0 votes

Hi,

Is there a way I can create a rule based group or scheduled task in which the Direct reports of the direct reports are added to a group? So for example:

CEO VP's report to CEO Directors report to VP's

In this case I only want the Directors added but this can't be done with job title and the titles don't all inlcude Director. Essentially, I'd like to be able to check if a user reports to CEO (by name, rather than role) then add direct reports to the group and then also remove anyone that is already in the list that no longer reports to a manager who reports to the CEO.

Thanks in advance

by (180 points)
0

Hello Gareth,

Do we understand correctly that a specific group should contain anybody whose manager has CEO in their name?

For us to suggest a solution, please, specify the version of Adaxes you are using. For information on how to check it, have a look at the following help article: https://www.adaxes.com/help/CheckServiceVersion.

0

Hi,

Thanks for the quick reply.

No, so essentially the group needs to contain all the direct reports of the users who report to the CEO.

So if say usera reports to the CEO then the group needs to contain all of the direct reports of usera but not usera itself.

I am using 3.15.20817.0

Thanks!

0

Hello Gareth,

Thank you for clarifying. Do you have just a single CEO user or there are multiple ones?

0

There is only a single CEO user and we can target them by samaccountname or job title, whichever is easiest.

I don't know whether or not it would be easier perhaps to use a boolean custom attribute?

So if users manager reports to CEO: Then mark boolean as true

Then make a rule based membership based on the boolean attribute?

I just can't work out how to assign the attribute and get the logic right for the if statement.

1 Answer

+1 vote
by (267k points)
selected by
Best answer

Hello Gareth,

Thank you for the confirmation. There is no need to use any additional attributes. Also, for your information, Adaxes custom attributes cannot be used in search criteria. To achieve the desired, use the below script in a scheduled task configured for the User object type. The Activity Scope of the task should only include the CEO user. In the script, the $groupDN variable specifies the distinguished name (DN) of the group. For information on how to get an object DN, see https://adaxes.com/sdk/HowDoI.GetDnOfObject.

$groupDN = "CN=My group,OU=Groups,DC=domain,DC=com" # TODO: modify me

# Bind to the group
$group = $Context.BindToObjectByDN($groupDN)

# Get direct reports of target user
try
{
    $directReportDNs = $Context.TargetObject.GetEx("directReports")
}
catch
{
    # Remove all group members
    $group.Put("member", $NULL)
    $group.SetInfo()
    return
}

$newMembers = New-Object System.Collections.ArrayList
foreach ($directReportDN in $directReportDNs)
{
    # Get second level direct reports
    $directReport = $Context.BindToObjectByDN($directReportDN)
    try
    {
        $secondLevelReportDNs = $directReport.GetEx("directReports")
    }
    catch
    {
        continue
    }

    # Add second level direct reports to group
    $newMembers.AddRange($secondLevelReportDNs)
}

# Update group members
if ($newMembers.Count -eq 0)
{
    $group.Put("member", $NULL)
}
else
{
    $group.Put("member", $newMembers.ToArray())
}

# Save the changes
$group.SetInfo()
0

Thanks, that's great! Does that also remove users who are no longer direct reports of the ceo's direct reports?

0

Hello Gareth,

Yes, that is included.

0

Thank you!

Related questions

0 votes
1 answer

Ideally looking to make this a rule based group, but report or business unit should work also. In our domain, service accounts become direct reports of the user who requested/ ... if a specific object is a/not a direct report. Is this possible? Thank you

asked Nov 14, 2023 by ThompsonAlex (40 points)
0 votes
1 answer

Hi! I want to setup a scheduled action to send out a email once per week of what users each of our managers has as direct reports with a link to create a email to our ... want the opposite .... https://www.adaxes.com/script-repositor ... s-s219.htm /Kaj

asked Jan 30, 2019 by KajLehtinen (650 points)
0 votes
1 answer

We would like to use the "Rule Based Groups" functionality that Adaxes has to create distribution groups where we have one group per manager and the members are the user ... so that the link doesn't break when changes happend to the managers AD object?

asked Oct 27, 2021 by odsven (1.8k points)
0 votes
0 answers

Or would the DLs have to be manually created and rules set up? I'm starting to look into features of the product before demoing, and was hoping there was an easy answer on this one. Thanks

asked Oct 7, 2020 by SIRI-Steele (40 points)
0 votes
1 answer

If a user is disabled, I would like the following process to be automated: Direct reports of this disabled user (user A) are reassigned to new active user (user B) who ... is sent to User B indicating User As direct reports have been transferred to User B

asked Apr 29, 2022 by Cavolick (60 points)
3,293 questions
2,991 answers
7,664 comments
544,194 users