page actions
Configure the Active Directory pane
Customize Active Directory search
Put a custom message on the Change Password form
Hide specific Active Directory reports
Disable specific Web Interface components
Select the AD object types to be displayed in the UI
Manage Active Directory objects of a custom type
Configure columns in Active Directory object lists
Allow using templates for user creation
Customize Help and Support links
Create additional Web Interface sites

Self-Service

Configure Password Self-Service
Autoenroll users for Self-Password Reset
Allow users to modify specific properties of their accounts