Catch-All Business Rule

Question

Hello,

We currently use a lot of business rules that act as job templates. When a matching job title is found after a user creation, it runs the business rule to configure the user for that particular role. The issue is, we don't have a template built out for every single title.

My question is, can I create a catch-all rule that could run if no other business rule is applied so the user is at least assigned a basic access template?

Thanks

Answer 1

Hello,

No, there is not such possibility. As a solution, you can have only one Business Rule that will run a PowerShell script to configure the user based on their job title.

Comments

We second this request as we have over 650 possible job titles and have not and most likely will not get a template created for each one.

---

Hello,

As it was mentioned earlier, you can use a PowerShell script for this purpose. In the script, you will need to map Job Titles to corresponding values of specific properties and also specify the desired behavior for other properties. If you provide us with all the possible details on the desired scenario, we will help you with the script.

---

Thanks for the reply.

I currently have a CSV that lists out the following in columns.

Country, Job Title, AD Group

These repeat in rows for each group added.

I've done this with every country, basically just repeating the title while adjusting the country and groups to their needs.

I assume I can still use my property patterns to apply those based off the OU selected. Filling out basic information such as office address, zip, etc.

If there is a better way to organize this CSV, let me know.

---

Hello,

I assume I can still use my property patterns to apply those based off the OU selected. Filling out basic information such as office address, zip, etc.

Yes, you sure can.

If there is a better way to organize this CSV, let me know.

You won't be able to add members to groups using Property Patterns. You will need to use a PowerShell script to avoid creating a Business Rule with a lot of sets of actions/conditions. Have a look at the following script from our repository: https://www.adaxes.com/script-repositor ... e-s510.htm.

---

I see where you're going with this, but moving all our different titles straight to a script just wouldn't be reasonable for any company with more than just a couple job titles.

This would need to pull from a CSV where the data can be better organized and managed.

In our case, it would need to look at both the country and title to figure out what groups it should add.

---

Hello,

It is possible to pull the information from the CSV file. Should the script check only country and Job title values to add users to the required group or there are other criteria?

---

Yep that would be the plan.

Use the country and job title to determine group memberships.

I've added all the group memberships in the CSV as well as seen in the screenshot above.

---

Hello,

Thank you for clarifying. You will need to use a Business Rule triggering After Creating a User and the below script.

$csvFilePath = "\\Server\share\file.csv" # TODO: modify me
$countryColumnName = "Country" # TODO: modify me
$jobTitleColumnName = "Title" # TODO: modify me
$groupIdentityColumnName = "Group" # TODO: modify me

function SearchObjects($filter)
{
    $domainName = $Context.GetObjectDomain("%distinguishedName%")
    $searcher = $Context.BindToObject("Adaxes://$domainName/rootDSE")
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"

    try
    {
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()

        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

# Get user country
try
{
    $country = $Context.TargetObject.Get("c")
}
catch
{
    $Context.LogMessage("Country not specified", "Warning")
    return
}

# Get user Job title
try
{
    $title = $Context.TargetObject.Get("title")
}
catch
{
    $Context.LogMessage("Job Title not specified", "Warning")
    return
}

# Get group identity
$records = Import-Csv -Path $csvFilePath | Where{($_.$countryColumnName -eq $country) -and ($_.$jobTitleColumnName -eq $title)}
if ($records -ne $NULL)
{
    foreach ($record in $records)
    {
        $groupIdentity = $record.$groupIdentityColumnName
        $searchResults = SearchObjects "(&(objectCategory=group)(|(name=$groupIdentity)(distinguishedName=$groupIdentity)(sAMAccountName=$groupIdentity)))"

        if ($searchResults.Length -eq 0)
        {
            $Context.LogMessage("Group '$groupIdentity' not found.", "Warning")
            continue
        }
        elseif ($searchResults.Length -gt 1)
        {
            $Context.LogMessage("Found more than one group with the following identity '$groupIdentity'", "Warning")
            continue
        }

        # Add user to the group
        $group = $Context.BindToObject($searchResults[0].AdsPath)
        $group.Add($Context.TargetObject.AdsPath)
    }
}

In the script:

• $csvFilePath – Specifies the path to the CSV file;
• $countryColumnName – Specifies the name of the CSV file column that contains values for the Country property;
• $jobTitleColumnName - Specifies the name of the CSV file column that contains values for the Job Title property;
• $groupIdentityColumnName - Specifies the name of the CSV file column that contains groups the user should be added to.

---

I really appreciate the quick replies!

Let me play around with this and I'll post my results.

Thanks!

---

@Support2

Just so i am reading this correctly, we can setup a CSV file with all the attributes we set in a Business rule and NOT have to create a seperate section in a business rule for each jobCode? We currently have a ton setup through a business rule and would love to configure it through a CSV. Can this happen for Creation and Changing jobcodes?

---

Hello,

The script we provided just adds users to corresponding groups based on Country and Job Title upon creation. You can create and modify users from CSV files. Have a look at the following script from our repository: https://www.adaxes.com/script-repositor ... e-s246.htm.