0 votes

Hello,

is there a way when creating a new user and selecting their manager to only display ad objects w ith a certain property?

We are looking at using EmployeeType for Contractors and Staff. A contractor cannot be a users manager (this needs to be stafff only)

Would we need to therefore put employees and contractors into different OU's and only make the staff OU available when selecting managers?

by (60 points)

1 Answer

0 votes
by (216k points)

Hello Chris,

If you prefer using the Employee Type property, we suggest the following solution: you need to create a Business Rule that will trigger before creating a user and check the user's Manager property. If this property is not empty, the Business Rule will then check the manager's employeeType property. If this property equals Contractors, then the Business Rule will cancel the user creation operation. All checking operations will be performed by a PowerShell script.

To create such a Business Rule, follow these steps:

  1. Create a new Business Rule.

  2. On the 2nd step of the Business Rule creation wizard, select User and Launch this Rule before Creating a User.

  3. On the 3rd step of the wizard, add the Cancel this operation action and click OK.

  4. Click Always.

  5. Add the If PowerShell script returns true condition.

  6. Paste the following script:

     # The condition is met if $Context.ConditionIsMet is set to $True.
     $Context.ConditionIsMet = $False;
     if ($Context.IsPropertyModified("manager"))
     {
         $manager = $Context.BindToObjectByDN("%manager%")
         try
         {
             $managerType = $manager.Get("employeeType")
         }
         catch
         {
             return
         }
    
         if ($managerType -eq "Contractor")
         {
             $Context.ConditionIsMet = $True
         }
     }
  7. Finish creation of the Business Rule following instructions of the wizard.

If you would rather prefer placing contractors in a separate OU, you will need another script. We can write it, if you want.

0

Ok, that is a good step for validation after the user request has been submitted from the web interface. Is there anything we can do to filter the list of objects on the web interface when the manager for a user is chosen?

I supose we could also just hide this field and populate the manager from a business rule linked to the users department.

0

Ok, that is a good step for validation after the user request has been submitted from the web interface. Is there anything we can do to filter the list of objects on the web interface when the manager for a user is chosen?

No, unfortunately, this is currently impossible, but this feature is in our TODO list.

I supose we could also just hide this field and populate the manager from a business rule linked to the users department.

This one is very easy to do:

  1. Create a new Business Rule.
  2. On the 2nd step of the Business Rule creation wizard, select User and Launch this Rule after Creating a User.
  3. On the 3rd step of the wizard, add the Update User action and click Add.
  4. In the dialog box that appears, select Manager in the Property to modify field.
  5. Click the Edit button in the New value field.
  6. Select the user whom you want to be the manager for the first department and click OK 3 times.
  7. Click Add Condition.
  8. Select the If <property> <relation> <value> condition and select If Department equals [Department name], where [Department name] is the name of the department, for which you are setting this particular manager.
  9. Click OK and finish creation of the Business Rule.
  10. Repeat these steps for as many departments as you have. Actually, you may even copy and paste the whole set of actions and conditions and then just change the department names and the managers.

Related questions

0 votes
1 answer

The checkbox is not selected (False) by default.

asked May 30, 2022 by john.harding (70 points)
0 votes
0 answers

My request is that I want to do restrictions views on Active Directory groups. There are groups managed by users and i want thoses users to only see their own groups they managed in the ... it's possible or if it is, I would like to know how to do this, thanks

asked Jun 22, 2016 by antoine.renard1 (20 points)
0 votes
1 answer

Hello. We need Adaxes to run a script every night that strips leading zeroes off of employee ID. Or better yet (each time the employee ID is set or changed?) Example: Tech puts ... ID. It will strip it down to 556 Would powershell be the way to do this? Thanks

asked Dec 20, 2021 by silicondt (60 points)
0 votes
1 answer

Working within a DoD environment all interactive user accounts are required to have an @mil suffix. Within the application though I am unable to make the required change to anything ... environment? The employee types consist of CTR, SVR, WKS, ADMIN, and APP.

asked May 13, 2019 by jason.d.jones (100 points)
0 votes
1 answer

How are people going about configuring employees transferring or being promoted? Right now our HR is responsible for submitting the user creation forms, which in return kick off our ... , and have it remove all groups and add the new position groups? Thanks!

asked Feb 16, 2017 by jhair (520 points)
3,326 questions
3,026 answers
7,727 comments
544,684 users