Send Email on Adding Members to Groups


You can configure Adaxes to send an email notification when an operation takes place in Active Directory. In this tutorial, you will learn how to send an email message when a new member is added to an Active Directory group.

To automatically perform actions when a certain event takes place, you need to use Business Rules. To send notifications about new members, you need to create a Business Rule that will be triggered after a member is added to a group.


  1. Launch Adaxes Administration Console, right-click your Adaxes service, point to New and click Business Rule.


    Enter the name for the new Business Rule and click Next.

  2. To trigger the Business Rule after adding a member to a group:

    • Select Group in the Object Type list.
    • Select After and then select Adding a member to a Group.

    • Click Next.
  3. Click Add an action and select the Send e-mail notification action.

  4. In the Action Parameters section customize the email notification template.


    To insert information about the group, new member and operation initiator, you need to use value references.


    Examples:

    • %mail% - the email address of the group.
    • %adm-InitiatorEmail% - the email address of the operation initiator.
    • %adm-InitiatorManagerEmail% - the email address of the manager of the operation initiator.
    • %name% - the name of the group.
    • %member% - the distinguished name (DN) of the new member.
    • %adm-InitiatorFullName% - full name of the operation initiator.
    • %initiator% - user logon name of the operation initiator.
    • %adm-OperationDescription% - the description of the operation.

    New Member: %member%
    Initiator: %adm-InitiatorFullName% (%adm-InitiatorUserName%)
    Group Name: %name%
    Group DN: %distinguishedName%
    Operation: %adm-OperationDescription%
    

    After replacing value references, the notification text will be as follows:

    New Member: CN=John Doe,CN=Users,DC=example,DC=com
    Initiator: Aaron Dorben (aaron.dorben@example.com)
    Group Name: Administrators
    Group DN: CN=Administrators,CN=Users,DC=example,DC=com
    Operation: Add 'John Doe (example.com\Users)' to 'Administrators (example.com\Users)'
    


    To insert a value reference, click the button.


    To send notifications in HTML format, select HTML in the drop-down list located to the right of the Message field. To edit the message text in a visual HTML editor, click the HTML Editor button.



    Using Scripts

    It is also possible to send email notifications using a PowerShell script.

    • In the Add Action dialog, select the Run a program or PowerShell script action.
    • Click the Edit button.

      Click the button to provide a custom description for the action.
    • To send an email message from a script, you need to call the SendMail method of the predefined PowerShell variable $Context.

      The following script sends an email message to the group owner:

      $owner = $Context.BindToObjectByDN("%managedBy%")
      $to = $owner.Get("mail")
      $subject = "New Member Added to %name%"
      $bodyText =
      @"
      New Member: %member%
      Initiator: %adm-InitiatorFullName% (%adm-InitiatorUserName%)
      Group Name: %name%
      Group DN: %distinguishedName%
      Operation: %adm-OperationDescription%
      "@
      $bodyHtml = $NULL
      $Context.SendMail($to, $subject, $bodyText, $bodyHtml)
      

      For information on how to create scripts for Business Rules, Custom Commands, and Scheduled Tasks, see Server-Side Scripting.

  5. To send email notifications only if certain conditions are met, right-click the action and select Add Condition.


    Example 1 - If the initiator is not a member of a specific group.

    • Select the If the initiator is a member of <Group> condition.


    • In the Condition Parameters section, select is not in the drop-down list and specify the group.


    • Click OK.


    Example 2 - If the initiator is not a member of the group to which new member was added.

    • Select the If the initiator is a member of <Group> condition.


    • In the Condition Parameters section, select is not in the drop-down list, and click the button.


    • Activate the Template tab.


    • In the Template field, enter %distinguishedName%.


      Value reference %distinguishedName% will be replaced with the DN of the group to which new member is added.


    • Click OK.


    Example 3 - If the initiator and the group are not in the same Organizational Unit.

    • Select the If located under <location> condition.


    • In the Condition Parameters section, select is not in the drop-down list, and click the button.


    • Activate the Template tab.


    • In the Template field, enter %adm-InitiatorParentDN%.


      Value reference %adm-InitiatorParentDN% will be replaced with the distinguished name (DN) of the Organizational Unit where the account of the initiator is located.


    • Click OK.

    When done, click Next.

  6. To define the scope of activity for the Business Rule, click Add.

    In the Activity Scope dialog, select the following items:

    • All Objects - select to send notifications when a member is added to any group in any domain managed by Adaxes.

    • Specific Domain - select to send notifications when a member is added to any group within a domain.

    • OU or Container - select to send notifications when a member is added to a group located in an Organizational Unit or container.

    • Group - select to send notifications when a member is added to a specific group, or a group that is a member of the selected group.

    • Business Unit - select to send notifications when a member is added to a group that is a member of a Business Unit. To select a Business Unit, open the Look in drop-down list and select the Business Units item.

    You can exclude groups, Organizational Units and Business Units from the activity scope of the Business Rule. For example, if you've assigned the Business Rule over all groups in a domain, but do not want it to be executed for groups located in a specific Organizational Unit, you can exclude the Organizational Unit from the activity scope. To exclude an object, select the Exclude option in the Assignment Options dialog box.

    • Click the object you want to exclude.

    • In the Assignment Options dialog, select the Exclude option.


    • Click OK.

    When done, click OK and then click Finish.

Business Rules are triggered only for operations performed via Adaxes. To handle changes made outside of Adaxes, e.g. using Active Directory Users and Computers, you can use Scheduled Tasks.



Open tutorial filtering

Got questions?
Support Forum