0 votes

I was wanting to ask if this tools allows User creation in a Custom Way?

I originally made a .net utility to make AD Accounts for us and ran across addaxes and it seems to do everything my utility did plus more. The was my utility worked is the User was prompted for an Employee ID Number which would then do a sql query on our employee database and grab all the info for them then it would prompt create the account in the appropriate OU with the appropriate AD Groups and it would then prompt it they needed an exchange mail box and would create them in the correct mailbox database. Does Adaxes provide a way to have this functionality in a form type window using powershell for the sql query? this way all that has to be entered on the user creation form is the Employee ID which will then prefill the rest of the form?

I looked at this Script here:
http://www.adaxes.com/script-repository ... e-s249.htm

But this seems to be a scheduled task that imports all users. We only create accounts for AD Accounts for certain Employees not everyone gets an AD Account.
So is it possible to have something like this tied into the User Creation where the employee to be created is queried by employee ID?

by (50 points)

1 Answer

0 votes
by (270k points)
selected by
Best answer

Hello,

Yes, it is possible. To achieve what you need, modify Create User Home Page Action and create a Business Rule that will execute a PowerShell script to update user information from your database.

  • Modify Create User Home Page action

    1. Launch Adaxes Web Interface Customization Tool.
    2. Select the required Web Interface type and activate the General tab.
    3. Click Customize Home Page Actions.
    4. Double-click Create User action.
    5. Activate the Form Customization tab, select Use customized form and click Customize Form.
    6. Use Delete button to remove all the sections except for General one.
    7. Remove all the fields from the General section.
    8. Below the Section fields area click Add, select Employee ID property and click OK.
    9. Click Add again and select Show all properties.
    10. Select CustomAttributeBoolean1 property and click OK.

      CustomAttributeBoolean1 is a virtual property that is not stored in Active Directory, but can be used as any other property of directory objects. It can be shown as a checkbox on the Web Interface and will be used to specify whether to create/not create a mailbox for the user.
    11. Select Check box and click OK twice.
    12. Click Add in the Predefined Fields section.
      You will need to predefine Full Name and User Logon Name (pre-Windows 2000) fields, as users cannot be created if these properties are empty. You can use %adm-RandomString% to generate predefined values. The value reference returns a random text of 256 characters. If you specify the value reference %adm-RandomString,7%, it will be replaced with a random text of 7 characters in length.
    13. Select Full Name, enter %adm-RandomString,7% into the Default Value field and click OK.
    14. Repeat steps 12 and 13 for User Logon Name (pre-Windows 2000) property.
      The list of Predefined Fields should look as follows:
    15. Click OK twice.
  • Create a Business Rule
    To create the Business Rule, check the following tutorial: http://www.adaxes.com/tutorials_Automat ... ngUser.htm. You can build a script based on the one you referenced from our repository. If you want, we can make a sample script for you.

0

Could you make a sample for me? is it also possible to have it Provision the Account instead of Create it? This was we could go and enter the employee ID Number and hit the accept button which would run the query and grab the info of the employee from our sql database and provision the account in addaxes witch would allow us to approve the account creation or not?

0

Hello,

Could you specify, what should happen if the script finds an existing user in Active Directory with an Employee ID equal to the one entered during user creation? Should the user be updated with the information from your database or there should be an error message?

Yes, you can have the operation sent for approval prior to the user creation. The Business Rule with the script will trigger only after user creation is approved. For information on how to do so, check the following tutorial: http://www.adaxes.com/tutorials_Automat ... letion.htm. In step 3 you will need to select Before Creating a User:

0

It should update their Information

0

Here is an example of my utility I wrote awhile back. Trying to see if Adaxes can accomplish the same thing but more powerful as addaxes allows fine tuned control and automation

(Example Utility)

0

OK so I managed to write a script that works and does what I need See Below:

But the issue is that now my Script goes out and gets all the info and sets the account for approval but I cant seem to set the Full name or the user logon name (pre-Windows 2000) with the script it seems to use the values defined by the predefined fields I need the power shell script to set that info.

I made a Business role that runs this script first to get the info then it submits it for approval. How do I get the script to set those 2 properties?

