The script sends an operation performed on an AD group object for approval to the group owner and all co-owners.
Owners are specified via the Managed By property of group objects, and co-owners are specified via the ms-Exch-Co-Managed-By-Link property. Owners and co-owners are listed as distribution list managers in Exchange.
To request approval using the script, create a business rule triggered before an operation that you want to have approval for. For example, if you need to request approval for adding members to distribution lists, create a rule triggered before adding a member to a group. To add the script to the rule, use the Run a program or PowerShell script action.
Parameter:
- $cancelMessage - Specifies a message that will be shown to users if an operation is cancelled because a group doesn't have any owners.
PowerShell
$cancelMessage = "Cannot send your request for approval because the group doesn't have any owners." # TODO: modify me
$approvers = New-Object "System.Collections.Generic.HashSet[System.String]"
# Get owner
try
{
$managerDN = $Context.TargetObject.Get("managedBy")
[void]$approvers.Add($managerDN)
}
catch
{
$managerDN = $NULL
}
# Get co-owners
try
{
$coManagers = $Context.TargetObject.GetEx("msExchCoManagedByLink")
$coManagers | %%{[void]$approvers.Add($_)}
}
catch
{
if ($managerDN -eq $NULL)
{
$Context.Cancel($cancelMessage)
return
}
}
# Send for approval
$Context.SubmitForApproval(@($approvers), $False, $False, $False, $False)