0 votes

Is it possible to have custom command that doesn't execute on a specific (or any) AD object? I realize Adaxes is for AD management, but I was wondering if it would be possible to create a custom action that I can just execute without having to select a user/group/contact/etc

I have a powershell script that I want to use to create a database account on a SQL server, but I don't need it to execute against and AD object, I just need it to talk to the SQL server.

Thanks

by (520 points)

1 Answer

0 votes
by (216k points)

Hello,

Yes. You can create a Custom Command that will be executed on a User object. Then, you can create a Home Page Action in the Adaxes Web Interface that would always execute this Custom Command for the current user, thus evading the object selection page. To do this:

  1. Create a new Custom Command.
  2. On the 2nd step of the Create Custom Command wizard, select User.
  3. On the 3rd step of the wizard, add the Run a program or PowerShell script action and paste your PowerShell script.
  4. Finish creation of the Custom Command.
  5. On the computer, where the Web Interface is installed, start the Web Interface Customization tool.
  6. In the Interface type drop-down list, select the Web Interface you want to configure.
  7. Activate the General tab, select the Actions pane option, and click Configure Home Page Actions.
  8. In the dialog box that appears, click Add...
  9. On the 1st step of the Add Home Page Action wizard that appears, select Custom Command.
  10. Select the Custom Command that you created in the drop-down list that appears next to the Custom Command option.
  11. On the 3rd step of the wizard, select Always perform for the current user an click Finish.

This will do the job.

0

Thank you for the information, that does get rid of the issue of having to select a user, but now I have another issue/question. Is it possible to have a PowerShell script prompt for information? My script does, but no prompts ever show up when it executes.

Thanks!

0

Hello,

Adaxes does not support interactive PowerShell scripts yet, but this feature is in our TODO list. Most probably, this is gong to be Adaxes 2013.2.

Also, I have a workaround for you.

You can create a Home Page Action for the Adaxes Web Interface that would use a customized form and allow users to input the values that the script will require. Adaxes provides a set of virtual properties that are not stored in Active Directory, but you can use them in Adaxes like a regular property of AD objects. The values from the customized form will be assigned to the virtual properties of the user who launches the Home Page Action. Finally, you can create a Business Rule that will be triggered when one of these values is modified and launch your PowerShell scripts. You can pass the values of the virtual properties to the script like values of any other properties of directory objects.

The only thing is that those values need to be specified before the script is launched. Currently, Adaxes provides no means to input values to PowerShell scripts at runtime.

If this workaround is OK with you, I can provide you with detailed instructions.

0

Hi,

Great to hear that interactive support is coming, but in the meantime your workaround sounds like it would work so if you could post the detailed instructions that would be great.

Thanks,

0

Hello,

Here you go.

Adaxes provides the following set of virtual properties:
CustomAttributeText1 through CustomAttributeText10 - for text (string) values,
CustomAttributeInt1 through CustomAttributeInt5 - for integer values,
CustomAttributeBinary1 through CustomAttributeBinary5 - for binary values,
CustomAttributeBoolean1 through CustomAttributeBoolean5 - for boolean values,
CustomAttributeDate1 through CustomAttributeDate5 - for date values,
CustomAttributeTimeStamp1 through CustomAttributeTimeStamp5 - for time values.

I. Create a Home Page Action with a customized input form:

  1. On the computer, where the Web Interface is installed, start the Web Interface Customization tool.
  2. In the Interface type drop-down list, select the Web Interface you want to configure.
  3. Activate the General tab, select the Actions pane option, and click Configure Home Page Actions.
  4. In the dialog box that appears, click Add...
  5. On the 1st step of the Add Home Page Action wizard that appears, select Modify and choose User from the associated drop-down list.
  6. On the 3rd step of the wizard, select Always perform for the current user.
  7. On the 4th step of the wizard, select Use customized form and click Customize Form...
  8. In the Customize Form dialog that appears, you need to remove all the unnecessary fields and sections that you will not use in your scripts. On how to delete sections and fields, refer to step 6 of the Customize Forms for User Creation and Editing Tutorial.
  9. Then you need to add the virtual properties that you will use on your form. To add a property to the web Interface form, click the Add... button below the Section fields section:
  10. In the dialog box that appears, you need to select a virtual property that you will use. As virtual properties are not displayed by default, you need to select Show all properties to be able to select them.
  11. Click OK.
  12. Repeat steps 9, 10 and 11 for as many parameters as you need to pass to your script.
  13. Click OK.
  14. Finish the Add Home Page Action wizard.

