IAdmMemberGroupMembershipCondition
The IAdmMemberGroupMembershipCondition interface represents the If the member is a member of <group> condition, which is available in business rules before/after adding/removing a member from a group.
Inheritance: IAdmGroupMembershipCondition, IAdmGroupMembershipCondition2
Properties
-
Property
-
Description
-
IsOperator
-
Gets or sets a value indicating whether the member should or should not also be a member of the specified group to meet the condition.
-
Group
-
Gets or sets the group where the member should or should not also be a member.
-
CheckDirectMembersOnly
-
Gets or sets a value indicating whether the condition is applied to direct group members only or to all the members, including members of the groups that are nested within the group.
-
GroupDnTemplate
-
Gets or sets a string containing a template for the distinguished name of the group where the member should or should not also be a member.
Details
IsOperator
Gets or sets a value indicating whether the member should or should not be a member of the group to meet the condition.
- Type:
- ADM_ISOPERATOR_ENUM
- Access:
- Read/Write
Group
Gets or sets the group where the member should or should not also be a member.
- Type:
- IADsGroup
- Access:
- Read/Write
Examples
The following code sample creates a condition that returns true if the new group member is also a member of the Privileged Accounts group.
- PowerShell
-
# The $actionSet variable refers to an action set in a # before/after adding/removing a member from a group business rule. # Create condition. $condition = $actionSet.Conditions.CreateEx("adm-MemberGroupMembershipCondition") $membershipCondition = $condition.GetCondition() $membershipCondition.IsOperator = "ADM_ISOPERATOR_IS" $groupDN = "CN=Privileged Accounts,OU=Groups,DC=domain,DC=com" $group = $service.OpenObject("Adaxes://$groupDN", $null, $null, 0) $membershipCondition.Group = $group # Save changes. $condition.SetCondition($membershipCondition) $condition.SetInfo() $actionSet.Conditions.Add($condition) - C#
-
// The actionSet variable refers to an action set in a // before/after adding/removing a member from a group business rule. // Create condition. IAdmBusinessRuleCondition condition = (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx( "adm-MemberGroupMembershipCondition"); IAdmMemberGroupMembershipCondition membershipCondition = (IAdmMemberGroupMembershipCondition)condition.GetCondition(); membershipCondition.IsOperator = ADM_ISOPERATOR_ENUM.ADM_ISOPERATOR_IS; const string groupDN = "CN=Privileged Accounts,OU=Groups,DC=domain,DC=com"; IADsGroup group = (IADsGroup)service.OpenObject($"Adaxes://{groupDN}", null, null, 0); membershipCondition.Group = group; // Save changes. condition.SetCondition(membershipCondition); condition.SetInfo(); actionSet.Conditions.Add(condition);
Remarks
When this property is set, the GroupDnTemplate property is automatically set to null.
CheckDirectMembersOnly
Gets or sets a value indicating whether the condition is applied to direct group members only or to all the members, including members of the groups that are nested within the group.
- Type:
- bool
- Access:
- Read/Write
GroupDnTemplate
Gets or sets a string containing a template for the distinguished name of the group where the member should or should not also be a member. You can use value references in the template (e.g. %company%, %department%, %adm-InitiatorParentDN%). After value references are resolved, the string must be a valid distinguished name of a group.
- Type:
- string
- Access:
- Read/Write
Remarks
When this property is set, the Group property is automatically set to null.
Requirements
Minimum required version: 2023