Import-Module Adaxes

function Invoke-Sqlcmd2 
{ 
    [CmdletBinding(
        DefaultParameterSetName='Query'
    )] 
    param( 
        [Parameter( Position=0, Mandatory=$true)]
        [string]$ServerInstance, 

        [Parameter( Position=1, Mandatory=$false)]
        [string]$Database, 

        [Parameter( Position=2,
                    Mandatory=$true,
                    ParameterSetName="Query",
                    ValueFromPipeline = $true)]
        [string]$Query, 

        [Parameter( Position=2, 
                    Mandatory=$true,
                    ParameterSetName="File")]
        [ValidateScript({test-path $_})]
        [string]$InputFile, 

        [Parameter(Position=3, Mandatory=$false)]
        [string]$Username, 

        [Parameter(Position=4, Mandatory=$false)]
        [string]$Password, 

        [Parameter(Position=5, Mandatory=$false)]
        [Int32]$QueryTimeout=600, 

        [Parameter(Position=6, Mandatory=$false)]
        [Int32]$ConnectionTimeout=15, 

        [Parameter(Position=7, Mandatory=$false)]
        [ValidateSet("DataSet", "DataTable", "DataRow","SingleValue")]
        [string]$As="DataRow",

        [Parameter(Position=8, Mandatory=$false)]
        [System.Collections.IDictionary]$SqlParameters,

        [switch]$DBNullToNull
    ) 

    if ($InputFile) 
    { 
        $filePath = $(Resolve-Path $InputFile).path 
        $Query =  [System.IO.File]::ReadAllText("$filePath") 
    } 

    $conn = New-Object System.Data.SqlClient.SQLConnection 

    if ($Username) 
    { $ConnectionString = "Server={0};Database={1};User ID={2};Password={3};Trusted_Connection=False;Connect Timeout={4}" -f $ServerInstance,$Database,$Username,$Password,$ConnectionTimeout } 
    else 
    { $ConnectionString = "Server={0};Database={1};Integrated Security=True;Connect Timeout={2}" -f $ServerInstance,$Database,$ConnectionTimeout } 

    $conn.ConnectionString = $ConnectionString 

    #Following EventHandler is used for PRINT and RAISERROR T-SQL statements. Executed when -Verbose parameter specified by caller 
    if ($PSBoundParameters.Verbose) 
    { 
        $conn.FireInfoMessageEventOnUserErrors=$true 
        $handler = [System.Data.SqlClient.SqlInfoMessageEventHandler] { Write-Verbose "$($_)" } 
        $conn.add_InfoMessage($handler) 
    } 

    $conn.Open() 

    $cmd = New-Object system.Data.SqlClient.SqlCommand($Query,$conn) 
    $cmd.CommandTimeout=$QueryTimeout

    if ($SqlParameters -ne $null)
    {
        $SqlParameters.GetEnumerator() |
            ForEach-Object {
                If ($_.Value -ne $null)
                { $cmd.Parameters.AddWithValue($_.Key, $_.Value) }
                Else
                { $cmd.Parameters.AddWithValue($_.Key, [DBNull]::Value) }
            } > $null
    }

    $ds = New-Object system.Data.DataSet 
    $da = New-Object system.Data.SqlClient.SqlDataAdapter($cmd) 

    [void]$da.fill($ds) 
    $conn.Close() 

    #This code scrubs DBNulls
    $cSharp = @'
        using System;
        using System.Data;
        using System.Management.Automation;

        public class DBNullScrubber
        {
            public static PSObject DataRowToPSObject(DataRow row)
            {
                PSObject psObject = new PSObject();

                if (row != null && (row.RowState & DataRowState.Detached) != DataRowState.Detached)
                {
                    foreach (DataColumn column in row.Table.Columns)
                    {
                        Object value = null;
                        if (!row.IsNull(column))
                        {
                            value = row[column];
                        }

                        psObject.Properties.Add(new PSNoteProperty(column.ColumnName, value));
                    }
                }

                return psObject;
            }
        }
'@

    switch ($As) 
    { 
        'DataSet' 
        {
            $ds
        } 
        'DataTable'
        {
            $ds.Tables
        } 
        'DataRow'
        {
            if(-not $DBNullToNull)
            {
                $ds.Tables[0]
            }
            else
            {
                #Scrub DBNulls if specified.
                #Provides convenient results you can use comparisons with
                #Introduces overhead (e.g. ~2000 rows w/ ~80 columns went from .15 Seconds to .65 Seconds - depending on your data could be much more!)
                Add-Type -TypeDefinition $cSharp -ReferencedAssemblies 'System.Data','System.Xml'

                foreach ($row in $ds.Tables[0].Rows)
                {
                    [DBNullScrubber]::DataRowToPSObject($row)
                }
            }
        }
        'SingleValue'
        {
            $ds.Tables[0] | Select-Object -Expand $ds.Tables[0].Columns[0].ColumnName
        }
    } 

