0 votes

We are a Google Apps shop and we are currently managing the primary email address for our users via AD\Adaxes, but we now need to start managing the aliases as well. There is going to be integration with Google on the backend that will perform the tasks, but we need to be able to manage it via Adaxes.

We would like:

  • The ability for the Help Desk to add or delete email aliases in AD
    The ability for the Help Desk to set a new primary and move the current one as an alias in AD
    We currently have scripts in place to insure that the primary email is not already in use on the creation or modification of users and we will need to extend this out to check the aliases as well.
    To easily view the user's primary email and aliases

Please let me know what you think of this and what options we have to be able to accomplish this.

Thanks

by (1.2k points)
0

What we do is use Google Apps Manager (GAM) https://github.com/jay0lee/GAM. Then we use the powershell functionality within Adaxes to run those commands somewhat intelligently. It sounds like you can use your existing scripts and simply integrate them with the powershell or command line options within Adaxes.

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

To interact with Google Apps from Adaxes, you can use PowerShell scripts. The Run a program or PowerShell script action allows you to launch PowerShell scripts from within Adaxes Business Rules, Custom Commands and Scheduled Tasks. For an example of how to run a PowerShell script from a Business Rule, see the following tutorial: http://www.adaxes.com/tutorials_Automat ... ngUser.htm.

As for Google Apps specifically, we had success with the Google Data API. You can access the API packages and instructions for the Google Data API from here: https://developers.google.com/gdata/docs/directory. If you need any help with the actual scripts, we will help you.

0

Sorry, Adaxes will not be making the changes to Google, but we need to have the Help Desk make alias and primary email address changes in Adaxes. What I need is a way for the Help Desk to add email aliases to an AD object, as well as switching out an alias with a primary.

0

Actually, we were thinking that this was going to be more difficult than it actually is. Adding the proxyAddress attribute to the form is doing what we need. Adaxes handles this attribute very nicely in the modification view and will make it very easy for the Help Desk. Could we please get help with expanding on our script that verifies that we are using a unique email address. We are going to need to have it check all the aliases stored in the proxyAddress attribute. Only the email addresses will be stored in this attribute, there will be no smtp: prefix that is used by Exchange.

if ($Context.IsPropertyModified("mail"))
{
    # Get Email address
    $mail = $Context.GetModifiedPropertyValue("mail");

    # Check whether the email address is empty
    if ([System.String]::IsNullOrEmpty($mail))
    {
        return
    }

    # Search all users 
    $searcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher" $NULL, $False
    $searcher.SearchParameters.PageSize = 500
    $searcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.SearchParameters.Filter = "(&(objectCategory=user)(mail=$mail))"
    $searcher.VirtualRoot = $True

    $result = $searcher.ExecuteSearch()
    $users = $result.FetchAll()
    $result.Dispose()

    # Check if the Email address is unique
    if($users.Count -ne 0)
    {
        $Context.Cancel("Email address is already in use. Please verify that account is not being duplicated");
    }
}

We will also need to check that the Help Desk did not set the user object with the same email address twice, once in the mail attribute and again in the proxyAddress.

0

Hello,

The following script does what you need: it checks whether the address specified in the Email attribute and/or addresses (aliases) specified in the Email Proxy Address attribute are unique.

function IsAddressUnique($value)
{
    # Search all users who have the specified e-mail address
    $searcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher" $NULL, $False
    $searcher.SearchParameters.PageSize = 500
    $searcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.SearchParameters.Filter = "(&(sAMAccountType=805306368)(|(mail=$value)(proxyaddresses=$value)))"
    $searcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    $searcher.VirtualRoot = $True

    $result = $searcher.ExecuteSearch()
    $users = $result.FetchAll()
    $result.Dispose()

    if($users.Count -ne 0)
    {
        return $False
    }

    return $True
}

# Check mail property
if ($Context.IsPropertyModified("mail"))
{
    # Get Email address
    $mail = $Context.GetModifiedPropertyValue("mail")

    # Check whether the email address is empty
    if ([System.String]::IsNullOrEmpty($mail))
    {
        return
    }

    if (!(IsAddressUnique($mail)))
    {
        $Context.Cancel("Email address '$mail' is already in use. Please verify that account is not being duplicated and that you are not specifying one of the aliases stored in Email proxy Addresses")
        return
    }
}

# Check proxyAddresses
if ($Context.IsPropertyModified("proxyaddresses"))
{
    # Check whether the value is being added or removed
    $propertyList = $Context.Action.PropertyList
    $propertyEntry = $propertyList.Item("proxyaddresses")
    if (($propertyEntry.ControlCode -eq "ADS_PROPERTY_UPDATE") -or ($propertyEntry.ControlCode -eq "ADS_PROPERTY_APPEND"))
    {
        # Get current values
        try
        {
            $currentValues = $Context.TargetObject.GetEx("proxyaddresses")
        }
        catch
        {
            $currentValues = @()
        }

        # Check only new values
        foreach ($propertyValue in $propertyEntry.Values)
        {
            $value = $propertyValue.GetObjectProperty([ref]"ADSTYPE_UNKNOWN")
            if ($currentValues -contains $value)
            {
                continue
            }

            if (IsAddressUnique($value))
            {
                continue
            }

            $Context.Cancel("Email address '$value' is already in use. Please verify that account is not being duplicated and that you haven't specified this alias in the Email attribute");
            return
        }
    }
}
0

Bingo Bango! That there is a fine piece of scripting. Works great. Thank you

Related questions

0 votes
0 answers

We are a Google Apps shop and we are currently managing the primary email address for our users via AD\Adaxes, but we now need to start managing the aliases as well. There ... you think of this and what options we have to be able to accomplish this. Thanks

asked Oct 17, 2018 by luciarakan (20 points)
0 votes
1 answer

How can I allow manager of distribution group to edit just email aliases (proxy addresess) of that group? Not the primary SMTP address.

asked Nov 19, 2019 by KIT (910 points)
0 votes
1 answer

We are currently looking for a self service portal and a google password sync. Will Adaxes allow this?

asked Jan 24, 2023 by brandon.activesports (20 points)
0 votes
1 answer

Can Adaxes be used to push a Google Chrome Plugin to the entire organization? If so how?

asked Apr 29, 2021 by jgresham (20 points)
0 votes
1 answer

Hi all, Having issues creating a GSuite (Apps for Education) account for my users during a new user creation process. Logic location: Business Rules > After User Creation &gt ... stated, no user is created. Any idea how I can go about troubleshooting this?

asked Jan 7, 2019 by Robb (90 points)
3,326 questions
3,026 answers
7,727 comments
544,678 users