I'd like to implement a rule to ensure that telephoneNumber value is unique accross the domain for each user, either after creation or updates.
I tried to implement a business rule (powershell script) before user update, but the problem is that the telephoneNumber provided thru the %telephoneNumer% token is the old one (before change). How to get the new value in the script ?



1 Answer

At the moment it is possible validate AD object properties using a script only before creation of an object. For details, please see Checking EmployeeID

In a week, we are going to release a minor release that will allow validating object properties before updating objects in AD. As soon as the new version is released, I'll post here instructions on how to do what you need.


Thanks you.

I'll be patient :-)



Yesterday we released Adaxes 2011.2 that allows you to validate user input using scripts.
To validate that the specified telephone number is unique in the directory, you need to create a Business Rule that will be triggered before creation of new users in AD. This Business Rule should execute the following PowerShell script:

Import-Module Adaxes
if ($Context.IsPropertyModified("telephoneNumber"))
    # Get the value specified by the user
    $value = $Context.GetModifiedPropertyValue("telephoneNumber");
    # Ensure that the specified phone number is unique
    if ((Get-AdmUser -Filter 'telephoneNumber -eq $value') -ne $NULL)
        $Context.Cancel("A user with the specified telephone number already exists!");

For more details, see Validate/Modify User Input Using a Script.

You can download Adaxes 2011.2 here.



In your script you are checking an attribute of the AD. I want to check if an attribute of Adaxes (adm-Custom...) has changed and if its unique. How do I have to change the code, that it works for Adaxes custom attributes?




You will need to totally rework the if statement part. The thing is that you cannot use Adaxes custom attributes in search criteria. As such, the only option is to find all the managed users and then check the attribute value separately for each of them. Unfortunately, we do not have the exact example, but the following article should be helpful: https://adaxes.com/sdk/SampleScripts.SearchingUserAccounts.