II. Create a Business Rule that will launch the script:

  1. Create a new Business Rule.

  2. On the 2nd step of the Create Business Rule wizard, select User and After Updating a User.

  3. On the 3rd step of the wizard, add the Run a program or PowerShell script action and paste your script in the Script field.

  4. You can pass the virtual properties to your script by using the $Context.TargetObject.Get("<PropertyName>") method (for example, $Context.TargetObject.Get("adm-CustomAttributeText1")).

    As you will no longer need the values after the script is executed, you can clear them at the very end of your script. For example, the following script block clears properties CustomAttributeText1 and CustomAttributeText2:

     $Context.TargetObject.Put("adm-CustomAttributeText1", $NULL)
     $Context.TargetObject.Put("adm-CustomAttributeText2", $NULL)
     $Context.TargetObject.SetInfoEx(@("adm-CustomAttributeText1","adm-CustomAttributeText2"))
    
  5. When finished with the script, click OK.

  6. Now you have to add a condition when the script will be triggered. As mentioned before, all values from the customized form will be passed to virtual properties of the initiator of the action. So, for example, if you chose to pass a value from the form to CustomAttributeText1, then you have to check in your Business Rule if CustomAttributeText1 has changed. To do this, right-click the set of actions and conditions and click Add condition...

  7. In the dialog box that appears, select the If <property> changed condition.

  8. In the <property> drop-down list, select Show all properties and CustomAttributeText1.
    Select has changed.

  9. Click OK and finish creation of the Business Rule.

III. Customize display names for the properties:

Since names like CustomAttributeText1 etc. will not tell much to your users about the meaning and the function of these fields, you would probably want to give them your own names. See the Customizing Display Names for AD Properties help article on how to accomplish this task.

0

Hi,

Thanks for the detailed instructions, it looks like they might work for what I require, but I'm having an issue following them. When I get to step 10 to add the custom property to the Section Fields and I check the "Show all properties" checkbox I don't get any custom properties in the list.

Any help would be appreciated

0

Hello,

What is the version of Adaxes that you are using? Most probably, you are using an old version that does not yet support virtual properties.

0

We are using version 2012.1 If I go to Help > About in the Administration Console the version in the top left corner reads 3.3.8127.0

0

Hello,

This is an old release that does not yet support Adaxes virtual properties. You need to upgrade to be able to use them. Find the latest build here.
Upgrade instructions.

0

Hello,

It's been a while since this thread was replied to, but I've finally been able to upgrade Adaxes and I have implemented the steps you gave and everything is actually working quite well. I have one question though. I updated the AttributeFriendlyNames2.eng.xml file with friendly names for the two custom attributes that I'm using, but in the web interface when I click the Modify User action the boxes display the ldap names and not the friendly names I've set.

Am I missing something

Thanks!

0

Hello,

One possible reason that I can think of is that when updating the AttributeFriendlyNames2.eng.xml file, you specified the display names of Adaxes virtual attributes that you use (e.g. CustomAttributeText3 or CustomAttributeInt2). You should use the LDAP names of these properties instead (e.g. adm-CustomAttributeText3 or adm-CustomAttributeInt2).

0

Thanks! Your reply pointed me in the correct direction. I had used the LDAP names in the file but when I went to double-check that I did I found that I'd misspelled the LDAP name for both properties I was using.

Thanks very much for the help, everything to do with this topic is now working perfectly.

0

Is there a way to add additional Adaxes Virtual Properties, such as "adm-CustomAttributeText11", ...12, and so on?

