I currently have a Custom Command that is configured for User objects, but I would like to perform actions against a Computer object in the same command.

E.g. I have a custom command that starts a deprovision workflow. There is an AD Object Picker parameter which prompts to select the deprovisioned user's computer to disable at the same time.

Because the command is based on Users, there's no Action Set to disable Computers.

Is there a workaround here?


The computer update can only be performed using a PowerShell script. Unfortunately, there is no possibility to use built-in actions. To disable the computer specified in an AD object picker parameter, use the below script. In the script, the $computerDN variable specifies a value reference for the parameter used to select the computer with the param- prefix.

$computerDN = "%param-computer%" # TODO: modify me

# Bind to the computer
$computer = $Context.BindToObjectByDN($computerDN)

# Disable the computer
$computer.AccountDisabled = $True

For details about using Custom Command parameters, have a look at the following tutorial: https://www.adaxes.com/tutorials_ActiveDirectoryManagement_CreateCustomCommand.htm#how_to_use_parameters.



Thanks for the script! Will this script work if there are multiple computers selected with the Ad object picker?




No, this script will only work for a single selection. If you need it to disable multiple computers selected in the parameter, we will provide you with the updated script.



I've tested the script above but received the following errors in the log:

Cannot find an overload for "BindToObjectByDNEx" and the argument count: "1". Stack trace: at <ScriptBlock>, <No file>: line 4

The property 'AccountDisabled' cannot be found on this object. Verify that the property exists and can be set. Stack trace: at <ScriptBlock>, <No file>: line 7

You cannot call a method on a null-valued expression. Stack trace: at <ScriptBlock>, <No file>: line 8



It looks like there was an issue with the script, the fourth line should have the BindToObjectByDN method, not BindToObjectByDNEx. Please, re-copy the script from our previous reply and execute the Custom Command again.


Thanks, that worked.

At the moment the disabled computer isn't being recognised by a business rule 'After disabling a computer account'

Do I need to use -AdaxesService localhost in the script?



The -AdaxesService parameter is available only for cmdlets which are not used in the script. To make sure that disabling computers by the script triggers corresponding Business Rules, replace this line in the script

$computer = $Context.BindToObjectByDN($computerDN)

with the following one:

$computer = $Context.BindToObjectByDNEx($computerDN, $True)


Many thanks, that has worked and triggered the business rules.

