0 votes

Hello,

is there a way to automatically create a user after creating a user in a different domain?
Let me explain:

We have a Management Domain we own and a new user is joining our company with the following pattern:

DomainA\adm-abc

After this user is sucessfully created, this triggers a user creation process in a Customer AD with a defined pattern:

DomainB\cuadm-abc

So in short: DomainA User is created manually -> DomainB User will be created automatically

We got a adaxes service account in both domains.

Thanks in advance!

by (100 points)

1 Answer

0 votes
by (287k points)
selected by
Best answer

Hello,

This can be done using a Business Rule triggered After Creating a User and a PowerShell script. For details, have a look at the following tutorial: https://www.adaxes.com/tutorials_Automa ... ngUser.htm. If you have issues writing the script, please, provide us with all the possible details about creating the second account and we will help you.

0

Thanks for the help but i got another issue.

I'd like to check if the created mgmt user already exists in the customer domain.

When i try the following for example, i'm getting just a empty response:

Get-AdmUser -Filter * -AdaxesService localhost -Server $domain

When i use the AdmGroup cmdlet i get a full list of all groups as expected.

Get-AdmGroup -Filter * -AdaxesService localhost -Server $domain

I didn't thought there is a difference in this cmdlet execution, but as it seems it does?

0

Hello,

Both scripts should work just fine. Do you get any error messages when executing the Get-AdmUser cmdlet? If so, please, post here or send us (support[at]adaxes.com) a screenshot.

0

No nothing, that is exactly whats's so confusing.

$domain is the defined customer domain. The cmdlets are executed inside a adaxes admin powershell on the adaxes server in the mgmt domain. In the mgmt domain the cmdlets works fine.

When i try to find one specific user, in mgmt it works but inside the customer domain the object cannot be found (user exists of course)

Pictures attached.

0

Hello,

Could you, please, make sure that the customer domain is registered in Adaxes? For details on how to register domains, see https://www.adaxes.com/help/?HowDoI.Man ... omain.html.

0

The customer domain is registered. As a test i tried to create a new user with

New-AdmUser "user" -AdaxesService localhost -Server $domain

Works without any issues.

0

Hello,

Thank you for checking.

When you run cmdlets without explicitly specifying credentials in Adaxes PowerShell module for Active Directory, the credentials of the currently logged on account will be used. According to your screenshots, the Get-AdmUser cmdlet works fine but does not find any users. Most probably, this happens because the account whose credentials were used to sign in does not have the permissions to see user accounts in the customer domain. By credentials here we mean those granted by Adaxes Security Roles, not native Active Directory permissions. For information on how to check the Security Roles assigned to a user, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.Man ... forms.html.

To avoid such issues, you can sign in to the computer using the credentials of the Adaxes service account (specified during Adaxes installation).

0

I still cannot get this working.

I found out that i also cannot view users of any managed customer domain inside the Adaxes Administration Console.
I can see groups, computers and anything else, except users.
Could that be another hint for you?

Every Domain has it's own Adaxes Service Account with Dom-Admin rights.
I tried several security role configurations such as dom users, authenticated users for all domains but without success....

0

Hello,

Try to logon to your Adaxes service in the Administration Console using the credentials of the Adaxes service account. It should be exactly that one specified during Adaxes installation and used to run Softerra Adaxes Service. For information on how to change service logon credentials, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.Man ... count.html.

To check the username of the Adaxes service account:

  • On the computer where Adaxes service is installed, open Windows Start menu.
  • Type Services and press Enter.
  • In the Services panel, right-click Softerra Adaxes Service and then click Properties in the context menu.
  • Activate the Log On tab.
  • The username of the Adaxes service account will be displayed below.

If you still cannot see user accounts when logged on to the service with the credentials of the Adaxes service account, check whether the user accounts are added to the unmanaged accounts list. For details, see https://www.adaxes.com/help/?HowDoI.Man ... ounts.html.

Related questions

0 votes
1 answer

Using this built in function: There is no option to change the domain on the user account, however this is not the domain we use for UPN. However after creating a user, you can change it but trying to avoid going back into the object.

asked Apr 14, 2023 by mightycabal (1.0k points)
0 votes
1 answer

I have a scheduled task that runs the following PowerShell script. $user = New-AdmUser -Server $domain -AdaxesService localhost -Path $workdayDn -ChangePasswordAtLogon $true -PassThru - ... ) over all objects. I'm stumped! Any help would be super appreciated.

asked Sep 5 by emeisner (100 points)
0 votes
1 answer

Hello, I am trying to find out if it would be possible to create a tool/ process on Adaxes that will allow me to create a new AD user and set a time limit on the ... or guides on how i might create a new users or set deletion / disable times? Thanks Rhys

asked Nov 9, 2021 by R_C (70 points)
0 votes
1 answer

Hello I am trying to set up a script to copy the 'Members Of' from specific accounts to a new user account after creating the user. Something very similar to this: https:/ ... to the ever changing nature of the business. Is someone able to help me with this?

asked May 28, 2020 by adantona (40 points)
0 votes
1 answer

Hi, is it possible to export automatically the exchange online mailbox of a user to a .PST file on our archive server before the user is deleted? Kind regards, Fabian

asked Oct 26, 2023 by fabian.p (380 points)
3,534 questions
3,225 answers
8,218 comments
547,691 users