0 votes

Is it possible, using a business rule, to reassign a user's direct reports to their manager when they get disabled?

For example, User B reports up to User A. User B gets disabled and all of their direct reports automatically get assigned to User A.

Thanks

by (880 points)

1 Answer

0 votes
by (970 points)

Hello,

Yes, it is possible. You need to use the below script in a Run a Program or PowerShell script action in a Business Rule that triggers After disabling a user account. In the script, the $pipelined variable specifies whether the operation that changes the manager of direct reports should be passed through Adaxes pipeline, generating a log record for each manager update, triggering Business Rules, etc.

$pipelined = $False # TODO: modify me

# Get disabled user's manager and direct reports
$managerDN = $Context.TargetObject.Get("manager")
$subordinateDNs = $Context.TargetObject.GetEx("directReports")

# Replace manager of each subordinate

foreach ($subordinateDN in $subordinateDNs)
{
    $subordinate = $Context.BindToObjectByDNEx($subordinateDN, $pipelined)
    $subordinate.Put("manager", $managerDN)
    $subordinate.SetInfo()
}

The Business Rule should also have two If <property> <relation> <value> conditions that check whether the disabled user has a manager and any direct reports. Finally, the rule should looks something like this: image.png

Related questions

0 votes
1 answer

I'm wondering if there are any recommended ways to do this in Adexes as part of the deprovisioning or mover process? For example.... When de-provisioning any user, check ... with the initiator is possible Any ideas on how to do this please? Thanks, Bernie

asked Sep 21, 2019 by Bernie (1.8k points)
0 votes
0 answers

Hello, I'm using this script as part of a deprovisioning process https://www.adaxes.com/script-repository/disable-all-computers-managed-by-a-user-s29.htm I'm using ... The script executes with no errors, but the computer managed by the user remains enabled.

asked Jun 5 by bavery (880 points)
0 votes
1 answer

I'd like to be able to either send an email report or export a CSV of all of the business rules carried out when a user is disabled. This would be ... Management Activity section but this includes things that weren't part of the disable operation. Thanks

asked Feb 19 by bavery (880 points)
0 votes
1 answer

Is is possible through Security Roles, or some other mechanism, to allow managers to be able to edit Active Directory data (through the Web Interface) for only their direct reports and no other users?

asked Mar 23, 2015 by yobhod (740 points)
0 votes
1 answer

Is there a way to generate a list of disabled accounts that have direct reports?

asked Oct 8, 2014 by Infounlim (2.3k points)
2,241 questions
2,002 answers
5,483 comments
17,063 users