How would I enforce users only being added to a group I've created from a custom command / script?

Hello,

We are currently rolling out a deployment for Windows Hello. For this, we have created a custom automation in Adaxes for users to have to reset their passwords on next login to something complex, then that new password is not required to be reset after the fact. They are then added to a group which is assigned to this password policy. Is there a good way to make sure users can only be added into this group via our script (we want to avoid people being added on accident), and for only our admins to be able to edit or see this group? Or, do you have another recommendation for getting this done?

Thank you.

by (20 points)

1 Answer

by (309k points)
0 votes

Hello,

The easiest way is to just hide the group from everyone except for the users who actually need it. The following tutorial should be helpful: https://www.adaxes.com/help/HideObjectsFromUsers. At the same time, this will work only in Adaxes. Members can still be added to the group externally, e.g. via Active Directory Users and Computers. As such, you will need to eliminate such possibilities as well.

by (20 points)
0

Thank you; if a user is blind to the group, will this prevent them from being added to the password policy / gropu itself via the automation?

by (309k points)
0

Hello,

No, it will not influence the operation. It is just that the users will not se the group in Adaxes. At the same time, users with required permissions will be able to add members to the group.

Related questions

I have created a "User Command" and added Parameters but need "end date" to only show if "Temporary" option is selected.

I have created a "Custom Command" to grant access to users to two different groups, and set them as "Hybrid" and "Temporary", with "Start and End Date", and need to ... Date" to only show if the "Temporary" option is selected. Can anyone assist? Thank you.

asked Aug 15, 2025 by cllano (30 points)
+1 vote
1 answer
How can I add users to (and remove users from) a group based on the M365 License a user has?

We would like the membership in a distribution group to be based on a particular M365 license a user has (for example, Microsoft Copilot for Microsoft 365 (SKU part number ... the group. Is there way to do that by making it a rule-based group?

asked Mar 11 by RayBilyk (310 points)
0 votes
1 answer
How can I email a newly created user's group membership?

Would it be best to use the standard Powershell to pull the user's group membership and can that be embedded in a notification email after a user is created? Or is there a variable that will do this that I seem to be missing.

asked Apr 27 by noahphex (40 points)
0 votes
1 answer
How can I use a customer defined parameter (variable) in a custom command script without selecting an "Object Type"

Occationally Service Desk staff need to clear a DNS record when a desktop has been reimaged but is keeping the same name as loses the ability to manage its original DNS ... running in ADAXES. Can I just install the applet on the ADAXES server using powershell?

asked Jan 17, 2023 by stevehalvorson (150 points)
0 votes
1 answer
How can I get this to trigger properly when a new user is created by script?

The rule runs but since the first name and last name are passed as parameters, I only get the sequential # as a userID without the initials.

asked Oct 24, 2024 by curtisa (350 points)
0 votes
1 answer