0 votes

We have a 3rd party vendor that we are able to add users based on AD security groups. What I need to do is set a parameter for the number of available licenses and whenever a user is added the rule will count the number of users in the group and if the number is within a certain number of the parameter it will trigger an email to purchase more licenses. For example if I have 500 licenses and we add a user, if the total number of users in the group is 495 I would like an email to trigger telling me to add more licenses.

by (70 points)
+1

Hello,

It can be done using a script executed in a business rule triggering After adding a member to a group. For us to provide you with the script, please, specify the following:

  1. Do we understand correctly that the limit is the same for all the groups in question?
  2. If the limit is not the same, do you have it stored in a specific AD property of the groups?
  3. Is the difference to trigger an email the same for all groups?
  4. If the difference is not the same, do you have it stored in a specific AD property of the groups?
  5. Who should the email recipients be? Will they always be the same and predefined?

Any additional details will be much appreciated.

0
  1. The limit will be variable depending on the group. At this time this will only be applied to a single group but may expand after testing. The current thought was to have multiple copies of the rule applied only to the specific group(s)
  2. If needed we can put the limit in an unused AD property
  3. the offset will always be 5 so that we have time to add licenses
  4. See above
  5. Email recipients will always be the same barring staffing changes
0

Hello,

Thank you for the provided details. Do we understand correctly that the current number of licenses is the number of users (and only users) that are members of the group?

In case of multiple groups, storing the limit in an AD property of a group is the best way as there will be just a single business rule and the groups will be specified in its Activity Scope. If you do not want the limit to be stored in an AD property, you can use one of Adaxes custom integer attributes (e.g. CustomAttributeInt1). The attributes are only available in Adaxes.

0

Yes, only users will be counted for licenses We can store in CustomAttributeInt3 as we are not using that for anything

1 Answer

0 votes
by (292k points)
selected by
Best answer

Hello,

Thank you for the confirmation. Have a look at the followng script from our repository: https://www.adaxes.com/script-repository/send-email-if-number-of-users-in-a-group-exceeds-a-limit-s672.htm.

In your case, it should be executed in a business rule triggering After adding a member to a group. The rule will look like the following (make sure to add groups themselves to the Activity Scope, not their members): image.png

Related questions

0 votes
1 answer

I am trying to find a way to get an hourly report on locked out user accounts to only be sent if the total amout of locked out account exceeds 10 users. Is this possible in ... a way to setup the logic to check to see how many items are returned in a report.

asked Jun 12 by Vertigo (50 points)
0 votes
1 answer

So this works for us however we would like to add to check if the last group is at 3 users we would like to send a seperate email but would still like all the above to continue to happen the way it is.

asked Mar 2, 2022 by Keonip (180 points)
0 votes
1 answer

My security team is looking to do a security review and would like the vendor to fill out a questionnaire.

asked Aug 25, 2023 by LarrySargent (20 points)
0 votes
1 answer

Hi All, I am currently using the 30 day free trial of Adaxes and seeing if we can use it to achieve our method of user provisioning. I am looking into server-side ... variable value within an SQL query Can this be achieved? Any help is much appreciated, Thanks

asked Feb 1 by Lewis (40 points)
0 votes
1 answer

Currently, when I disable a user account in Adaxes, the group memberships of the user remain intact. I'd like to automate the removal of group memberships such as distribution ... a list of groups/DL that the user was previously in and removed from. Thanks!

asked Nov 3, 2021 by jayden.ang (20 points)
3,567 questions
3,258 answers
8,266 comments
547,929 users