Schedule Tasks for Active Directory Management


Scheduled Tasks enable you to automatically perform routine Active Directory administrative tasks on a periodic basis. You can use them to automate a variety of actions, including adding and removing members from groups, moving objects to appropriate Organizational Units, handling inactive user and computer accounts, sending email notifications, etc.

This tutorial provides step-by-step instructions on how to create and configure a Scheduled Task.

  1. Launch Adaxes Administration Console, expand your Adaxes service, right-click Scheduled Tasks, point to New and click Scheduled Task.



    Enter a name for the new Scheduled Task, and click Next.

    It is recommended to use nouns to name Scheduled Tasks (e.g. Membership Manager, Location Updater), because tasks will appear as operation initiators in the Adaxes Log and approval email notifications.
  2. Specify how often the task should run and click Next.


  3. Select the type of objects on which the task should be performed. For example, if you want the task to add users to groups, or execute Custom Commands on user accounts, select the User object type.


    Click Next.

  4. Specify what actions the task should perform. To add an action, click Add an action.

    Select the action you need in the list and configure action parameters and execution options.


    Approvals

    Actions executed by Scheduled Tasks can be submitted for approval. For example, you may want inactive user accounts to be disabled only after an approval is granted by the user's manager or an administrator. To request approval for an action, select the Get approval for this action option and specify the approvers.


    When finished, click OK.

  5. To add more actions to the task, right-click a condition/action set and click Add Action in the context menu.



    Actions are executed sequentially according to their order in the set. To move an action up and down, select it, and use the      buttons.


  6. To execute actions only if certain conditions are met, right-click the action set, and click Add Condition in the context menu.


    If there are two or more conditions, they are combined by AND/OR operator. If conditions are combined by the AND operator, the actions are executed provided that all conditions are met. If conditions are combined by the OR operator, the actions are executed if at least one condition is met. To change the operator, click on it.



    Else If and Else Blocks

    You can use Else If and Else blocks to avoid duplication of conditions for different sets of related but mutually exclusive actions.




    The Else block is useful when you need to perform some actions on specific conditions, and different actions in all other cases.




    To add Else If and Else blocks to a set of actions, right-click it and select Add Else and Add Else If in the context menu.


  7. To perform different actions for different conditions, you need to add a separate set of actions and then assign the necessary conditions to it. To add a set of actions, click Add new action set.


    Sets of actions are executed in a sequential order. To change the order, select a set and use the     buttons. To move the whole set, make sure no actions and conditions are selected.


    When finished, click Next.

  8. On the Activity Scope page, you need to specify which Active Directory objects the task will be executed on. A Scheduled Task can be executed on all objects in a domain, objects located in specific Organizational Units, members of groups and Business Units, etc.

    To define the scope of activity for the Scheduled Task, click Add.

    In the Activity Scope dialog, select the following items:

    • All Objects - select to perform the task on all objects of the specified type in all domains managed by Adaxes.

    • Specific Domain - select to perform the task on all objects of the specified type within an AD domain.

    • OU or Container - select to perform the task on the objects located under an Organizational Unit or container.

    • Group - select to perform the task on members of a group.

    • Business Unit - select to perform the task on members of a Business Unit. To select a Business Unit, open the Look in drop-down list and select the Business Units item.

    You can exclude specific objects, groups, Organizational Units, Business Units and domains from the activity scope of the task. For example, if you've assigned the task over all objects in a domain, but do not want it to be executed on members of a certain group, you can exclude the group from the activity scope. To exclude an object, select the Exclude option in the Assignment Options dialog box.

    • Make sure objects of the desired type are displayed in the list.


    • Click the object you want to exclude.

    • In the Assignment Options dialog, select the Exclude option.


    • Click OK.
  9. When done, click OK and then click Finish.

Scheduled Task Examples



Example 1 - Add all users located under a specific Organizational Unit to a group.


Example 2 - Move user objects between OUs.


Example 3 - Remove disabled users from all groups.

# Get the groups the user is a direct member of
$groupGuidsBytes = $Context.TargetObject.GetEx("adm-DirectMemberOfGuid")

# Get the primary group ID
$primaryGroupId = $Context.TargetObject.Get("primaryGroupID")

foreach ($guidBytes in $groupGuidsBytes)
{
    # Bind to the group
    $groupGuid = [Guid]$guidBytes
    $groupPath = "Adaxes://<GUID=$groupGuid>"
    $group = $Context.BindToObject($groupPath)

    # Skip the primary group
    if ($group.Get("primaryGroupToken") -eq $primaryGroupId)
    {
        continue
    }

    # Remove the user from the group
    $group.Remove($Context.TargetObject.AdsPath)
}

For information on how to create scripts for Scheduled Tasks, see Server-Side Scripting.


Example 4 - Update the Description property using a modification template.


Example 5 - Send email notifications to users with no mobile phone specified.



See Also



Open tutorial filtering

Got questions?
Support Forum