0 votes

image.png

I have business rule that is NOT applied to group license_AAD_PREMIUM_P2_internal group even it should according activity scope. Scope for this group was added through PowerShell code mentioned here https://adaxes.com/sdk/DefiningScopeOfActivity/#example-4-include-a-specific-group-object-not-members-of-the-group

What can be the cause of this?

Code looks like this image.png

PS: I encountered same behaviour for security roles (also modified by PS script)

by (860 points)
edited by
0

Hello,

For troubleshooting purposes, please, do the following:

  • Specify the triggering operation of the business rule (e.g. After updating a group).
  • Provide the script you are using in TXT format.
  • Specify all the parameter values you use to execute the script.
0

trigger can be anything (if I add scope bind to the same group manually, rule gets triggered)

script + parameters:

$ruleADSPath = '<ADSPathOfTheAdaxesRule>'
$baseObjectDN = '<DNofTheADObject>'
$type = 'ADM_SCOPEBASEOBJECTTYPE_GROUP'
$exclude = $false
$inheritance = 'ADS_SCOPE_BASE'

$null = [Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# connect to the Adaxes service
$adaxesService = "localhost"
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly($adaxesService)

# get base object
$baseObj = $admService.OpenObject("Adaxes://$baseObjectDN", $null, $null, 0)

# get business rule
$rule = $admService.OpenObject($ruleADSPath, $null, $null, 0)

# add new scope to the business rule
$scopeItem = $rule.ActivityScopeItems.Create()
$scopeItem.BaseObject = $baseObj
$scopeItem.Type = $type
$scopeItem.Inheritance = $inheritance
$scopeItem.Exclude = $exclude
$scopeItem.SetInfo()
$rule.ActivityScopeItems.Add($scopeItem)
$rule.SetInfo()

I am guessing that problem is in the "save" action, but I've tried setOption() too without any luck.

1 Answer

0 votes
by (245k points)
selected by
Best answer

Hello,

Thank you for the provided details. The issue occurs because the $type variable is set incorrectly. As it is specified in the example you referenced, the variable must be set to ADM_SCOPEBASEOBJECTTYPE_CONTAINER. Changing the variable value will remedy the issue.

0

You are right. Usage of ADM_SCOPEBASEOBJECTTYPE_CONTAINER indeed solved the problem.

Can you clarify why? Or maybe when should I use ADM_SCOPEBASEOBJECTTYPE_GROUP type?

From official documentation it is not very clear (at least for me)

+1

Hello,

Or maybe when should I use ADM_SCOPEBASEOBJECTTYPE_GROUP type?

Whenever you need to add an item as this object only, the ADM_SCOPEBASEOBJECTTYPE_CONTAINER type should be used. The ADM_SCOPEBASEOBJECTTYPE_GROUP one should only be used when it is about group members.

From official documentation it is not very clear (at least for me)

Thank you for pointing this out. We will consider updating the documentation accordingly.

0

aka

if ADS_SCOPE_ONELEVEL or ADS_SCOPE_SUBTREE use ADM_SCOPEBASEOBJECTTYPE_GROUP

if ADS_SCOPE_BASE use ADM_SCOPEBASEOBJECTTYPE_CONTAINER

is that correct?

Related questions

0 votes
1 answer

We have a business rule that will update an AD attribute when a new member is added to a group. This business rule works when we use powershell commands or the admin console ... set to trigger "After adding a member to a group". Thank you for your support!

asked 1 day ago by mark.it.admin (2.2k points)
0 votes
1 answer

Trying to run a business rule to update the user account and email address after the user got married. If the operation succeeded AND the user has an Exchange ... Modify mailbox settings for the user: modify E-Mail Addresses (add 'SMTP:%userPrincipalName%')

asked Jan 26, 2021 by Derek.Axe (460 points)
0 votes
1 answer

I've just started using Adaxes for the first time so there may be something obvious that I'm missing. I've created a business rule to create a home directory ... or does the user have to be created through the Adaxes Administration Console or Web Interface?

asked May 7, 2012 by bemho (520 points)
0 votes
1 answer

I have a Rule-Based group with users. Every time a users gets added or removed from this group I want to trigger a Business Rule for "Atter adding or removing a member ... Rules be triggered by a Rule-Based group adding or removing a user? Morten A. Steien

asked 3 days ago by Morten A. Steien (200 points)
0 votes
1 answer

Hi, I need business rule that will forbid changing group membership type to rule-based for selected groups. Additionally I need PowerShell script for adding more groups to be watched by this rule. Thanks in advance!

asked Mar 9 by KIT (860 points)
3,008 questions
2,726 answers
7,021 comments
216,454 users