0 votes

Dear Support,

I'm using this Script for adding User to Groups.

Import-Module Adaxes
$User = "%distinguishedName%"
$group = get-AdmGroup "KendoxUser_%adm-CustomAttributeText17%" -Properties Members

if ($group.Members -notcontains $User)
{ 
   $group | Add-AdmGroupMember -Members $User
   $Context.LogMessage("Benutzer zur Gruppe $group hinzugefügt", "Information")
   return
}

It works fine, but when the Grouplocation is in a Subdomain it doesn't work.
Do you have any idea why?

by (700 points)

1 Answer

0 votes
by (215k points)

Hello,

It doesn't work for a sub-domain because by default, Adaxes cmdlets, such as Get-AdmGroup or Add-AdmGroupMember, perform operations only in the current domain. To be able to perform operations with the help of the cmdlets in another domain, you need to specify the Active Directory Domain Services instance to connect to via the -Server parameter and the Adaxes service that will be used for the operation via the -AdaxesService parameter, for example:

$group = get-AdmGroup "KendoxUser_%adm-CustomAttributeText17%" -Properties Members -AdaxesService localhost -Server subdomain.example.com

We can modify the script to match your requirements, but for this purpose we need to know how to get the FQDN of the subdomain. Can it be hard-coded in the script or maybe derived from some properties of the user?

0

Hello,

Here's a modified version of the script that meets your requirements:

Import-Module Adaxes
$User = "%distinguishedName%"

$domainName = $Context.GetObjectDomain("%distinguishedName%")

$group = get-AdmGroup "KendoxUser_%adm-CustomAttributeText17%" -Properties Members -AdaxesService localhost -Server $domainName

if ($group.Members -notcontains $User)
{
   $group | Add-AdmGroupMember -Members $User -AdaxesService localhost -Server $domainName
   $Context.LogMessage("Benutzer zur Gruppe $group hinzugefügt", "Information")
}

Related questions

0 votes
1 answer

When trying to add multiple groups to a user after searching in the group list we are seeing that selecting one group adds that one then the complete list of groups ... from the search results without the list refreshing not just the first group selected?

asked Nov 12, 2021 by techg (240 points)
0 votes
1 answer

They can navigate to both the user or the group within the ADAXES web interface without issue. They can then either Add to Group or Add Member but the resulting ... something to the web interface which prevents changing the lookup domain. Any ideas? Thanks!

asked Apr 9, 2020 by VTPatsFan (610 points)
0 votes
1 answer

Pretty simple question. Upon user provisioning, based on business unit, is there a way to have the new O365 mailbox and user be added to an existing distribution group in ... could do this with local AD distribution groups, but that is currently not the case.

asked Sep 10, 2015 by eponerine (50 points)
0 votes
1 answer

This may be a stupid question but I'm looking to create an approval process for users being added to sensitive AD groups such as the domain admins group. How would I ... to use especially since the condition is based on changes that have not yet happened...

asked Nov 1, 2012 by VTPatsFan (610 points)
0 votes
1 answer

When a new user account is created by copying an existing one, is it possible to prevent the new account from becoming a member of security groups in a specific OU (when the ... same way as the account being added to the group, which I need for audit purposes.

asked Sep 28, 2020 by markcox (70 points)
2,738 questions
2,473 answers
6,471 comments
1,359,308 users