0 votes

Hi,

as the subject indicates I created a form within Adaxes using adm-CustomAttributeText to display various DropDown fields.
My question is, is it possible to somehow link a CustomCommand to the form that uses the values from the fields to create a group and if so how should it look like?

Regards
Ingemar

by (960 points)
0

Hello Ingemar,

A Custom Command cannot be used here, but you can use a Business Rule for this purpose. Could you describe on what Home Page Action you based your form so we could help you with a Business Rule? Basically, we'd like to know what you select on the Select Action step of the Create home Page Action wizard.

0

I selected create new group in the wizard

0

OK, one more question. Active Directory cannot create groups without a name. How are you planning to generate names for new groups created with the help of this Home Page Action?

0

The idea was to create a page as I did with the special fields, then have button or whatever below that triggers a script, which then takes the values from the fields and creates the group

0

Our question is, how were you planning to generate a group name for the new group? What should it consist of? Or should it be assigned a random name of a random sequence of characters?

0

gotcha, with a table in the script that translates the field values into something useful.
For example if you choose Universal Group as Group Type the table should translate to "ug_" and so on
The group name should consist of parts of the field values.

1 Answer

0 votes
by (216k points)
selected by
Best answer

Update 2019

Starting with version 2019.1 there is a dedicated action in custom commands, business rules and scheduled tasks for creating directory objects. For details, have a look at the following tutorial: https://www.adaxes.com/tutorials_ActiveDirectoryManagement_CreateMultipleAdObjectsInOneOperation.htm.

Update 2018

Starting with version 2018.1, custom commands have parameters that can be used in the actions and scripts. For details, see https://www.adaxes.com/tutorials_DelegatingPermissions_GrantRightsToCreateUsers.htm.

Original

OK, understood. To implement what you need, you can use a Business Rule triggered After Creating a Group. In the Business Rule, you can perform all the actions required to set up the group to your needs.

Also, you need to resolve one issue. The thing is that Active Directory does not allow creating groups when the following properties are not specified:

  • Group Name
  • Group Name (pre-Windows 2000)
  • Group Type

We suggest that you modify your Home Page Action and set the above properties as Predefined Fields. The properties will be set to certain temporary values only to allow creation of the group. After the group is created, you will be able to change them to whichever values you need with the help of the Business Rule.

To modify the Home Page Action:

  1. On the computer, where your Adaxes Web Interface is installed, start the Web Interface Customization tool.

  2. In the Interface type drop-down list, select the Web Interface you want to configure.

  3. Activate the General tab.

  4. Click Configure Home Page Actions.

  5. In the dialog box that appears, double-click the Home Page Action for creating groups that you've configured.

  6. Switch to the Form Customization tab.

  7. Click Add in the Predefined Fields section.

  8. Select the Group Name property in the Property name field.

  9. Type the temporary value in the Default value field, for example, TEMP-%adm-RandomString,3% and click OK.

    • %adm-RandomString,3% is a value reference that will be replaced with a random string of the length of 3 characters.

  10. Repeat steps 6-8 for the Group Name (pre-Windows 2000) property.

  11. Click Add in the Predefined Fields section again.

  12. Select the Group Type property in the Property name field.

  13. Type the following in the Default value field:
    -2147483646

    This will create a Global Security group.

  14. Click OK 3 times.

Create a Business Rule that will update group properties upon creation:

  1. Create a new Business Rule.
  2. On the 2nd step of the Create Business Rule wizard, select Group and After Creating a Group.
  3. On the 3rd step, add the necessary actions and conditions. For example, to launch a PowerShell script, add the Run a program or PowerShell script action.
  4. On the 4th step, include the locations where groups need to be created to be affected by the Business Rule in the Activity Scope.
0

Great that should do the trick.

Question, how do I retrieve the random group name within the powershell script?

0

Group Name (LDAP name for the property: cn):

$Context.TargetObject.Get("cn")

Group Name (pre-Windows 2000) (LDAP name for the property: sAMAccountName):

$Context.TargetObject.Get("sAMAccountName")

For more details, see Getting Information about the Target Object.

0

Thanks that was very helpful.

Is there any chance to get the domain from $Context where the object was created in?
like for example asia.example.com or america.example.com

kind regards
Ingemar

0

Hello Ingemar,

Yes, of course. Use $Context.GetObjectDomain("%distinguishedName%").

%distinguishedName% is a value reference that will be substituted with the Distinguished Name (DN) of the object on which a Business Rule, Custom Command or Scheduled Task is executed.

0

thanks

Related questions

0 votes
1 answer

Is it possible to create a drop down that displays options based on the selection in another field? EX: I want to create a job title background that will populate options ... like the Job title drop down to display "Customer service rep, call support, etc".

asked Oct 11, 2021 by copatterson (70 points)
0 votes
1 answer

We are trying to enforce better consistency for user attribute values in a domain but without overly restricting user input when modifying/creating users. Is it possible to ... to these fields and create Custom Commands to change them which is very tedious.

asked Mar 21, 2019 by Staj (350 points)
0 votes
1 answer

Is it possible to create a business unit and have it auto populate with group owners in a specific OU. I've tried a few scripts to get propertie adm-managedbylist but none have worked so far.

asked Nov 18 by C27 (20 points)
0 votes
1 answer

Update group membership based on one property values. I am trying to find a script that resembles "Update group membership based on two property value" but just for one value.

asked Apr 7, 2022 by lee_thomas (20 points)
0 votes
1 answer

The section is not defined in the available options in Adaxes and it is in the AD as well. Eg; I need to add a section called ' Security Access' and have it ... to select from options like User Directory, Internet access, Track-It account , SAP access etc.

asked Oct 13, 2021 by Aishwarya Gavali (40 points)
3,569 questions
3,259 answers
8,275 comments
547,954 users