Run PowerShell Script after Creating a User


With the help of Adaxes it is possible to automatically execute a script before or after an operation is performed in Active Directory. In this tutorial, you will learn how to run a PowerShell script after a new user account is created.

To automatically perform actions when a certain event takes place, you need to use Business Rules. Adaxes provides built-in Business Rule After User Creation that is triggered after a new user is created. You can use the Business Rule to execute a PowerShell script.


  1. Launch Adaxes Administration Console.

    Expand Adaxes service \ Configuration \ Business Rules \ Builtin and select After User Creation.


    For details on how to configure and activate the Business Rule, see Automate User Provisioning.





    Alternatively, you can create a separate Business Rule that will trigger a script upon user account creation.

    • In Adaxes Administration Console, right-click your Adaxes service, point to New and click Business Rule.



    • Enter a name for the new Business Rule and click Next.
    • On the Triggering Operation page, select User in the Object Type list.
    • Select After and then select Creating a User.



    • Click Next and follow instructions of the wizard.
  2. To add a Run a program or PowerShell script action to the Business Rule, do the following:


    • Click Add new action set.


    • Right-click Do nothing and select Add Action in the context menu.


    • In the Add Action dialog, select the Run a program or PowerShell script action.

    • Click the Edit button to open the script editor.

      For information on how to create scripts for Business Rules, see Server-Side Scripting.


    • By default, the credentials of the Adaxes service account are used to run the script. Optionally, specify alternative credentials in the Run As section.

      The Run As credentials are used for outbound network connections only. For example, the credentials are used when you connect to a network share or MS SQL database, or when you create a remote PowerShell session using the New-PSSession cmdlet. For non-network operations and operations on Active Directory objects, the credentials of the Adaxes service account are always used.

      You can get the credentials in your script using the $Context.RunAs property:

      	$username = $Context.RunAs.UserName
      	$password = ConvertTo-SecureString $Context.RunAs.Password -AsPlainText -Force
      

    • If the script takes a long time to run, it is recommended to execute it asynchronously. To do it, select the Execute asynchronously option.

      If the option is selected, the Business Rule will not wait until the script is finished, and as a result, users will not wait long until the operation completes. Take into account that if an error occurs during asynchronous execution of a script, it will not be displayed in the Execution Log of the operation.


    • Click the button to provide a custom description for the action.

    • When finished, click OK.
  3. Optionally, you may want the Business Rule to run the script only if certain conditions are met. To assign a condition, right-click the action and select Add Condition in the context menu.




    In the following example, the script is executed on the condition that the Employee Type property of the new user account equals Subcontractor.


  4. Click Save changes.

Business Rules are triggered only for operations performed via Adaxes. To handle changes made outside of Adaxes, e.g. using Active Directory Users and Computers, you can use Scheduled Tasks.

See Also



Open tutorial filtering

Got questions?
Support Forum