Adaxes

Schedule a user to be added to a group via Web Interface

0 votes

Hello,

I'm evaluating the use of Adaxes at my organization, where on a weekly basis we have users changing positions, and require (among other things that Adaxes appears to be capable of doing) adding access to different shares, while removing access to the shares of the position they are leaving.

Is it possible to setup a "Schedule User Move" Web UI action where an IT member can select the user, the group they are destined to go to, and a date for this action to happen on?

Thanks!

by (50 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

To resolve the issue, you will need to create a Home Page Action where an IT member will be able to set the date and job title, and also a Scheduled Task that will actually move the user to the specified group on the date set via the Home Page Action.

Probably it will be more convenient to add position name on which group membership depends instead of selecting the group to move the user to. We recommend storing the position name, until it is actually assigned to the user on the target day, in a custom attribute. Such attributes are not stored in AD, but can be used the same as any other attributes of AD objects. You can use one of the attributes that is used for storing text (string) values, e.g. CustomAttributeText1. For a date, you need to use an attribute that allows storing date/time values, e.g. CustomAttributeDate1.

Creating a Home Page Action
To create a a Home Page Action that allows specifying a new job title and the date when to assign it:

  1. Launch the Adaxes Web Interface Configuration Tool on the computer, where the Web Interface is installed.
  2. On the General tab, click Configure Home Page Actions.
  3. Click Add.
  4. Select Modify User.
  5. Follow instructions of the wizard. On the Form Customization page, select Use customized form and click Customize Form.
  6. Remove all sections except General and remove all fields.
  7. To add properties that will be modified by an IT member (job title and date), click Add under the Section fields section.
  8. Select the Show all properties checkbox and select the CustomAttributeText1 property. Click OK.
  9. Click Add again.
  10. Select the Show all properties checkbox and select the CustomAttributeDate1 property. Click OK.
  11. Finish creating the action.

Creating a Scheduled Task
The Scheduled Task will move the user to the necessary group on the date specified in the CustomAttributeDate1 attribute. To create it:

  • Create new Scheduled Task.

  • Add an action that will add the user to a group depending on the job title:

    1. On the Actions page, click Add Action.
    2. Select Add the User to a group and click Select Group.
    3. Select the group to move the user to. Click OK.
    4. Click Add Condition.
    5. Select the If <property>< relation ><value> condition type.
    6. Specify If CustomAttributeText1 equals and enter a job title, for example, Marketing Manager. Then, click OK.

      Note: you can use the If CustomAttributeText1 contains condition to enter a part of the job title.
    7. Click Add Condition again to specify when the task will be executed.
    8. Select the If <property> <relation> <value> condition type.
    9. Specify IfCustomAttributeDate1 less or equal.
    10. Click the associated Edit button.
    11. On the Generate date tab, select Current date/time. Click OK twice.
    12. You also need to add a condition that will check that the CustomAttributeDate1 attribute is not empty. To do so, click Add Condition.
    13. Select the If <property> <relation> <value> condition type.
    14. Specify IfCustomAttributeDate1 is not empty.
    15. Now you need to add an action to clear the CustomAttributeDate1 attribute. This way each user will be processed only once. To do so, click Add Action.
    16. Select Update the user and click Add.
    17. In the Property to modify field, select CustomAttributeDate1.
    18. Select Remove property. Click OK twice.

  • Now, add an action that will remove the user from the group they belong to.

    1. Click Add action to a new set.
    2. Select Remove the User from a group and click Select Group.
    3. Select the group to remove the user from and click OK.
    4. Click Add Condition.
    5. Select the If <property>< relation ><value> condition type.
    6. Specify If CustomAttributeText1 does not equal and enter a job title, for example, Marketing Manager. Then, click OK.

      Note: you can use the If CustomAttributeText1 does not contain condition to enter a part of the job title.
    7. Click Add Condition to specify when the task will be executed for a user.
    8. Select If <property> <relation> <value> condition type.
    9. Specify If CustomAttributeDate1 less or equal.
    10. Click the associated Edit button.
    11. On the Generate date tab, select Current date/time. Click OK twice.
    12. Click Add Condition again.
    13. Select the If <property> <relation> <value> condition type.
    14. Specify If CustomAttributeDate1 is not empty and click OK.
      You should get something like this:

  • Repeat steps ii-iii for each job title.

  • Finish creation of the Scheduled Task.

If you have many groups, you can use a script in your Scheduled Task as described in the following tutorial: http://www.adaxes.com/tutorials_Automat ... cripts.htm.

The script you need is Example 1.

You can simplify entering data into the CustomAttributeText1 property by creating a drop-down list of possible values to select from, as described in the following tutorial: http://www.adaxes.com/tutorials_Simplif ... tments.htm.

Related questions

0 votes
1 answer
Business Rule - 'After user updated' not triggered when the user is added to a group.

I need a way of triggering a business rule based on the user (and not the group) being added or removed from a group. The reason I would like this triggered on the user is so ... prefer not to do that. I am checking to see if there is another way to do this.

asked May 16, 2023 by mark.it.admin (2.3k points)
0 votes
1 answer
Send Email to User When added to a specific group

Hello, I'm trying to setup a business rule that will send an email to the user when they are added to a group. Under the User Object I don't have an option to Launch ... to get the new group member's email address so I can send a notification to it? Thanks!

asked Dec 1, 2015 by drew.tittle (810 points)
0 votes
1 answer
Powershell: Removing a user from one group and adding to another via Scheduled Task

I have a scheduled task that runs a Powershell script against an AD group, "Group 1". I need to get all of the members of Group 1, and add them to Group 2. The ... identity in the error message start with 'user;'? What is the correct way to accomplish this?

asked Aug 27, 2019 by ngb (220 points)
0 votes
1 answer
Adding Multiple Users to a Group - Web Interface

I get this question quite a bit.... Our staff is used to being able to paste a well-formed listing of users into "Active Directory Users and Computers" when they are ... the web interface)? If not, are you considering adding this ability in the future? Thanks!

asked May 22, 2012 by BradG (950 points)
0 votes
1 answer
Problem setting up group management via web interface

Hi everyone! I have a problem granting permission to edit group members using the web interface. Somewhere something is missing but I don't see it. I have three ... in the web interface config for the necessary options to become available? Thanks for reading!

asked Sep 9, 2020 by EirĂ­kr (120 points)
3,346 questions
3,047 answers
7,775 comments
544,976 users