In the Web Interface Customization tool I've configured a Customized Form, added a new Field with the "Add Extra..." button called "adm-CustomAttributeText11" and updated my AttributeFriendlyNames2.eng, then ran iisreset. This resulted in my Friendly Name showing up correctly in the "Section Field" of the "Customize Form" dialog box.

Now I'm trying to create a Business Rule and Add Condition "If <property> changed". When I attempt to select the Condition Parameters my new Virtual Property does not appear in the selection list with "Show all properties" selected.

I also noticed that in the Web Interface I receive an error when clicking onthe new Home Page action after I select the user I want to modify:

Fetal Error
Information about the property 'adm-customattributetext11' was not fetched.

I am going about this the correct way?

0

Hello Michael,

You cannot add properties like this. Currently, Adaxes provides only 10 custom properties that you can use for text (string) values, which are CustomAttributeText1 through CustomAttributeText10. We'll add 10 new custom text attributes in Adaxes 2013.1.

For now, since you have Exchange installed, you can use the custom properties that are provided by Microsoft Exchange Server. By default, Adaxes displays these properties as ms-Exch-Extension-Attribute-1 through ms-Exch-Extension-Attribute-15. The LDAP names for these properties are extensionAttribute1 through extensionAttribute15. You can use them as any other properties of directory objects.

0

HI,

any news?

at today I still cannot find any guide or documentation for pass variable to custom script, trough web interface,

is this feature still in development?

Thank you

Best Regards,

0

Hello,

In our Custom Command That Does Not Execute on Object we only promised to add more custom attributes that can be used with a workaround for this feature. For a short description of the workaround, have a look at Custom Command That Does Not Execute on Object, and detailed instructions are provided in Custom Command That Does Not Execute on Object.

We did that. Now, you can use the following custom attributes:

  • CustomAttributeText1 through CustomAttributeText30 - for text (string) values,
  • CustomAttributeTextMultiValue1 through CustomAttributeTextMultiValue10 - for multivalued text (string) values,
  • CustomAttributeBoolean1 through CustomAttributeBoolean25 - for boolean values,
  • CustomAttributeInt1 through CustomAttributeInt5 - for integer values,
  • CustomAttributeBinary1 through CustomAttributeBinary5 - for binary values,
  • CustomAttributeDate1 through CustomAttributeDate5 - for date values,
  • CustomAttributeTimeStamp1 through CustomAttributeTimeStamp5 - for time values.

As for the feature of passing variables to PowerShell scripts, we have the feature on our product backlog, but it is not planned for the nearest future. For now, you can use the workaround provided in the posts mentioned above. Should you have any questions and / or difficulties in implementing it, do not hesitate to ask.

Related questions

0 votes
1 answer

We currently have a form for HR to deal with ex-employees that are hired once more, but it's not much more than automatic emails sent to IT. If I add some actions ... this trigger the business rule we have that targets "After updating a user" ? Thanks, Louis

asked Oct 18, 2022 by lw.fa (130 points)
0 votes
1 answer

On Approval Requests, in the web console, Initiator shows "N/A" instead of the custom command scheduled task. The admin console shows the custom command scheduled task though. Any way to fix that?

asked Jan 21, 2021 by mark.it.admin (2.3k points)
0 votes
1 answer

I had a business rules that had a PowerShell script to update User properties in a SQL table. It was working fine. I moved the PowerShell to a custom command so I could ... in the custom command does get the values for the User object. Am I missing something?

asked Jun 2, 2014 by sdavidson (730 points)
0 votes
1 answer

Hi, I had to create Custom Command for distribution group creation. Default group creation wizard cannot be used, because we need some of parameters to be mandatory etc. Anyway I ... which shouldn't be targeted to any particular AD object. How do I do it?

asked Jan 20, 2020 by KIT (910 points)
0 votes
1 answer

The Advanced Search in the Domain Find(CTRL-F3) function allows you to select a custom Active Directory field(added by IT, not a windows default AD field). When you ... helpful to have a Contains, Does not Contain logical operator in the Find function. Thanks!

asked Oct 11, 2012 by mpaul (360 points)
3,326 questions
3,025 answers
7,724 comments
544,675 users