0 votes

Using the built in 'Deprovision' Custom Command, I would like the person that is trying to Deprovision a user (Help Desk member) be asked who (from a list of existing active users) should be delegated permisson to the deprovisioned user's mailbox, then give that defined delegated user both Send As and Full Access permssion as part of the Deprovision custom command. (This would almost never be the manager.) The Help Desk person should have the option to leave the question 'blank', which means that no one gets access to the mailbox.

by (120 points)

1 Answer

0 votes
by (1.9k points)

Hello Ray,

This can be done by adding an AD object picker parameter to the Deprovision Custom Command.

To add the parameter:

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, expand your service node.
  3. Navigate to Configuration\Custom Commands and select the Deprovision Custom Command.
  4. In the Result Pane on the right, activate the Parameters tab and click New. image.png
  5. Select AD object picker and click Next.
  6. Specify a parameter name and display name.
  7. Click Next.
  8. Configure what objects will be available for selection when executing the command.
  9. Enable the Allow empty value checkbox. configure.png
  10. Complete the wizard and save the changes.

You need to use a value reference to pass the parameter value to actions in the Custom Command. For more details about value references, please see this help article: https://www.adaxes.com/help/?ValueReferences.ValRefFormat.html.

In the Deprovision Custom Command, you need to modify the built-in action set that grants full access rights to the user’s manager so that the value of the parameter is used instead. image.png

  1. Replace the If the ‘Manager’ property is not empty condition with the If <parameter> <value> condition and select If <parameter> is not empty. image.png
  2. Replace the actions in the action set with the Modify Exchange properties action and specify the value reference to the parameter as a trustee for Full Access and Send As delegation. image.png
  3. Save the changes.

Finally, the action set should look something like this: action-set.png

If you need to remove all existing trustees from the Mailbox Rights list when the value of the parameter is left blank, this can only be done using a PowerShell script. Please, take a look at this script from our repository: https://www.adaxes.com/script-repository/remove-all-trustees-from-full-access-list-s559.htm. The modified action set that also removes trustees from Mailbox Rights should look something like this:

image.pngIf you need any assistance with modifying the script to meet your needs, please let us know, we will gladly help.

Related questions

0 votes
1 answer

When we deprovision a user the member of groups are deleted and the power shell scrips only runs as removing all memberships. I can't see what was removed. Is there a scrips I can run prior to removing those memberships that will e-mail what they are?

asked Oct 15, 2019 by meyerm (50 points)
0 votes
1 answer

how can i create a report which gives me the details from an exchange mailbox as described in the subject? I would like to have a Report for Exchange Mailboxes with OU, Send on Behalf, Full Rights and Send As Rights thank you

asked Feb 22 by m_st (200 points)
0 votes
1 answer

I am trying to see if I can implement this in Adaxes somehow to support role-based provisioning to external apps (using appropriate Powershell scripts) but struggling to work ... to invest in a full-blown role-based provisioning platform (would rather not!).

asked Dec 24, 2019 by Bernie (310 points)
0 votes
1 answer

I've got the following script so far using the SDK but running into an error: You cannot call a method on a null-valued expression. At line:1 char:1 + ... .BindToObjectByDN("$object.SearchResult.AdsPath.DN") $Context.Items.Add($item, $columnValues) } } } }

asked May 19 by richarddewis (220 points)
0 votes
0 answers

Softerra Adaxes provides role-based security administration, so permissions are granted to users with the help of Security Roles. To view the Security Roles that delegate permissions ... delegated, right-click a Security Role and click Locate Role in Tree.

asked Apr 23, 2009 by Adaxes (370 points)
2,493 questions
2,240 answers
414,722 users