Adaxes

Business rule not applied?

0 votes

image.png

I have business rule that is NOT applied to group license_AAD_PREMIUM_P2_internal group even it should according activity scope. Scope for this group was added through PowerShell code mentioned here https://adaxes.com/sdk/DefiningScopeOfActivity/#example-4-include-a-specific-group-object-not-members-of-the-group

What can be the cause of this?

Code looks like this image.png

PS: I encountered same behaviour for security roles (also modified by PS script)

by (1.0k points)
edited by
0

Hello,

For troubleshooting purposes, please, do the following:

  • Specify the triggering operation of the business rule (e.g. After updating a group).
  • Provide the script you are using in TXT format.
  • Specify all the parameter values you use to execute the script.
by (301k points)
0

trigger can be anything (if I add scope bind to the same group manually, rule gets triggered)

script + parameters:

$ruleADSPath = '<ADSPathOfTheAdaxesRule>'
$baseObjectDN = '<DNofTheADObject>'
$type = 'ADM_SCOPEBASEOBJECTTYPE_GROUP'
$exclude = $false
$inheritance = 'ADS_SCOPE_BASE'

$null = [Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# connect to the Adaxes service
$adaxesService = "localhost"
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly($adaxesService)

# get base object
$baseObj = $admService.OpenObject("Adaxes://$baseObjectDN", $null, $null, 0)

# get business rule
$rule = $admService.OpenObject($ruleADSPath, $null, $null, 0)

# add new scope to the business rule
$scopeItem = $rule.ActivityScopeItems.Create()
$scopeItem.BaseObject = $baseObj
$scopeItem.Type = $type
$scopeItem.Inheritance = $inheritance
$scopeItem.Exclude = $exclude
$scopeItem.SetInfo()
$rule.ActivityScopeItems.Add($scopeItem)
$rule.SetInfo()

I am guessing that problem is in the "save" action, but I've tried setOption() too without any luck.

by (1.0k points)

1 Answer

0 votes
by (301k points)
selected by
Best answer

Hello,

Thank you for the provided details. The issue occurs because the $type variable is set incorrectly. As it is specified in the example you referenced, the variable must be set to ADM_SCOPEBASEOBJECTTYPE_CONTAINER. Changing the variable value will remedy the issue.

0

You are right. Usage of ADM_SCOPEBASEOBJECTTYPE_CONTAINER indeed solved the problem.

Can you clarify why? Or maybe when should I use ADM_SCOPEBASEOBJECTTYPE_GROUP type?

From official documentation it is not very clear (at least for me)

by (1.0k points)
+1

Hello,

Or maybe when should I use ADM_SCOPEBASEOBJECTTYPE_GROUP type?

Whenever you need to add an item as this object only, the ADM_SCOPEBASEOBJECTTYPE_CONTAINER type should be used. The ADM_SCOPEBASEOBJECTTYPE_GROUP one should only be used when it is about group members.

From official documentation it is not very clear (at least for me)

Thank you for pointing this out. We will consider updating the documentation accordingly.

by (301k points)
0

aka

if ADS_SCOPE_ONELEVEL or ADS_SCOPE_SUBTREE use ADM_SCOPEBASEOBJECTTYPE_GROUP

if ADS_SCOPE_BASE use ADM_SCOPEBASEOBJECTTYPE_CONTAINER

is that correct?

by (1.0k points)

Related questions

0 votes
1 answer
$Context.Cancel not ending business rule execution

I have a 'Before user account creation' business rule that starts as follows: If script 'Validate user exists' returns true then Do Nothing // rest of ... experiencing a bug where $Context.Cancel is not properly terminating the business rule. Thanks.

asked Dec 17, 2024 by lw.fa (150 points)
0 votes
1 answer
Business Rule and Custom Command - After adding members to group - Member not correct

Hi team, I have a follow up to this question https://www.adaxes.com/questions/14234/business-after-adding-members-powershell-script-executed Let me explain my setup A rule- ... area% failed due to the following exception: $($_.Exception.Message)", "Error") }

asked Feb 13, 2024 by wintec01 (1.8k points)
0 votes
1 answer
Business Rule not moving user to required OU

Hi, I have a business rule setup to perform actions after user creation. First action is to run a powershell script which works and it sets a required AD attribute ( ... new user sits in the original OU and does not move Am i missing something here?

asked Feb 6, 2024 by Lewis (40 points)
0 votes
1 answer
Business Rule - After adding members to group - Powershell script to user not executed

Hi team, I need to update users extensionAttribute6 after adding or removing them from a specific group. This is my setup: Group is updated based on rule set within Adaxes ... would like to update users after they were added or removed from this group. Thanks!

asked Sep 25, 2023 by wintec01 (1.8k points)
0 votes
1 answer
Business Rule - 'After user updated' not triggered when the user is added to a group.

I need a way of triggering a business rule based on the user (and not the group) being added or removed from a group. The reason I would like this triggered on the user is so ... prefer not to do that. I am checking to see if there is another way to do this.

asked May 16, 2023 by mark.it.admin (2.3k points)
3,682 questions
3,368 answers
8,516 comments
549,443 users