0 votes

Hello,

is there a way to automatically create a user after creating a user in a different domain?
Let me explain:

We have a Management Domain we own and a new user is joining our company with the following pattern:

DomainA\adm-abc

After this user is sucessfully created, this triggers a user creation process in a Customer AD with a defined pattern:

DomainB\cuadm-abc

So in short: DomainA User is created manually -> DomainB User will be created automatically

We got a adaxes service account in both domains.

Thanks in advance!

by (100 points)

1 Answer

0 votes
by (220k points)
selected by
Best answer

Hello,

This can be done using a Business Rule triggered After Creating a User and a PowerShell script. For details, have a look at the following tutorial: https://www.adaxes.com/tutorials_Automa ... ngUser.htm. If you have issues writing the script, please, provide us with all the possible details about creating the second account and we will help you.

0

Thanks for the help but i got another issue.

I'd like to check if the created mgmt user already exists in the customer domain.

When i try the following for example, i'm getting just a empty response:

Get-AdmUser -Filter * -AdaxesService localhost -Server $domain

When i use the AdmGroup cmdlet i get a full list of all groups as expected.

Get-AdmGroup -Filter * -AdaxesService localhost -Server $domain

I didn't thought there is a difference in this cmdlet execution, but as it seems it does?

0

Hello,

Both scripts should work just fine. Do you get any error messages when executing the Get-AdmUser cmdlet? If so, please, post here or send us (support[at]adaxes.com) a screenshot.

0

No nothing, that is exactly whats's so confusing.

$domain is the defined customer domain. The cmdlets are executed inside a adaxes admin powershell on the adaxes server in the mgmt domain. In the mgmt domain the cmdlets works fine.

When i try to find one specific user, in mgmt it works but inside the customer domain the object cannot be found (user exists of course)

Pictures attached.

0

Hello,

Could you, please, make sure that the customer domain is registered in Adaxes? For details on how to register domains, see https://www.adaxes.com/help/?HowDoI.Man ... omain.html.

0

The customer domain is registered. As a test i tried to create a new user with

New-AdmUser "user" -AdaxesService localhost -Server $domain

Works without any issues.

0

Hello,

Thank you for checking.

When you run cmdlets without explicitly specifying credentials in Adaxes PowerShell module for Active Directory, the credentials of the currently logged on account will be used. According to your screenshots, the Get-AdmUser cmdlet works fine but does not find any users. Most probably, this happens because the account whose credentials were used to sign in does not have the permissions to see user accounts in the customer domain. By credentials here we mean those granted by Adaxes Security Roles, not native Active Directory permissions. For information on how to check the Security Roles assigned to a user, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.Man ... forms.html.

To avoid such issues, you can sign in to the computer using the credentials of the Adaxes service account (specified during Adaxes installation).

0

I still cannot get this working.

I found out that i also cannot view users of any managed customer domain inside the Adaxes Administration Console.
I can see groups, computers and anything else, except users.
Could that be another hint for you?

Every Domain has it's own Adaxes Service Account with Dom-Admin rights.
I tried several security role configurations such as dom users, authenticated users for all domains but without success....

0

Hello,

Try to logon to your Adaxes service in the Administration Console using the credentials of the Adaxes service account. It should be exactly that one specified during Adaxes installation and used to run Softerra Adaxes Service. For information on how to change service logon credentials, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.Man ... count.html.

To check the username of the Adaxes service account:

  • On the computer where Adaxes service is installed, open Windows Start menu.
  • Type Services and press Enter.
  • In the Services panel, right-click Softerra Adaxes Service and then click Properties in the context menu.
  • Activate the Log On tab.
  • The username of the Adaxes service account will be displayed below.

If you still cannot see user accounts when logged on to the service with the credentials of the Adaxes service account, check whether the user accounts are added to the unmanaged accounts list. For details, see https://www.adaxes.com/help/?HowDoI.Man ... ounts.html.

Related questions

0 votes
1 answer

Hello, I am trying to find out if it would be possible to create a tool/ process on Adaxes that will allow me to create a new AD user and set a time limit on the ... or guides on how i might create a new users or set deletion / disable times? Thanks Rhys

asked Nov 9, 2021 by R_C (70 points)
0 votes
1 answer

Hello I am trying to set up a script to copy the 'Members Of' from specific accounts to a new user account after creating the user. Something very similar to this: https:/ ... to the ever changing nature of the business. Is someone able to help me with this?

asked May 28, 2020 by adantona (40 points)
0 votes
1 answer

Hello, I have Adaxes installed in one forest (domain.com) and we have a 1 way forest trust with another forest (ca.domain.com). I have made the Adaxes service account in ... .com I get the same error. Could someone help me understand what I'm doing wrong?

asked Jun 6, 2016 by drew.tittle (810 points)
0 votes
1 answer

Currently, when I disable a user account in Adaxes, the group memberships of the user remain intact. I'd like to automate the removal of group memberships such as distribution ... a list of groups/DL that the user was previously in and removed from. Thanks!

asked Nov 3, 2021 by jayden.ang (20 points)
0 votes
0 answers

When attempting to assign licenses during the "after creating a user" rule we're reciving the following error. Failed to create a remote mailbox for the user. The address ' ... mail attribute to the proper format that isn't the onmicrosoft.com domain as well.

asked Sep 2, 2021 by zorps (20 points)
2,740 questions
2,474 answers
6,475 comments
1,373,548 users