Active Directory management & automation

Grant Rights to Execute Custom Commands

To execute Custom Commands, users must be granted appropriate permissions. It is possible to allow or deny the execution of either a specific custom command or all custom commands defined in Adaxes. The rights for Custom Command execution as well as any other rights in Adaxes are granted with the help of Security Roles. This enables you to, for example, allow specific users or groups to perform specific custom commands only on the AD objects located in a specific OU, on the members of a specific group or Business Unit, on all objects located in several AD domains, etc.

In this tutorial, you will learn how modify the built-in Security Role Help Desk to:

  • allow execution of all Custom Commands on all AD object types,
  • deny execution of all Custom Commands on Computers,
  • deny execution of a specific custom command.
If some undesired changes were made to a built-in Security Role, you can discard all changes made to this Role. For this purpose, right-click the Role you need and click Restore to Initial State in the context menu.
Launch Adaxes Administration Console, expand Adaxes service \ Configuration \ Security Roles \ Builtin. Select the Help Desk role. The permissions and assignments of this role will be displayed in the Result Pane (located to the right).

Select Security Role


To allow the execution of all Custom Commands on all AD object types, add the Execute All Custom Commands permission applied to All object types.
Add 'Execute All Custom Commands' Permission

Step by step

  1. In the Result Pane (located to the right), click Add.
    Click Add Permission
  2. Select All object types and check the Execute All Custom Commands permission in the Allow column. Click OK
    Permissions to Execute All Custom Commands

To deny execution of all Custom Commands on Computers, deny the Execute All Custom Commands permission for the Computer object type.
Deny 'Execute All Custom Commands' Permission for Computers

Step by step

  1. In the Result Pane (located to the right), click Add.
    Click Add Permission
  2. Select Computer in the list of object types and check the Execute All Custom Commands permission in the Deny column. Click OK.
    Deny Execute All Custom Commands on Computers
The Deny permissions always override the Allow permissions, so users will not be able to execute Custom Commands on Computers, even if other Security Roles grant them such rights.

To deny execution of the custom command 'My Command', deny the Execute 'My Command' permission for the corresponding object type.
Deny 'Execute My Command' Permission

Step by step

  1. In the Result Pane (located to the right), click Add.
    Click Add Permission
  2. Select an object type, on which the Custom Command can be executed and check the Execute 'My Command' permission in the Deny column. Click OK.
    Deny Execute My Command
If the Custom Command 'My Command' is deleted, the permissions that allow or deny execution of this command will be deleted from Security Roles automatically.
? Waiting

Progress status: Checking...