0 votes

Using the built in 'Deprovision' Custom Command, I would like the person that is trying to Deprovision a user (Help Desk member) be asked who (from a list of existing active users) should be delegated permisson to the deprovisioned user's mailbox, then give that defined delegated user both Send As and Full Access permssion as part of the Deprovision custom command. (This would almost never be the manager.) The Help Desk person should have the option to leave the question 'blank', which means that no one gets access to the mailbox.

by (480 points)

1 Answer

0 votes
by (970 points)

Hello Ray,

This can be done by adding an AD object picker parameter to the Deprovision Custom Command.

To add the parameter:

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, expand your service node.
  3. Navigate to Configuration\Custom Commands and select the Deprovision Custom Command.
  4. In the Result Pane on the right, activate the Parameters tab and click New. image.png
  5. Select AD object picker and click Next.
  6. Specify a parameter name and display name.
  7. Click Next.
  8. Configure what objects will be available for selection when executing the command.
  9. Enable the Allow empty value checkbox. configure.png
  10. Complete the wizard and save the changes.

You need to use a value reference to pass the parameter value to actions in the Custom Command. For more details about value references, please see this help article: https://www.adaxes.com/help/?ValueReferences.ValRefFormat.html.

In the Deprovision Custom Command, you need to modify the built-in action set that grants full access rights to the user’s manager so that the value of the parameter is used instead. image.png

  1. Replace the If the ‘Manager’ property is not empty condition with the If <parameter> <value> condition and select If <parameter> is not empty. image.png
  2. Replace the actions in the action set with the Modify Exchange properties action and specify the value reference to the parameter as a trustee for Full Access and Send As delegation. image.png
  3. Save the changes.

Finally, the action set should look something like this: action-set.png

If you need to remove all existing trustees from the Mailbox Rights list when the value of the parameter is left blank, this can only be done using a PowerShell script. Please, take a look at this script from our repository: https://www.adaxes.com/script-repository/remove-all-trustees-from-full-access-list-s559.htm. The modified action set that also removes trustees from Mailbox Rights should look something like this:

image.pngIf you need any assistance with modifying the script to meet your needs, please let us know, we will gladly help.

Related questions

0 votes
1 answer

When we deprovision a user the member of groups are deleted and the power shell scrips only runs as removing all memberships. I can't see what was removed. Is there a scrips I can run prior to removing those memberships that will e-mail what they are?

asked Oct 15, 2019 by meyerm (280 points)
0 votes
1 answer

I am trying to see if I can implement this in Adaxes somehow to support role-based provisioning to external apps (using appropriate Powershell scripts) but struggling to work ... to invest in a full-blown role-based provisioning platform (would rather not!).

asked Dec 24, 2019 by Bernie (1.8k points)
0 votes
0 answers

Softerra Adaxes provides role-based security administration, so permissions are granted to users with the help of Security Roles. To view the Security Roles that delegate permissions ... delegated, right-click a Security Role and click Locate Role in Tree.

asked Apr 23, 2009 by Support (215k points)
0 votes
1 answer

Hi - How can I remove the option of allowing "Copy User Groups" during the copy user process in the interface. I'd like to have it hidden but still active so to not allow our HR team to accidently unclick it during the process.

asked Oct 15, 2019 by 6FigureMission (710 points)
0 votes
1 answer

I added the Password last set field to the Admin view but when I click on edit it allows the admin user to change the value. Adaxes correclty handel Bad Password time and Bad password ... last set, so I guest there is a way but I can not find it. Thanks you

asked Dec 19, 2019 by tomlaf (470 points)
2,251 questions
2,009 answers
5,496 comments
23,497 users