Catch-All Business Rule

Question

Hello,

We currently use a lot of business rules that act as job templates. When a matching job title is found after a user creation, it runs the business rule to configure the user for that particular role. The issue is, we don't have a template built out for every single title.

My question is, can I create a catch-all rule that could run if no other business rule is applied so the user is at least assigned a basic access template?

Thanks

Answer 1

Hello,

No, there is not such possibility. As a solution, you can have only one Business Rule that will run a PowerShell script to configure the user based on their job title.

Comments

Yep that would be the plan.

Use the country and job title to determine group memberships.

I've added all the group memberships in the CSV as well as seen in the screenshot above.

---

Hello,

Thank you for clarifying. You will need to use a Business Rule triggering After Creating a User and the below script.

$csvFilePath = "\\Server\share\file.csv" # TODO: modify me
$countryColumnName = "Country" # TODO: modify me
$jobTitleColumnName = "Title" # TODO: modify me
$groupIdentityColumnName = "Group" # TODO: modify me

function SearchObjects($filter)
{
    $domainName = $Context.GetObjectDomain("%distinguishedName%")
    $searcher = $Context.BindToObject("Adaxes://$domainName/rootDSE")
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"

    try
    {
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()

        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

# Get user country
try
{
    $country = $Context.TargetObject.Get("c")
}
catch
{
    $Context.LogMessage("Country not specified", "Warning")
    return
}

# Get user Job title
try
{
    $title = $Context.TargetObject.Get("title")
}
catch
{
    $Context.LogMessage("Job Title not specified", "Warning")
    return
}

# Get group identity
$records = Import-Csv -Path $csvFilePath | Where{($_.$countryColumnName -eq $country) -and ($_.$jobTitleColumnName -eq $title)}
if ($records -ne $NULL)
{
    foreach ($record in $records)
    {
        $groupIdentity = $record.$groupIdentityColumnName
        $searchResults = SearchObjects "(&(objectCategory=group)(|(name=$groupIdentity)(distinguishedName=$groupIdentity)(sAMAccountName=$groupIdentity)))"

        if ($searchResults.Length -eq 0)
        {
            $Context.LogMessage("Group '$groupIdentity' not found.", "Warning")
            continue
        }
        elseif ($searchResults.Length -gt 1)
        {
            $Context.LogMessage("Found more than one group with the following identity '$groupIdentity'", "Warning")
            continue
        }

        # Add user to the group
        $group = $Context.BindToObject($searchResults[0].AdsPath)
        $group.Add($Context.TargetObject.AdsPath)
    }
}

In the script:

• $csvFilePath – Specifies the path to the CSV file;
• $countryColumnName – Specifies the name of the CSV file column that contains values for the Country property;
• $jobTitleColumnName - Specifies the name of the CSV file column that contains values for the Job Title property;
• $groupIdentityColumnName - Specifies the name of the CSV file column that contains groups the user should be added to.

---

I really appreciate the quick replies!

Let me play around with this and I'll post my results.

Thanks!

---

@Support2

Just so i am reading this correctly, we can setup a CSV file with all the attributes we set in a Business rule and NOT have to create a seperate section in a business rule for each jobCode? We currently have a ton setup through a business rule and would love to configure it through a CSV. Can this happen for Creation and Changing jobcodes?

---

Hello,

The script we provided just adds users to corresponding groups based on Country and Job Title upon creation. You can create and modify users from CSV files. Have a look at the following script from our repository: https://www.adaxes.com/script-repositor ... e-s246.htm.