0 votes

Hello,

we offer our team leads to manage their teams:
- the manager select "My Team"
- then all member of the team are listed
- the manager selects a member of the team and the defined properties are listed (for example in which group the selected user is a member)
- after click on "Add ..." the manager can select a group ("Please select groups")
But then ALL groups are listed - not only the groups where the manager is defined as owner ("managed by") :o
How can I set such a filter which restricts the groups?

Many thanks,
Horst

by (460 points)

1 Answer

0 votes
by (270k points)
selected by
Best answer

Hello Horst,

There is no possibility to limit only the groups that can be selected to add the user to. It is only possible to filter all the groups displayed in the Member Of section. For example, if you apply an LDAP filter to show only groups managed by the currently logged on user, in the Member Of section they will be able to see only the groups they own even if the user is a member of other groups too. If this solution meets your needs, follow the instructions below to apply the filter:

  1. Launch Adaxes Web Interface Customization Tool.
  2. Select the interface type and activate the AD Management tab.
  3. Click Customize Forms and Views.
  4. Select User Object type.
  5. Activate the View tab and select the Member Of section.
  6. In the Section Fields, select Filter displayed groups.
  7. Select Show only groups that match the specified LDAP filter.
  8. Enter the following into the LDAP filter field:
    (&(objectCategory=group)(managedBy=%distinguishedName%))
  9. Click OK.
  10. To filter groups in forms for user creation and editing, repeat steps 5-9 for the Create and Modify tabs.
  11. Click OK twice.
0

Hello,

ok, than I'll use the filter in the member section.

Many thanks,
Horst

0

Hello,

the solution above works perfect for Self Service. :D
But now i'm "designing" the User View "AD Management" - "Customize Forms and Views".
I created a "member of"section which shows the groups where the user is a member.
In the next step I need a section "Owner (managed by)" which shows the groups where the user is the responsible manager but I despair with the LDAP filter:
(&(objectCategory=group)(managedBy=%distinguishedName%)) shows nothing :evil:

0

Hello Horst,

Do we understand correctly that you need to add a section to the page that displays users that will contain objects managed by the user? If that is correct, there is no possibility to filter managed objects, but you can create a section that will contain all the objects managed by the user. To do so:

  1. Launch Adaxes Web interface Customization tool.
  2. Select the interface type and activate the AD Management tab.
  3. Click Customize Forms and Views.
  4. Select User Object type.
  5. Activate the View tab and click Add below.
  6. On step 2 of the wizard, select AD object properties and click Finish.
  7. Click Add below Section fields.
  8. Select Managed Objects and click OK twice.
0

Perfect, exactly what I was looking for :D :D :D

Related questions

0 votes
1 answer

How can I create a script that does these things For internal audit. objective Even removing all groups of a disconnected user, we will still know which groups the ... in the created group (audit)-sAMAccountName-access add the (user)-sAMAccountName in members

asked Jul 2, 2022 by alancardoso (40 points)
0 votes
1 answer

Our Help Desk currently 'mirrors' the group membership of a new user based on another existing user in our AD. I'd like to be able to automate this so that the initiator ... and 'paste' it on the new user being created. Any help on this would be appreciated!

asked Apr 21, 2020 by RayBilyk (230 points)
0 votes
1 answer

Hello, Is there a way to send an email notification when a user is added to a group dynamically (with LDAP filter) , it's work only when i add the user manually Thank you

asked Jun 30, 2021 by GG (70 points)
0 votes
1 answer

My security team is looking to do a security review and would like the vendor to fill out a questionnaire.

asked Aug 25, 2023 by LarrySargent (20 points)
0 votes
1 answer

We have a business rule that will update an AD attribute when a new member is added to a group. This business rule works when we use powershell commands or the admin console ... set to trigger "After adding a member to a group". Thank you for your support!

asked Mar 29, 2023 by mark.it.admin (2.3k points)
3,326 questions
3,025 answers
7,723 comments
544,675 users