Skip to content

Managing Business Rules

This article describes how to manage Business Rules using PowerShell scripts and C# code. The code samples included in this article can be used in stand-alone scripts and applications as well as in PowerShell scripts executed by Business Rules, Custom Commands, and Scheduled Tasks.

Creating a Business Rule

To create a Business Rule, first you need to bind to the container where you want to create it. All container objects support the IADsContainer interface, which provides methods and properties that manage the creation, deletion, and enumeration of child objects. To create a new Business Rule, you need to call the Create method of the interface and pass “adm-BusinessRule” as the first parameter of the method, and the relative distinguished name (RDN) of the rule as the second parameter. The object returned by the IADsContainer::Create method will support the IAdmBusinessRule interface, using which you can specify the parameters of the new Business Rule.

  1. Use the IAdmBusinessRule::ExecutionMoment property to specify whether the Business Rule will be executed before or after an event. The ADM_BUSINESSRULEEXECMOMENT_ENUM enumeration defines the values you can use when setting this property.
  2. Use the IAdmBusinessRule::ObjectType property to specify the type of directory objects, to which the Business Rule will be applied. The property must be set to a string that contains the name of an object class as defined in the Active Directory schema (e.g. “user”, “group”, “computer”, “organizationalUnit”). Using the IAdmBusinessRule2::AdditionalObjectType property, you can specify an additional type of objects to which the Business Rule will be applied.
  3. Use the IAdmBusinessRule::OperationType property to indicate the operation that will trigger execution of the Business Rule. The following table contains possible values for the OperationType property.

    OperationType Operation
    “create” Creating an object
    “delete” Deleting an object
    “set properties” Updating an object
    “rename” Renaming an object
    “manage group members” Adding or removing a member from a group
    “add group members” Adding a member to a group
    “remove group members” Removing a member from a group
    “copy move” Copying or moving an object
    “copy” Copying an object
    “move” Moving an object
    “manage account state” Enabling or disabling a user or computer
    “enable account” Enabling a user or computer
    “disable account” Disabling a user or computer
    “change logon name” Changing the logon name of a user or computer
    “modify password” Changing or resetting the password of a user
    “change password” Changing the password of a user
    “reset password” Resetting the password of a user
    “self password reset” Self-resetting password
    “exchange task” Performing an Exchange-related operation
    “mailbox-enable” Creating an Exchange mailbox for a user
    “create move mailbox request” Moving the Exchange mailbox of a user
    “export mailbox” Exporting the Exchange mailbox of a user
    “mailbox-disable” Deleting the Exchange mailbox of a user
    “mail-enable” Establishing an email address for a recipient in Exchange
    “mail-disable” Deleting email addresses established in Exchange for a recipient
    “set exchange mail params” Modifying Exchange properties
    “pwd self-service enroll” Enrolling for Password Self-Service
    “pwd self-service disenroll” Disenrolling from Password Self-Service
    “archive home directory” Archiving the user’s home directory
    “restore deleted object” Restoring a deleted object
    “self-schedule report” Self-scheduling a report
    “self-unschedule report” Self-unscheduling a report
    “generate report start” Starting report generation
    “generate report finish” Finishing report generation
    “create report document” Creating a report document
    “deliver report document” Delivering a report document
    “build report overview start” Start building a report overview
    “build report overview finish” Finish building a report overview
    “cancel meetings” Cancelling calendar meetings
    “sign in” Sign in
    “sign in to webui” Sign in to Web Interface

To save the new Business Rule, you need to call IADs::SetInfo.

The following code sample creates a Business Rule to be triggered after creation of user accounts in Active Directory.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to the 'Business Rules' container
$businessRulesPath = $admService.Backend.GetConfigurationContainerPath(
    "BusinessRules")
$businessRulesContainer = $admService.OpenObject($businessRulesPath,
     $NULL, $NULL, 0)

# Create a new Business Rule
$rule = $businessRulesContainer.Create("adm-BusinessRule", "CN=My Rule")

$rule.ExecutionMoment = "ADM_BUSINESSRULEEXECMOMENT_AFTER"
$rule.ObjectType = "user"
$rule.OperationType = "create"

$rule.Description = "My description"
$rule.Disabled = $False

# Save the Business Rule
$rule.SetInfo()
using System;
using Interop.Adsi;
using Interop.Adsi.BusinessRules;
using Softerra.Adaxes.Adsi;
using Softerra.Adaxes.Interop.Adsi.PersistentObjects;
class Program
{
    static void Main(string[] args)
    {
        // Connect to the Adaxes service
        AdmNamespace adsNS = new AdmNamespace();
        IAdmService admService = adsNS.GetServiceDirectly("localhost");

