0 votes

In our organisation every department has a named manager.

So if I add a new user and their department is "Sales" (selected from a property pattern) I have a business rule that adds them to the "Sales" group from a template variable 'CN=%department%,OU=Departments,OU=Groups,DC=corp,DC=com'.

What I'm not sure of is the best way to automatically set the manager.

For example I guess I could put in a whole string of rules along the lines of "If department = sales then set manager to Joe" but that gets complex with lots of departments and business rules.

I'm assuming there is a way to assign a manger to each department once in Adaxes and then use some kind of "Department Manager" variable?

Ideal world I just want to choose the department from a pulldown (which shows the property pattern) and whatever department is chosen the user is removed from the old group and added to the new and their manager is set to the manager of their new department.

Any suggestions on the simplest way to achieve this would be great thanks :)

by (1.9k points)

1 Answer

0 votes
by (217k points)

Hello,

From what you've posted, we assume that there's one group per department. If that's correct, then the best way would be to store the department manager in a certain property of a Group. For this purpose, you can use an AD property of the DN string syntax and that you don't use for other purposes. For example, you can set the manager in the Managed By property. Using a property of the DN string format gives you the advantage of having the Browse button in the field that represents the property, so you don't have to input the department manager manually. You'll be able to select a department manager from AD.

As for setting the manager for a user automatically, in your Business Rule or Custom Command that adds/removes users to/from groups based on departments, you'll be able to use a PowerShell script and the Run a program or PowerShell script action that will copy the department manager's DN from the Managed By property of the group to the Manager property of the user, thus setting a new manager for the user. Here's a script that performs such a task:

# Bind to the group that represents the user's department
try
{
    $group = $Context.BindToObjectByDN("CN=%department%,OU=Departments,OU=Groups,DC=corp,DC=com")
}
catch
{
    $Context.LogMessage("Cannot set a manager for the user because there is no group for the user's department (%department%).", "Warning")
    return
}

# Get the department manager
try
{
    $manager = $group.Get("managedBy")
}
catch
{
    $Context.LogMessage("Cannot set a manager for the user because the user's department doesn't have a manager (%department%).", "Warning")
    return
}

# Set the manager
$Context.TargetObject.Put("manager", $manager)
$Context.TargetObject.SetInfoEx(@("manager"))

Related questions

0 votes
1 answer

Hi, I would like to be able to provision my user accounts "Department" fields based on the Organizational Unit name in which the user is in. Basically I'd like to copy the ... Adaxes? ex: OU = IT Corp Name = Paul Fakename Department = IT Corp Thanks in advance

asked Nov 26, 2012 by cedricb (280 points)
0 votes
1 answer

During the creation of a new user I want to be able to select the job title from a drop-down list which populates different values based on which Department is selected. Is there a way to achieve this? Thanks. Dario.

asked Oct 2, 2020 by winstonsmith (450 points)
0 votes
1 answer

Hello, I've set it up using this tutorial https://www.adaxes.com/tutorials_Simpli ... Office.htm It almost works perfectly on user creation, however the street portion never ... it shows that it does. Postal code, state/province, and city set as expected.

asked Jun 4, 2018 by yuvrajgill10 (510 points)
0 votes
1 answer

It is possible to automatically create the logon name based on eg %firstname% and %lastname%, however I want to achieve the following: logon name = first letter FirstName, first ... account where that field is used for. How to achieve this? With regards, Remco

asked Nov 21, 2013 by RTiel (5.3k points)
0 votes
1 answer

Hi, We are in process of implementing the User Creation/Deletion & Add/Remove Users to Group. We have been using the Canonical name ... /errorMessage> </addResponse> </ProcessRequestResult> </ProcessRequestResponse> Thanks, Aravindh

asked Nov 20, 2018 by Aravindh (510 points)
2,381 questions
2,136 answers
5,765 comments
185,027 users