}

#Get Employee Data
$Global:empData = Invoke-Sqlcmd2 -ServerInstance "localhost" -Database "ERS" -Query "select * FROM tAssociateExport Where associateID=%employeeid%"

#Create Password
$Global:pass = $empdata["AssociateID"]+$empdata["FirstName"].substring(0,1).toupper()+$empdata["LastName"].substring(0,4).tolower()+"!"
$Global:securePass = convertto-securestring -asplaintext -force -string $pass

$Global:deptName = $empdata["DepartmentDescription"]
$Global:DivName = $empdata["DivisionDescription"]
$Global:title = $empdata["JobCodeDescription"]
$Global:lastName = (Get-Culture).TextInfo.ToTitleCase($empdata["LastName"].tostring().tolower())
$Global:firstName = (Get-Culture).TextInfo.ToTitleCase($empdata["FirstName"].tostring().tolower())
$Global:Parkabr = $empdata["SiteCode"]
$Global:description = "$ParkAbr - $division - $deptName - $title"

#Deal with a first name containing a space
if ($empdata["FirstName"] -like "* *") 
{
    $FirstName = $empData["FirstName"].split(" ")
    $FirstName = $FirstName[0]+$FirstName[1]
} 
else {
    $FirstName = $empdata["FirstName"]
}

# Set the users login name. First.Last format

if ($empData["LastName"] -like "* *") 
    {
    $LastName = $empData["LastName"].split(" ")
    $Lastname = $Lastname[0]+$Lastname[1]
    } 
else {
    $LastName = $empdata["LastName"]
}

$Global:sam = $FirstName.tolower()+ "." +$LastName.tolower()

#Set the Propertyies of Adaxes
$Context.SetModifiedPropertyValue("firstname", $FirstName)
$Context.SetModifiedPropertyValue("lastname", $LastName)
$Context.SetModifiedPropertyValue("samaccountname", $sam)
$Context.SetModifiedPropertyValue("givenName", $FirstName)
$Context.SetModifiedPropertyValue("sn", $lastName)
$Context.SetModifiedPropertyValue("displayName", $FirstName+","+$lastName)
$Context.SetModifiedPropertyValue("description", $description)
$Context.SetModifiedPropertyValue("department", $deptName)
$Context.SetModifiedPropertyValue("company", $DivName)
$Context.SetModifiedPropertyValue("Title", $title)
$Context.SetModifiedPropertyValue("fullname", $FirstName+" "+$lastName)

Related questions

0 votes
1 answer

We have a business need for automating and controlling the creation of service accounts in our AD. For example, we want all new service accounts to start with "svc_" for ... customize the "New User" form to create a "New Service Account" workflow in Adaxes?

asked Sep 10, 2021 by joshua.lapchuk (60 points)
0 votes
1 answer

As part of our HR onboarding process, they need to specify non-AD integrated software requirements. Is there a way to have a customised field on the form that when ticked or ... say the name of the software and have it linked to a particular field in AD.

asked Apr 15, 2020 by russmerriman (40 points)
0 votes
1 answer

Hi, I am currently working on an interface that allows our HR tool to create users in Adaxes. I got the whole thing to work up to that point where I want user creation to be ... it obviously won't find the user as it has not yet been created at that point...

asked Dec 10, 2018 by Yannik (100 points)
0 votes
1 answer

This is a long shot but is there a way to script out the creation of Custom Commands? Right now when we create a new office (which is almost 2 times a months) we speend a ... is the 1st 3 letters so if the office is in Miami it MIA-Mangers and so on.

asked Jan 14, 2020 by hgletifer (1.3k points)
0 votes
1 answer

Are we are to create a custom report that queries AD for a specific attribute?

asked Dec 19, 2016 by willy-wally (3.2k points)
3,326 questions
3,026 answers
7,727 comments
544,678 users