        // Bind to the 'Business Rules' container
        String businessRulesPath = admService.Backend.GetConfigurationContainerPath(
            "BusinessRules");
        IADsContainer businessRulesContainer = (IADsContainer)admService.OpenObject(
            businessRulesPath, null, null, 0);

        // Create a new Business Rule
        IAdmBusinessRule rule = (IAdmBusinessRule)businessRulesContainer.Create(
            "adm-BusinessRule", "CN=My Rule");

        rule.ExecutionMoment =
            ADM_BUSINESSRULEEXECMOMENT_ENUM.ADM_BUSINESSRULEEXECMOMENT_AFTER;
        rule.ObjectType = "user";
        rule.OperationType = "create";

        rule.Description = "My description";
        rule.Disabled = false;

        // Save the Business Rule
        rule.SetInfo();
    }
}

If your script is executed by a Business Rule, Scheduled Task, or Custom Command, you can use a predefined PowerShell variable $Context to get the ADS path of the ‘Business Rules’ container and bind to the container. The type of the $Context variable is ExecuteScriptContext.

# Bind to the 'Business Rules' container
$businessRulesPath = $Context.GetWellKnownContainerPath("BusinessRules")
$businessRulesContainer = $Context.BindToObject($businessRulesPath)

# Create a new Business Rule
$rule = $businessRulesContainer.Create("adm-BusinessRule", "CN=My Rule")

# Triggering Operation: Before updating a group
$rule.ExecutionMoment = "ADM_BUSINESSRULEEXECMOMENT_BEFORE"
$rule.ObjectType = "group"
$rule.OperationType = "set properties"

$rule.Description = "My description"
$rule.Disabled = $False

# Save the Business Rule
$rule.SetInfo()
How to create a Business Rule in a specific container

The following code sample creates a Business Rule in the container called My Container. The rule will be triggered before adding a member to a group.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to the 'Business Rules' container
$businessRulesPath = $admService.Backend.GetConfigurationContainerPath(
    "BusinessRules")
# Build the ADS path of the child container 'My Container'
$businessRulesPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath"`
    $businessRulesPath
$myContainerAdsPath = $businessRulesPathObj.CreateChildPath("CN=My Container")

$myContainer = $admService.OpenObject($myContainerAdsPath, $NULL, $NULL, 0)

# Create a new Business Rule
$rule = $myContainer.Create("adm-BusinessRule", "CN=My Rule")

$rule.ExecutionMoment = "ADM_BUSINESSRULEEXECMOMENT_BEFORE"
$rule.ObjectType = "group"
$rule.OperationType = "add group members"

# Save the Business Rule
$rule.SetInfo()
using System;
using Interop.Adsi;
using Interop.Adsi.BusinessRules;
using Softerra.Adaxes.Adsi;
using Softerra.Adaxes.Interop.Adsi.PersistentObjects;
class Program
{
    static void Main(string[] args)
    {
        // Connect to the Adaxes service
        AdmNamespace adsNS = new AdmNamespace();
        IAdmService admService = adsNS.GetServiceDirectly("localhost");

        // Bind to the 'Business Rules' container
        String businessRulesPath = admService.Backend.GetConfigurationContainerPath(
            "BusinessRules");
        // Build the ADS path of the child container 'My Container'
        AdsPath businessRulesPathObj = new AdsPath(businessRulesPath);
        AdsPath myContainerAdsPath = businessRulesPathObj.CreateChildPath(
            "CN=My Container");

        IADsContainer myContainer = (IADsContainer)admService.OpenObject(
            myContainerAdsPath.ToString(), null, null, 0);

        // Create a new Business Rule
        IAdmBusinessRule rule = (IAdmBusinessRule)myContainer.Create(
            "adm-BusinessRule", "CN=My Rule");

        rule.ExecutionMoment =
            ADM_BUSINESSRULEEXECMOMENT_ENUM.ADM_BUSINESSRULEEXECMOMENT_BEFORE;
        rule.ObjectType = "group";
        rule.OperationType = "add group members";

        // Save the Business Rule
        rule.SetInfo();
    }
}

Tip

On how to create containers for Business Rules, see Creating Business Rule containers.

Defining actions and conditions

To define Business Rule actions and conditions, you need to use the ConditionedActions property of the IAdmBusinessRule interface. The ConditionedActions property is a collection that supports the IAdmCollection interface. Each item in the collection represents a set of conditions and actions that determine what should happen when a Business Rule is triggered.

