0 votes

Dear Support,

I want to redirect the Approvalrequests to another Person, if the automatic reply function in Exchange is enabled. Can Adaxes read this Attribut from Exchange 2010 so I can create a Business Role and send the request for approval to a other Person when the Attribut is true.


Thank you for your great support

by (700 points)
0

Hello,

This cannot be done with a Business Rule, however you can create a Scheduled Task for this purpose. For example, you can create a Scheduled Task that will find all pending Approval Requests. For each pending Request, it will check whether the Approver of the Request is out of office. If a certain Approver is out of office, it will reassign the Request to the manager of the Approver, for example.

If this solution is OK with you, we will provide you with the details on how to create such a Scheduled Task and the script required to accomplish it.

0

Dear support,
Your solution sounds great :D Please give me further instruction to this solution.
I have just one requirement. Is it possible that the forwarding Destination for the Request is a custom attribute? I want to use the AD-Attributes manager and secretary for something else.

Thanks in advance

0

Hello,

What do you store in the Custom Attribute? Is it a Distinguished Name of another user, a username or something else?

0

Dear Support,
Yes it should be a other user, but it doesn't matter for me if it is a Distinguished Name or a Username. What for you the easiest way would be. A Username would be preferred for me.
friendly greeting

0

I have one Question to my first post. Is it not possible using two Business rules to solve my Problem.

My Problem is how I get the Status of the OutofOffice Attribute.

What do you think about this idea?

0

Hello,

You should remember that when you send the operation of creating a new user for Approval, the possible Approvers can be:

  1. Manager of the requestor
  2. Owner of the requestor's OU
  3. Manager of the new user
  4. Owner of the new user's OU
  5. Any AD user or group specified directly (that is, 'hard-coded' in the Business Rule).

So, the Manager can be specified as a possible approver, however the Manager's Deputy can only be 'hard-coded', that is, specified directly. For example, in your Business Rule you can have a series of action/condition sets, one set for each Deputy in your company.

If you are OK with such a solution, we will describe you how to implement your task.

0

Dear Support;

thanks for your prompt answer. I think that's what I'm looking for. Please let me know how I it can implement.

Kind regards

1 Answer

0 votes
by (215k points)

Hello,

To create a Business Rule that will send creation of a new user for approval to either the user's manager or another person if the manager is not available:

  1. Create a new Business Rule.

  2. On the 2nd step of the Create Business Rule wizard, select User and Before Creating a User.

  3. On the 3rd step, add the Send this operation for approval action.

  4. In the Approvers section, select Manager of the target user and click OK.

  5. Now, you need to add a condition to send the operation for approval only if the manager has OOF disabled. Double-click Always.

  6. In the dialog box that appears, select the If PowerShell script returns True condition and paste the following script in the Script field.

     $Context.ConditionIsMet = $False
    
     $managerDN = $Context.GetModifiedPropertyValue("manager")
     if ($managerDN -eq $NULL)
     {
         return
     }
    
     # Bind to manager
     $manager = $Context.BindToObjectByDN($managerDN)
    
     # Get mailbox parameters
     try
     {
         $mailboxProps = $manager.GetMailParameters()
     }
     catch
     {
         $Context.ConditionIsMet = $True
         return
     }
    
     # Check OOF property
     $automaticReplies = $mailboxProps.AutoReplyConfiguration
     $automaticRepliesStatus = $automaticReplies.AutoReplyState
    
     switch ($automaticRepliesStatus)
     {
         "ADM_EXCHANGE_OOFSTATETYPE_DISABLED" 
         {
             $Context.ConditionIsMet = $True
         }
         "ADM_EXCHANGE_OOFSTATETYPE_ENABLED" 
         {
             return
         }
         "ADM_EXCHANGE_OOFSTATETYPE_SCHEDULED" 
         {
             # Check date
             $startTime = $automaticReplies.StartTime
             $endTime = $automaticReplies.EndTime
             $now = Get-Date
             if (($now -lt $startTime) -or ($now -gt $endTime))
             {
                 $Context.ConditionIsMet = $True
             }
         }
     }
    

    The above script returns $True when the new user's manager has OOF disabled or when the manager does not have a mailbox at all.

  7. Click OK.

  8. If necessary, add other conditions.

  9. Now, you need to create a new set of actions and conditions that will send the operation for approval to another person if the manager is out of office. Click the Add action to a new set link at the bottom.

  10. Select the Send this operation for approval action.

  11. In the Approvers section, click Add and select the person that will substitute the manager while he is out of office.

  12. Click OK.

  13. Now, you need to add a condition to send the operation for approval only if the manager has OOF enabled. Double-click Always.

  14. In the dialog box that appears, select the If PowerShell script returns True condition and paste the following script in the Script field.

     $Context.ConditionIsMet = $True
    
     $managerDN = $Context.GetModifiedPropertyValue("manager")
     if ($managerDN -eq $NULL)
     {
         return
     }
    
     # Bind to manager
     $manager = $Context.BindToObjectByDN($managerDN)
    
     # Get mailbox parameters
     try
     {
         $mailboxProps = $manager.GetMailParameters()
     }
     catch
     {
         $Context.ConditionIsMet = $False
         return
     }
    
     # Check OOF property
     $automaticReplies = $mailboxProps.AutoReplyConfiguration
     $automaticRepliesStatus = $automaticReplies.AutoReplyState
    
     switch ($automaticRepliesStatus)
     {
         "ADM_EXCHANGE_OOFSTATETYPE_DISABLED" 
         {
             $Context.ConditionIsMet = $False
         }
         "ADM_EXCHANGE_OOFSTATETYPE_ENABLED" 
         {
             return
         }
         "ADM_EXCHANGE_OOFSTATETYPE_SCHEDULED" 
         {
             # Check date
             $startTime = $automaticReplies.StartTime
             $endTime = $automaticReplies.EndTime
             $now = Get-Date
             if (($now -lt $startTime) -or ($now -gt $endTime))
             {
                 $Context.ConditionIsMet = $True
             }
         }
     }
    

    The above script returns $True when the new user's manager has OOF enabled or when no manager is specified for the user.

  15. Click OK.

  16. If necessary, add other conditions.

  17. Finish creation of the Business Rule.

Related questions

0 votes
1 answer

I'm evaluating Adaxes. I have no business rules enabled. When I create a new user in the web interface the account is disabled after creation. Is this normal for Adaxes? In the management console it is not disabled by default.

asked Aug 7, 2020 by ComputerHabit (790 points)
0 votes
1 answer

Hello, I use a script to place user accounts in a Adaxes unmanaged state. Recently we need some of those user accounts to be reverted back to a managed state. Is there a way I can enable them again through Adaxes?

asked Jan 21, 2015 by addaxjo (50 points)
0 votes
0 answers

I noticed that I get an error when I execute the "https://www.adaxes.com/script-repository/add-user-to-groups-in-microsoft-365-s578.htm, Add user to groups in Microsoft ... target address) Since it takes so long to sync, I cannot automate the above steps.

asked 3 days ago by Tfarmer (120 points)
0 votes
0 answers

Trying to configure a custom launcher in Thycotic Secret Server that will launch Adaxes on the user's local machine with the username and password passed as parameters. Has anyone made this work?

asked May 20 by amillard (20 points)
0 votes
1 answer

I would like to have the possibility to use different icons for AD groups. I have groups for file permissions, applications, mailboxes, etc. For each group type I ... do this without schema extension? or will this be possible in the future? regards pudong

asked May 6 by pudong (410 points)
2,740 questions
2,474 answers
6,475 comments
1,373,648 users