0 votes

When creating a new computer record you have the opportunity to choose a user/group whom can add the physical computer.

Looking in the Adaxes log I note that this is added by specifying the SID value of the selected entry. However when checking the computer record itself I see no corresponding attribute that holds this value.

Is there any way of automatically inserting the SID using a Business Rule/Property Pattern so that a pre-defined group is always set without having to select it every-time? I also tried looking for a Powershell command that did so but couldn't find one?

Thanks

by (1.6k points)
0

I second this. Would love to be able to auto fill this field with the initiator or a group.

1 Answer

0 votes
by (215k points)

Hello,

Currently there is no built-in functionality for that, but you can accomplish your task with a PowerShell script. To do this, you need to create a Business Rule that will be launched after creating a computer account and that will set the group who can join a computer to a domain with the help of a Run a program or PowerShell script action and a script. To create such a Business Rule:

  1. Create a new Business Rule.

  2. On the 2nd step of the Create Business Rule wizard, select Computer and After Creating a Computer.

  3. On the 3rd step, add the Run a program or PowerShell script action and paste the following script in the Script field:

     $groupName = "My Group" # TODO: modify me
    
     Import-Module Adaxes
     $group = Get-AdmGroup $groupName -Server $Context.GetObjectDomain("%distinguishedName%")
     if ($group -eq $NULL)
     {
         $Context.LogMessage("Group $groupName was not found!", "Error")
         return
     }
     $Context.TargetObject.Put("adm-UserOrGroupThatCanJoinComputerToDomain", $group.SID.ToString())
     $Context.TargetObject.SetInfo()
    
  4. In the script, $groupName specifies the name of the group, members of which will be able to join the computer to a domain. Specify the name of the necessary group.

  5. Enter a short description for the script and click OK.

  6. Finish creation of the Business Rule.

That should do the job for now. Starting from our next version (Adaxes 2013.1) we'll add the functionality to set the user or group who can join a computer to a domain with a Business Rule action, and you won't need the script to do this.

Related questions

0 votes
1 answer

They can navigate to both the user or the group within the ADAXES web interface without issue. They can then either Add to Group or Add Member but the resulting ... something to the web interface which prevents changing the lookup domain. Any ideas? Thanks!

asked Apr 9, 2020 by VTPatsFan (610 points)
0 votes
1 answer

Hello, I would like to create a custom command "Add domain user to local admin group". The powershell command to execute this is quite easy. Where I'm struggling is another ... exist. Is it possible to create such a task without a custom form? Many thanks.

asked Aug 29, 2017 by HorstR (460 points)
0 votes
1 answer

I'm getting "Access Denied" from domain accounts that have been granted the permission to join a specific computer account to the domain. It seems to work ok in our testing lab, ... being set either. Not sure this is supposed to be visible or not.... Thanks

asked May 14, 2012 by BradG (950 points)
0 votes
1 answer

I would like to know if it is possible to create a field in the web UI under user management to "assign" a machine to a user. I would like to be able to put the ... be moved to "workstation OU. Is there s custome field that can be used to accomplish this?

asked Oct 22, 2020 by copatterson (70 points)
0 votes
0 answers

Hello, I'm using this script as part of a deprovisioning process https://www.adaxes.com/script-repository/disable-all-computers-managed-by-a-user-s29.htm I'm using ... The script executes with no errors, but the computer managed by the user remains enabled.

asked Jun 5, 2020 by bavery (250 points)
2,740 questions
2,474 answers
6,475 comments
1,373,507 users