0 votes

We have a 3rd party vendor that we are able to add users based on AD security groups. What I need to do is set a parameter for the number of available licenses and whenever a user is added the rule will count the number of users in the group and if the number is within a certain number of the parameter it will trigger an email to purchase more licenses. For example if I have 500 licenses and we add a user, if the total number of users in the group is 495 I would like an email to trigger telling me to add more licenses.

by (70 points)
+1

Hello,

It can be done using a script executed in a business rule triggering After adding a member to a group. For us to provide you with the script, please, specify the following:

  1. Do we understand correctly that the limit is the same for all the groups in question?
  2. If the limit is not the same, do you have it stored in a specific AD property of the groups?
  3. Is the difference to trigger an email the same for all groups?
  4. If the difference is not the same, do you have it stored in a specific AD property of the groups?
  5. Who should the email recipients be? Will they always be the same and predefined?

Any additional details will be much appreciated.

0
  1. The limit will be variable depending on the group. At this time this will only be applied to a single group but may expand after testing. The current thought was to have multiple copies of the rule applied only to the specific group(s)
  2. If needed we can put the limit in an unused AD property
  3. the offset will always be 5 so that we have time to add licenses
  4. See above
  5. Email recipients will always be the same barring staffing changes
0

Hello,

Thank you for the provided details. Do we understand correctly that the current number of licenses is the number of users (and only users) that are members of the group?

In case of multiple groups, storing the limit in an AD property of a group is the best way as there will be just a single business rule and the groups will be specified in its Activity Scope. If you do not want the limit to be stored in an AD property, you can use one of Adaxes custom integer attributes (e.g. CustomAttributeInt1). The attributes are only available in Adaxes.

0

Yes, only users will be counted for licenses We can store in CustomAttributeInt3 as we are not using that for anything

1 Answer

0 votes
by (270k points)
selected by
Best answer

Hello,

Thank you for the confirmation. Have a look at the followng script from our repository: https://www.adaxes.com/script-repository/send-email-if-number-of-users-in-a-group-exceeds-a-limit-s672.htm.

In your case, it should be executed in a business rule triggering After adding a member to a group. The rule will look like the following (make sure to add groups themselves to the Activity Scope, not their members): image.png

Related questions

0 votes
1 answer

So this works for us however we would like to add to check if the last group is at 3 users we would like to send a seperate email but would still like all the above to continue to happen the way it is.

asked Mar 2, 2022 by Keonip (160 points)
0 votes
1 answer

My security team is looking to do a security review and would like the vendor to fill out a questionnaire.

asked Aug 25, 2023 by LarrySargent (20 points)
0 votes
1 answer

Hi All, I am currently using the 30 day free trial of Adaxes and seeing if we can use it to achieve our method of user provisioning. I am looking into server-side ... variable value within an SQL query Can this be achieved? Any help is much appreciated, Thanks

asked Feb 1 by Lewis (40 points)
0 votes
1 answer

Currently, when I disable a user account in Adaxes, the group memberships of the user remain intact. I'd like to automate the removal of group memberships such as distribution ... a list of groups/DL that the user was previously in and removed from. Thanks!

asked Nov 3, 2021 by jayden.ang (20 points)
0 votes
1 answer

Using this built in function: There is no option to change the domain on the user account, however this is not the domain we use for UPN. However after creating a user, you can change it but trying to avoid going back into the object.

asked Apr 14, 2023 by mightycabal (1.0k points)
3,326 questions
3,026 answers
7,727 comments
544,678 users