0 votes

We have a 3rd party vendor that we are able to add users based on AD security groups. What I need to do is set a parameter for the number of available licenses and whenever a user is added the rule will count the number of users in the group and if the number is within a certain number of the parameter it will trigger an email to purchase more licenses. For example if I have 500 licenses and we add a user, if the total number of users in the group is 495 I would like an email to trigger telling me to add more licenses.

by (70 points)
+1

Hello,

It can be done using a script executed in a business rule triggering After adding a member to a group. For us to provide you with the script, please, specify the following:

  1. Do we understand correctly that the limit is the same for all the groups in question?
  2. If the limit is not the same, do you have it stored in a specific AD property of the groups?
  3. Is the difference to trigger an email the same for all groups?
  4. If the difference is not the same, do you have it stored in a specific AD property of the groups?
  5. Who should the email recipients be? Will they always be the same and predefined?

Any additional details will be much appreciated.

0
  1. The limit will be variable depending on the group. At this time this will only be applied to a single group but may expand after testing. The current thought was to have multiple copies of the rule applied only to the specific group(s)
  2. If needed we can put the limit in an unused AD property
  3. the offset will always be 5 so that we have time to add licenses
  4. See above
  5. Email recipients will always be the same barring staffing changes
0

Hello,

Thank you for the provided details. Do we understand correctly that the current number of licenses is the number of users (and only users) that are members of the group?

In case of multiple groups, storing the limit in an AD property of a group is the best way as there will be just a single business rule and the groups will be specified in its Activity Scope. If you do not want the limit to be stored in an AD property, you can use one of Adaxes custom integer attributes (e.g. CustomAttributeInt1). The attributes are only available in Adaxes.

0

Yes, only users will be counted for licenses We can store in CustomAttributeInt3 as we are not using that for anything

1 Answer

0 votes
by (257k points)
selected by
Best answer

Hello,

Thank you for the confirmation. Have a look at the followng script from our repository: https://www.adaxes.com/script-repository/send-email-if-number-of-users-in-a-group-exceeds-a-limit-s672.htm.

In your case, it should be executed in a business rule triggering After adding a member to a group. The rule will look like the following (make sure to add groups themselves to the Activity Scope, not their members): image.png

Related questions

0 votes
1 answer

So this works for us however we would like to add to check if the last group is at 3 users we would like to send a seperate email but would still like all the above to continue to happen the way it is.

asked Mar 2, 2022 by Keonip (160 points)
0 votes
1 answer

My security team is looking to do a security review and would like the vendor to fill out a questionnaire.

asked Aug 25 by LarrySargent (20 points)
0 votes
1 answer

Currently, when I disable a user account in Adaxes, the group memberships of the user remain intact. I'd like to automate the removal of group memberships such as distribution ... a list of groups/DL that the user was previously in and removed from. Thanks!

asked Nov 3, 2021 by jayden.ang (20 points)
0 votes
1 answer

Using this built in function: There is no option to change the domain on the user account, however this is not the domain we use for UPN. However after creating a user, you can change it but trying to avoid going back into the object.

asked Apr 14 by mightycabal (780 points)
0 votes
1 answer

Hello all, I'm trying to send an email to an O365 private group after a user account has expired. I'm currently able to send to single users, but whenever I specify ... , and the adaxes log shows no errors. Any pointers would be greatly appreciated. Thank you!

asked Aug 12, 2021 by lw.fa (130 points)
3,175 questions
2,878 answers
7,369 comments
507,772 users