AdaxesService identified as initiator

Question

Hello

In a Custom Command, a manager can remove the a user from all groups (except for some mandetory ones).

Removal is done this way: Remove-AdmGroupMember -Identity $Gruppe.sAMAccountName -Members "%sAMAccountName%" -Server $Server -AdaxesService localhost -Confirm:$False

Removal from some groups may need to be approved by the (target) user's manager.
This is triggered by a Business Rule, that programmatically sends the approval request to the manager.

When a manger initiates the CC on a user, I expect that the removal should be auto-approved, but the initiator seems unknown and the user is not removed. Instead, the manager gets a approval requst ?

In the Log, Adaxes Service is identified as initiator. This may technically be correct, but issues some troubles.

I wonder why and where the real (human) initiator is lost in the process ?

- Thanks

Answer 1

Hello,

the issue occurs because you remove a user from a group using a script. Scripts are run by Adaxes service. The service runs under the credentials of Adaxes default service administrator (the user account that you specified when installing Adaxes). Thus, the initiator is the default service administrator. Most probably, it is displayed as N/A in the Web interface because the user doesn't have sufficient permissions to view the service administrator in Active Directory.

You can work around the issue using Adaxes ADSI interfaces. The following script will do the job:

$groupPath = $Gruppe.AdsPath

# Bind to group
$group = $Context.BindToObjectEx($groupPath, $True)

# Remove user from group
$group.Remove($Context.TargetObject.AdsPath)

Comments

Got it now :oops:

- Thanks