0 votes

I need a way of triggering a business rule based on the user (and not the group) being added or removed from a group. The reason I would like this triggered on the user is so the business rule can be tied to a specific OU that the users are in. These users need a force sync to a domain controller that is on the other side of the globe and will take several hours to replicate if I don't force it. I can setup the business rule to trigger on all groups in the domain and then check the OU of the member but that would then have to trigger on all group adds. I think this could be a performance issue so I would prefer not to do that. I am checking to see if there is another way to do this.

by (2.3k points)

1 Answer

0 votes
by (270k points)
selected by
Best answer

Hello Mark,

Unfortunately, there is no possibility to use a business rule triggering After updating a user in this case. The thing is that when a member is added to a group, it is the group being updated, not the member. The behaviour is by design and comes from AD itself, not Adaxes. To achieve the desired, you can use a business rule triggering After adding a member to a group. The rule will look like the following: image.png In the script condition, use the below script. In the script, the $ouDN variable specifies the distinguished name (DN) of the OU where users requiring synchronization force are located. For details on how to get an object DN, see https://www.adaxes.com/sdk/HowDoI.GetDnOfObject.

$ouDN = "OU=Users,DC=company,DC=com" # TODO: modify me

# Get member DN
$member = $Context.BindToObject("Adaxes://%member%")
$memberDN = $member.Get("distinguishedName")
$memberDNobject = New-Object "Softerra.Adaxes.Ldap.DN" $memberDN

# Check user location
$ouDNobject = New-Object "Softerra.Adaxes.Ldap.DN" $ouDN
$Context.ConditionIsMet = $memberDNobject.IsDescendantOf($ouDNobject)
0

thank you for the detailed answer!

Related questions

0 votes
1 answer

I am trying to trigger processing outside of Active Directory when an account is created based on the source user account that was used. Does Adaxes store the source account anywhere?

asked Oct 9, 2023 by jnordell (20 points)
0 votes
1 answer

I have created a Business Rule (call it BR1) that occurs After adding or removing a member from a group . For testing purposes, it currently runs a PowerShell script ... the Business Rule I created. Is this expected behavior? Or am I doing something wrong?

asked Apr 12, 2023 by alex.vanderwoude (60 points)
0 votes
1 answer

Is there a way to have the Create User trigger to run a command to trigger the update user flag/trigger to be hit? The goal is to have specific Create User tasks to also go through the same tasks as the Update user.

asked Mar 2, 2023 by mobosys (290 points)
0 votes
1 answer

Hi team, I need to update users extensionAttribute6 after adding or removing them from a specific group. This is my setup: Group is updated based on rule set within Adaxes ... would like to update users after they were added or removed from this group. Thanks!

asked Sep 25, 2023 by wintec01 (1.1k points)
0 votes
1 answer

I have a Rule-Based group with users. Every time a users gets added or removed from this group I want to trigger a Business Rule for "Atter adding or removing a member ... Rules be triggered by a Rule-Based group adding or removing a user? Morten A. Steien

asked Mar 27, 2023 by Morten A. Steien (300 points)
3,326 questions
3,026 answers
7,727 comments
544,681 users