For information on how to manage Business Rule actions and conditions, see Defining actions and conditions.

Defining the scope of activity

The activity scope of a Business Rule determines the objects affected by the Business Rule. A Business Rule is executed only if the triggering operation is performed on an object that is included in the scope of activity of the Business Rule. Activity scope can include whole domains, members of groups and Business Units, objects located in specific Organizational Units, etc.

To define the scope of activity of a Business Rule, you need to use the ActivityScopeItems property of the IAdmBusinessRule interface.

For information on how to define the activity scope of a Business Rule, see Defining the scope of activity.

Modifying a Business Rule

To modify an existing Business Rule, first you need to bind to the directory object representing the Business Rule. For more information on how to bind to Adaxes-specific objects, see Binding to Adaxes-specific objects.

After you’ve bound to a Business Rule object, you can use ADSI interfaces like IAdmBusinessRule and IADs to modify the Business Rule. To save the changes, you need to call IADs::SetInfo.

The following code sample disables a Business Rule and changes the type of directory objects to which the Business Rule applies.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

$rulesPath = $admService.Backend.GetConfigurationContainerPath(
    "BusinessRules")
$rulesPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" $rulesPath
$rulePath = $rulesPathObj.CreateChildPath("CN=My Rule")
$rule = $admService.OpenObject($rulePath.ToString(), $NULL, $NULL, 0)

$rule.ObjectType = "inetOrgPerson"
$rule.Disabled = $True

# Save the changes
$rule.SetInfo()
using System;
using Interop.Adsi.BusinessRules;
using Softerra.Adaxes.Adsi;
using Softerra.Adaxes.Interop.Adsi.PersistentObjects;
class Program
{
    static void Main(string[] args)
    {
        AdmNamespace adsNS = new AdmNamespace();
        IAdmService admService = adsNS.GetServiceDirectly("localhost");

        String rulesPath = admService.Backend.GetConfigurationContainerPath(
            "BusinessRules");
        AdsPath rulesPathObj = new AdsPath(rulesPath);
        AdsPath rulePath = rulesPathObj.CreateChildPath("CN=My Rule");
        IAdmBusinessRule rule =
            (IAdmBusinessRule)admService.OpenObject(rulePath.ToString(), null, null, 0);

        rule.ObjectType = "inetOrgPerson";
        rule.Disabled = true;

        // Save the changes
        rule.SetInfo();
    }
}

If your script is executed by a Business Rule, Scheduled Task, or Custom Command, you can use a predefined PowerShell variable $Context to get the ADS path of the ‘Business Rules’ container and bind to the Business Rule.

$rulesPath = $Context.GetWellKnownContainerPath("BusinessRules")
$rulesPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" $rulesPath
$rulePath = $rulesPathObj.CreateChildPath("CN=My Rule")
$rule = $Context.BindToObject($rulePath)

$rule.ObjectType = "inetOrgPerson"
$rule.Disabled = $True

# Save the changes
$rule.SetInfo()

The following code sample clears the activity scope and deletes all actions and conditions from a Business Rule located in the container named My Container.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

$rulesPath = $admService.Backend.GetConfigurationContainerPath(
    "BusinessRules")
$rulesPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" $rulesPath
$containerPathObj = $rulesPathObj.CreateChildPath("CN=My Container")
$rulePath = $containerPathObj.CreateChildPath("CN=My Rule")
$rule = $admService.OpenObject($rulePath.ToString(), $NULL, $NULL, 0)

$rule.ConditionedActions.Clear()
$rule.ActivityScopeItems.Clear()
using System;
using Interop.Adsi.BusinessRules;
using Softerra.Adaxes.Adsi;
using Softerra.Adaxes.Interop.Adsi.PersistentObjects;
class Program
{
    static void Main(string[] args)
    {
        AdmNamespace adsNS = new AdmNamespace();
        IAdmService admService = adsNS.GetServiceDirectly("localhost");

        String rulesPath = admService.Backend.GetConfigurationContainerPath(
            "BusinessRules");
        AdsPath rulesPathObj = new AdsPath(rulesPath);
        AdsPath containerPathObj = rulesPathObj.CreateChildPath("CN=My Container");
        AdsPath rulePath = containerPathObj.CreateChildPath("CN=My Rule");
        IAdmBusinessRule rule =
            (IAdmBusinessRule)admService.OpenObject(rulePath.ToString(),
            null, null, 0);

        rule.ConditionedActions.Clear();
        rule.ActivityScopeItems.Clear();
    }
}

See also