Adaxes

User intiated moves

0 votes

I'm looking to allow users to initiate their own account moves between company sites. Often I've seen employees relocate without notifying the Help Desk. If I can push this task off to the user, then it would put the responsibility for their end user experience (over WAN links) onto them, not IT.

Here's what I'm thinking:

User hits their Self Service portal, and hits a custom action called Change My Work Location, which will trigger an Authorization request to their Manger. Once approved, the account will move to a temporary OU called ToOfficeX (or what ever). User objects in this OU will trigger a nightly scheduled task that will move the user data and Mailbox to the new site. At the end of the task, it would move the user object to the official OfficeX OU and notify the user that the move was complete.

What I can't get to work is the initial user account to move to the destination OU. I get Access Denied, and the logs don't supply any additional info to start digging. I've messed with Self permissions, and OU permissions, but still no luck

Any help would be appreciated!

Thx!

--Joel

by (470 points)
0

The users will need the following permissions in the security role:

you can easily add these two permissions by using the dropdown list on the "add" button:
Choose "Move users between Organizational Units"

by (1.8k points)

1 Answer

0 votes
by (1.8k points)
selected by
Best answer

When i rethink this, the selfservice security role is probably assigned only to give rights to their own object.

You will need to add under "Assignments" authenticated users assigned over the existing OU and the destination OU.
PS: make sure you only give access to "This object only" on the OU's, and not to all objects inside the OU's.

0

Bingo!! That worked!! Thanks a bunch! I knew I was missing a permission somewhere.... I had thrashed about trying this and that.. I had originally tried both settings from your first post to no avail.

I only needed Auth Users as an Assignment on the destination OU, not the Source. I'll have to create 10 or so individual assignments, one for each destination OU, but that's ok. If the Perms were granular to distinguish OUs vs Accounts, then 1 would do. No biggy

Thx again!

--Joel

by (470 points)

Related questions

0 votes
1 answer
Script for adding a user to an Office 365 Shared Mailbox

Good afternoon, Is there a script for adding a user to an already existing Office 365 Shared Mailbox? I want to add this script onto the onboarding rules I have added already.

asked 2 days ago by ocanizales (60 points)
0 votes
1 answer
Get Approval for "Create User"-Form from a Weboverlay

Hello I try to create a form that lets HR create a user themself, but they need the approval from the IT-Department, so the IT-Department can check the new employees personal data and configure their pc. Or do you have an alternative idea for this process?

asked May 2 by Baul (110 points)
0 votes
1 answer
Get User Enrollment Info as Mail

Hello I tried to create a "business rule" to automatically email a designated email-adress. Thats not a problem. But i want to be able to get the "enrolled"- ... sincerely The Adaxes system Is it possible to create a business rule with the wanted parameter?

asked Apr 25 by Baul (110 points)
0 votes
1 answer
What is the best way of establishing the last logon when a user account has both a AD and AzureAD user account?

I am unsure how to deal with this because of how Adaxes treats one identity account as two different objects, an AD and AzureAD user account, and both has different last logon values. What is a good way to combine the data?

asked Apr 22 by Daniel (100 points)
0 votes
1 answer
Generate report after user creation

I have a scheduled task that generates several reports and saves them in the filesystem. The task runs only once a day. Is it possible to trigger the scheduled task ... solution to save a report in the filesystem after user creation? Thanks for your help

asked Apr 18 by lohnag (160 points)
3,365 questions
3,064 answers
7,815 comments
545,246 users