0 votes

Hello,

is there a way when creating a new user and selecting their manager to only display ad objects w ith a certain property?

We are looking at using EmployeeType for Contractors and Staff. A contractor cannot be a users manager (this needs to be stafff only)

Would we need to therefore put employees and contractors into different OU's and only make the staff OU available when selecting managers?

by (650 points)

1 Answer

0 votes
by (215k points)

Hello Chris,

If you prefer using the Employee Type property, we suggest the following solution: you need to create a Business Rule that will trigger before creating a user and check the user's Manager property. If this property is not empty, the Business Rule will then check the manager's employeeType property. If this property equals Contractors, then the Business Rule will cancel the user creation operation. All checking operations will be performed by a PowerShell script.

To create such a Business Rule, follow these steps:

  1. Create a new Business Rule.

  2. On the 2nd step of the Business Rule creation wizard, select User and Launch this Rule before Creating a User.

  3. On the 3rd step of the wizard, add the Cancel this operation action and click OK.

  4. Click Always.

  5. Add the If PowerShell script returns true condition.

  6. Paste the following script:

     # The condition is met if $Context.ConditionIsMet is set to $True.
     $Context.ConditionIsMet = $False;
     if ($Context.IsPropertyModified("manager"))
     {
         $manager = $Context.BindToObjectByDN("%manager%")
         try
         {
             $managerType = $manager.Get("employeeType")
         }
         catch
         {
             return
         }
    
         if ($managerType -eq "Contractor")
         {
             $Context.ConditionIsMet = $True
         }
     }
  7. Finish creation of the Business Rule following instructions of the wizard.

If you would rather prefer placing contractors in a separate OU, you will need another script. We can write it, if you want.

0

Ok, that is a good step for validation after the user request has been submitted from the web interface. Is there anything we can do to filter the list of objects on the web interface when the manager for a user is chosen?

I supose we could also just hide this field and populate the manager from a business rule linked to the users department.

0

Ok, that is a good step for validation after the user request has been submitted from the web interface. Is there anything we can do to filter the list of objects on the web interface when the manager for a user is chosen?

No, unfortunately, this is currently impossible, but this feature is in our TODO list.

I supose we could also just hide this field and populate the manager from a business rule linked to the users department.

This one is very easy to do:

  1. Create a new Business Rule.
  2. On the 2nd step of the Business Rule creation wizard, select User and Launch this Rule after Creating a User.
  3. On the 3rd step of the wizard, add the Update User action and click Add.
  4. In the dialog box that appears, select Manager in the Property to modify field.
  5. Click the Edit button in the New value field.
  6. Select the user whom you want to be the manager for the first department and click OK 3 times.
  7. Click Add Condition.
  8. Select the If <property> <relation> <value> condition and select If Department equals [Department name], where [Department name] is the name of the department, for which you are setting this particular manager.
  9. Click OK and finish creation of the Business Rule.
  10. Repeat these steps for as many departments as you have. Actually, you may even copy and paste the whole set of actions and conditions and then just change the department names and the managers.

Related questions

0 votes
0 answers

My request is that I want to do restrictions views on Active Directory groups. There are groups managed by users and i want thoses users to only see their own groups they managed in the ... it's possible or if it is, I would like to know how to do this, thanks

asked Jun 22, 2016 by antoine.renard1 (250 points)
0 votes
1 answer

Our Help Desk currently 'mirrors' the group membership of a new user based on another existing user in our AD. I'd like to be able to automate this so that the initiator ... and 'paste' it on the new user being created. Any help on this would be appreciated!

asked Apr 21 by RayBilyk (480 points)
0 votes
1 answer

Hello again, I am setting up the Web Console so our support people can add users to groups. Currently when they go in they can select a user from all the users they can ... into the web portal. Is there a way to pull value references from the selected object?

asked Mar 25, 2016 by drew.tittle (4.5k points)
0 votes
1 answer

Hi there How do I add more "objects" in "Selected objects" when I choose another "user" it shows only that one in "Selected objects" For instance as I would like to change the expiry date Thanks Wally

asked Sep 25, 2014 by Wally (1.5k points)
0 votes
1 answer

Working within a DoD environment all interactive user accounts are required to have an @mil suffix. Within the application though I am unable to make the required change to anything ... environment? The employee types consist of CTR, SVR, WKS, ADMIN, and APP.

asked May 13, 2019 by jason.d.jones (510 points)
2,245 questions
2,007 answers
5,494 comments
19,930 users