Best approach to see how long someone has been in a group?

Question

I would like to possibly add a timestamp to a user custom attribute when added to a specific group. The reason for this is because I'd like to display the value of days spent in the group in a report column.

Trying to think of ways to accomplish this via conditions and actions and haven't found the right combo.

Let me know if I am missing something or if it must be done by script or if there is another way I am not thinking of.

Thanks!

Answer 1

Hello,

The only option is using a business rule triggering After adding a member to a group and the below PowerShell script. There is no possibility to use built-in actions as the target object is the group itself while you need to update the member. In the script, $dateProperty specifies the schema name of the custom attribute to save the current date to.

$dateProperty = "adm-CustomAttributeDate1" # TODO: modify me

# Bind to new member
$member = $Context.BindToObject("Adaxes://%member%")

# Update new member
$member.Put($dateProperty, "%datetime%")
$member.SetInfo()

Comments

Thank you, that will work. Can I use the same script to clear that custom attribute after being removed from the group? Would I set the variable to $null?

---

Hello,

Can I use the same script to clear that custom attribute after being removed from the group?

Yes, it will work just fine.

Would I set the variable to $null?

No, you will need to replace "%datetime%" with $Null.

---

Perfect and thank you

---

I can also handle this with an update user action to clear the field, but I would like to know how to modify the script to be relevant to the user removed as well.

I believe this statement would need to be revised as well because the user is no longer a member, is that correct?

# Bind to new member
$member = $Context.BindToObject("Adaxes://%member%")

In the event that the user is being removed what would this be? Or would this work before the user is removed from the group?

I'd also like to remove the user from another group

---

Hello,

I can also handle this with an update user action to clear the field, but I would like to know how to modify the script to be relevant to the user removed as well.

As it was mentioned above, you can use the very same script with "%datetime%" replaced by $Null.

I believe this statement would need to be revised as well because the user is no longer a member, is that correct?

That is not correct. This code will work just fine.

I'd also like to remove the user from another group

You can use the below script. In the script, the $targetGroupDN variable specifies the distinguished name (DN) of the group to remove the member from. For details on how to get an object DN, see https://adaxes.com/sdk/HowDoI.GetDnOfObject.

$targetGroupDN = "CN=My Group,OU=Groups,DC=example,DC=com" # TODO: modify me

$group = $Context.BindToObjectByDN($targetGroupDN)

if ($group.IsMember("Adaxes://%member%"))
{
    $group.Remove("Adaxes://%member%")
}

---

OK confirmed all works as expected.

My issue was I quote encapsulated the null "$Null" instead of just $Null

That gets me more than I like.

Thanks again.