0 votes

Hello again!

I'm building a script that will create Adaxes Security Roles for each new customer we bring on

I'm trying to create a Role with the ability to change passwords of users.

Specifically I want to allow members of the security role to be able to Write the Password Last Set Property and Write the Account Options Property

Here's a snip of the script:

# Allow: User -> Write Account Options Property
$entry = $role.Permissions.Create()

$userClassGuid = # the GUID of the User object class
    "{bf967aba-0de6-11d0-a285-00aa003049e2}"

$entry.AccessType = "ADM_PERMISSION_TYPE_ALLOW"
$entry.AccessMask = "ADS_RIGHT_DS_WRITE_PROP"
$entry.ObjectType = #NeedGUID for the Write Account Options Property
$entry.InheritedObjectType = $userClassGuid

$entry.SetInfo() # save the permission entry
$role.Permissions.Add($entry) # add the permission to the role

# Allow: User -> Write Password Last Set Property
$entry = $role.Permissions.Create()

$userClassGuid = # the GUID of the User object class
    "{bf967aba-0de6-11d0-a285-00aa003049e2}"

$entry.AccessType = "ADM_PERMISSION_TYPE_ALLOW"
$entry.AccessMask = "ADS_RIGHT_DS_WRITE_PROP"
$entry.ObjectType = #NeedGUID for the Password Last Set Property
$entry.InheritedObjectType = $userClassGuid

$entry.SetInfo() # save the permission entry
$role.Permissions.Add($entry) # add the permission to the role

I've found several examples that give me values for the ObjectType but I'm not sure how to find the right values for Permissions Properties. If there's a way to list all the properties for user or group objects it would really help me get the script finished up.

by (4.5k points)

1 Answer

0 votes
by (215k points)
selected by
Best answer

Hello,

To find the GUID of a property:

  1. In the Administration Console, locate an object of the necessary type and select it. For example, if you want to know the GUID of a property of users, locate and select a user.
    The properties of the selected object will be displayed in the Result Pane (located to the right).
  2. Right-click the property you need and select Properties.

    Note: to view empty properties, you need to configure the Administration Console to show empty properties.
  3. Copy the GUID displayed under Attributes.
0

Thanks!

Related questions

0 votes
1 answer

So we have a new domain , lets say @def.com. It's within our primary domain @abc.com...this was done due to a company split. What changed for our users were their ... operational. LDAP Server unavailable" If I use my @abc.com, it works. Please advise. thanks

asked Oct 1, 2013 by MeliOnTheJob (10.6k points)
0 votes
1 answer

I need a list of all the URLs that Adaxes creates in IIS on the server Adaxes is installed on.

asked Feb 6 by DaralenManta (250 points)
0 votes
0 answers

Softerra Adaxes provides role-based security administration, so permissions are granted to users with the help of Security Roles. To view the Security Roles that delegate permissions ... delegated, right-click a Security Role and click Locate Role in Tree.

asked Apr 23, 2009 by Support (215k points)
0 votes
1 answer

I'd like to run code against the Adaxes service but need to pass my Admin credentials. How do I send different creds than the current user?

asked Jul 27 by ComputerHabit (3.4k points)
0 votes
1 answer

Changing the "Forgot your password?" text.

asked Mar 10 by msylvester (650 points)
2,251 questions
2,011 answers
5,504 comments
24,668 users