0 votes

Hello

After adding or removing users (from WebUI) from certaing sec. groups, I let a Business Rule execute two Scheduled Tasks,
as shown in this http://www.adaxes.com/sdk/?ApiDocumenta ... struction.

The BR responds correctly, but I get this error:


The Script:

Adding og removing a user via the Adaxes Administration Console throws the same error.

- Thanks in advance.

by (2.6k points)

1 Answer

0 votes
by (215k points)
selected by
Best answer

Hello,

Most probably, the errors occur because you've placed your Scheduled Tasks in a certain sub-container within the Scheduled Tasks container. The sample script you've mentioned assumes that the Scheduled Task you want to run is located directly under the Scheduled Tasks container. If you've created the tasks in a certain sub-container, then you need a slightly different code.

However, this approach is not optimal from the point of view of performance. As far as we understand, the 2 Scheduled Tasks that you want to run are based on the following scripts from the Script Repository: Create LDAP filter to find all subordinates of user and Create LDAP filter to find all objects managed by user. Is that correct?

In that case, we recommend the following: you need to move all the logic contained in the Scheduled Tasks to Custom Commands. You will be able to run the commands on a schedule, using a Scheduled Task, or on the users that have been added to or removed from the groups, using a Business Rule.

What you actually need to is as follows:

  • Create Custom Commands that run the scripts
  • Create a Scheduled Task that runs your Custom Commands on a regular basis
  • Create a Business Rule that runs your Custom Commands once a new member is added to or removed from a group to update the managed users / objects of the new or removed member.

To implement such a solution:

i. Create Custom Commands that run the scripts

To create a Custom Command that runs one of the scripts you need:

  1. Create a new Custom Command.
  2. If you don't want the Custom Command to be available in the UI, you need to disable it. Disabled Custom Commands cannot be executed on AD objects manually, but can be run using Business Rules, Custom Commands and Scheduled Tasks. To disable the command, on step 1 of the Create Custom Command wizard, remove the Enabled option.
  3. On step 2, select the User object type.
  4. On step 3, add the Run a program or PowerShell script action and paste the script that you Custom Command needs to run.
  5. Modify the parameters of the script, if necessary, enter a short description for the script and click OK.
  6. Click Next, then click Finish.

ii. Create a Scheduled Task that runs the Custom Commands on a regular basis
To create such a Scheduled Task:

  1. Create a new Scheduled Task.
  2. On step 3 of the Create Scheduled Task wizard, select the User object type.
  3. On step 4 add the Execute a Custom Command action and click Select.
  4. Select a Custom Command you need and click OK.
  5. To execute another Custom Command, right-click the action you've just added and select Add New Action.
  6. Finish creation of the Scheduled Task.

iii.Create a Business Rule to update the managed users / objects of a new or removed member.
To create a Business Rule that runs the Custom Commands once group membership changes:

  1. Create a new Business Rule.

  2. On step 2 of the Create Business Rule wizard, select the Group and After adding or removing a member from a Group.

  3. On step 3, add the Run a program or PowerShell script action, and paste the following script. The script will run your Custom Commands for a new or removed member. If the new/removed member is a group, the script will run the commands for all users who are members of the group.

     $customCommandIDs = @("{e5a15803-149d-4dec-9f33-c94afbcea436}", "{b0861f0d-47a5-4e90-bf6c-e81c30751d6f}") # TODO: modify me
    
     # Bind to the new member
     $newMember = $Context.BindToObjectEx("Adaxes://%member%", $True)
    
     switch ($newMember.Class)
     {
         "User"
         {
             # Execute the Custom Commands
             foreach ($commandID in $customCommandIDs)
             {
                 $newMember.ExecuteCustomCommand($commandID)
             }
         }
         "Group"
         {
             # Get group members
             try
             {
                 $memberGuidsBytes = $newMember.GetEx("adm-MembersGuid")
             }
             catch
             {
                 return # No members
             }
    
             # Build filter to find all users who are members of the group
             $filter = New-Object "System.Text.StringBuilder"
             [void]$filter.Append("(&(sAMAccountType=805306368)(|")
             foreach ($guidBytes in $memberGuidsBytes)
             {
                 [void]$filter.Append([Softerra.Adaxes.Ldap.FilterBuilder]::Create("objectGuid", [Guid]$guidBytes))
             }
             [void]$filter.Append("))")
    
             # Search the users
             $searcher = $Context.BindToObject("Adaxes://rootDSE")
             $searcher.SearchFilter = $filter.ToString()
             $searcher.PageSize = 500
             $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
             $searcher.VirtualRoot = $True
    
             try
             {
                 $searcherResultIterator = $searcher.ExecuteSearch()
                 $users = $searcherResultIterator.FetchAll()
    
                 foreach ($userID in $users)
                 {
                     # Execute the Custom Commands
                     $user = $Context.BindToObjectEx($userID.AdsPath, $True)
                     foreach ($commandID in $customCommandIDs)
                     {
                         $user.ExecuteCustomCommand($commandID)
                     }
                 }
             }
             finally
             {
                 # Close the search and release resources
                 $searcherResultIterator.Dispose()
             }
         }
         deafult
         {
             return
         }
     }
    
  4. In the script, $customCommandIDs specifies the IDs of the Custom Commands to run. Specify the IDs of the commands created on step i. How to get the ID of a Custom Command.

  5. Finish creation of the Business Rule.

0

Great solution - thanks !

:D

Related questions

0 votes
1 answer

Is there a way to have a Scheduled Task with 4 different condition? I want to create a scheduled task start every Monday and the condition see: The next Saturday of the week ... of the week is the fifth of the month then no action Thanks in advance, Simone

asked 1 day ago by Simone.Vailati (230 points)
0 votes
1 answer

Hi, I need to start Adaxes scheduled task from Powershell console running on another host. How can I do that?

asked May 21, 2020 by KIT (520 points)
0 votes
1 answer

I have a feild called Decommissioned Date and I can not figure out how to run a scheduled task the day after that date. So If an account got decommissioned today I want the task to run tomorrow.

asked Jan 9, 2020 by hgletifer (1.2k points)
0 votes
1 answer

Hello - I'm working on my companies off boarding process and need to run a Custom Command that turns off access to different systems and resources at the ... -9612-c7c982baa49f}" $user.ExecuteCustomCommand($commandID) # Save the Scheduled Task $task.SetInfo()

asked Jul 16, 2015 by jakesomething (190 points)
0 votes
1 answer

I have a PowerShell Script (being run in a Custom Command) that creates a Scheduled Task that runs another Custom Command but I want the resulting Scheduled ... Exclude = $False $scopeItem.SetInfo() $task.ActivityScopeItems.Add($scopeItem) $task.SetInfo() }

asked Apr 1, 2021 by Staj (350 points)
2,634 questions
2,369 answers
6,291 comments
971,444 users