Calculated properties

Adaxes defines so called calculated or virtual properties. These properties are not physically stored in your directory, but are calculated or derived in some way. They can be used just like any other properties except that they are read-only. For example, you can check whether the email of a user's manager is empty or not by querying the value of the adm-ManagerEmail property in a condition, but you can't change the manager's email by changing adm-ManagerEmail.

Similarly, you can use value references to get the values of calculated properties anywhere in Adaxes where value references are supported. For example, %adm-PasswordExpiresDaysLeft% can be used in a script in Adaxes to get the number of days until a user's password expires without calculating it yourself.

Here's the full list of available calculated properties.

General

  • Property

  • Description

  • adm-CurrentDateTime (alias: datetime)

  • The date and time at the moment when the property is calculated.

    For example, this property can be used to set the Account Expires value. If you specify the value reference %datetime,+1M% for the Account Expires property, accounts will expire in one month after the date, when the value is set.

  • adm-RandomInteger

  • A random integer.

  • adm-RandomString

  • A random text of 256 characters.

    For example, this property can be used to set the user logon name to a random value as a part of deprovisioning process. If you specify the value reference as %adm-RandomString,20% for the user logon name, it will be replaced with a random text that is 20 characters long.

  • adm-WebInterfaceUrl

  • The URL of the Web interface specified for the Adaxes service.

    For example, this property can be used in e-mail notifications to insert links to the Adaxes Web interface. If this property returns zero value, you need to specify the Web interface for the Adaxes service.

  • adm-OperationDescription

  • The description of the current operation.

    Using this property, you can include the description of the operation that triggered the business rule into e-mail notifications. To do this, insert the %adm-OperationDescription% value reference into the template of an e-mail notification. For example, the description of the telephone number update operation will be Modify 'John Doe (example.com)': set Telephone Number to '555-555-555'.

  • adm-OperationError

  • The message text of the first error that occurred during the operation execution. This property can be used in business rule actions only.

    For example, you can use it to include exception messages into notifications sent to system administrators when an error occurs by including %adm-OperationError% into the notification template.

  • adm-AccountExpiresDaysLeft

  • The number of days left before the expiration of the user account in context.

    This property can be used to notify users about their account expiration. For example, you can specify the following pattern in the notification text: You account expires in %adm-AccountExpiresDaysLeft% days.

  • adm-CanNotChangePassword

  • Specifies whether the user in context can change the password for their own account.

  • adm-PasswordExpires

  • The date and time of the password expiration of the account in context. When this property is calculated, the Default Domain Password Policy and Fine-Grained Password Policy are considered.

  • adm-PasswordExpiresDaysLeft

  • The number of days left before the password expiration of the user in context.

    This property can be used to notify users about their password expiration. For example, you can specify the following pattern: Your password expires in %adm-PasswordExpiresDaysLeft% days.

  • adm-InactivityDuration

  • The number of days a user did not log on to the system or a computer remained turned off. This property can be used to automate the processing of inactive accounts.

    The period of inactivity is reliable only if it is more than 7 days.

  • adm-DomainDN

  • The DN of the domain of the object in context.

  • adm-ParentDN

  • The DN of the OU/container that holds the object in context.

  • adm-ParentName

  • The name of the parent object in the managed domain hierarchy.

    For example, if an object is located in the organizational unit named MyOU, the value of adm-ParentName will be MyOU.

  • adm-ParentDisplayName

  • The display name of the parent object in the managed domain hierarchy.

    For example, if an object is located in the organizational unit with the display name My Unit, the value of adm-ParentDisplayName will be My Unit.

  • adm-ProtectedFromDeletion

  • Indicates whether the object in context is protected from accidental deletion.

  • adm-ManagerCanUpdateMembershipViaNativeTools

  • Specifies whether the manager of a group in context can add and remove members using tools like Outlook and Active Directory Users and Computers.

Manager/owner

These properties are obtained from the accounts specified in the Manager or Managed By (Primary) properties of the directory object in context. Calculated properties that rely on Managed By (Primary) are not available for objects from Microsoft Entra domains.

  • Property

  • Description

  • adm-ManagedByList

  • For Microsoft Entra ID, this property stores the distinguished names (DNs) of all owners of an object. For Active Directory, this property stores the DNs of all secondary owners of an object.

  • adm-Owners

  • A multi-valued property that contains the DNs of all object owners. This includes the primary owner specified in managedBy, and other owners stored in adm-ManagedByList.

  • adm-ManagerEmail

  • The e-mail of user's manager.

    This property can be used to send e-mail notifications to the manager of a user. For this purpose, specify the notification receiver as %adm-ManagerEmail%.

  • adm-ManagerFirstName

  • The first name of user's manager.

  • adm-ManagerFullName

  • The full name of user's manager.

  • adm-ManagerLastName

  • The last name of user's manager.

  • adm-ManagerUserName

  • The logon name of user's manager.

  • adm-ManagerDisplayName

  • The display name of user's manager.

  • adm-ManagerMobile

  • The mobile of user's manager.

    This property can be used to send SMS messages to the manager of a user. For this purpose, specify the SMS receiver as %adm-ManagerMobile%.

  • adm-ManagerPhone

  • The phone number of user's manager.

  • adm-ManagedByEmail

  • The e-mail of the primary object owner (specified in the Managed By (Primary) property).

    This property can be used to send e-mail notifications to the primary owner of an object e.g. group or computer. For this purpose, specify the notification receiver as %adm-ManagedByEmail%.

  • adm-ManagedByFirstName

  • The first name of the primary object owner (specified in the Managed By (Primary) property).

  • adm-ManagedByFullName

  • The full name of the primary object owner (specified in the Managed By (Primary) property).

  • adm-ManagedByLastName

  • The last name of the primary object owner (specified in the Managed By (Primary) property).

  • adm-ManagedByUserName

  • The logon name of the primary object owner (specified in the Managed By (Primary) property).

  • adm-ManagedByDisplayName

  • The display name of the primary object owner (specified in the Managed By (Primary) property).

  • adm-ManagedByMobile

  • The mobile of the primary object owner (specified in the Managed By (Primary) property).

    This property can be used to send SMS messages to the primary owner of an object e.g. group or computer. For this purpose, specify the SMS receiver as %adm-ManagedByMobile%.

  • adm-ManagedByPhone

  • The phone number of the primary object owner (specified in the Managed By (Primary) property).

Secretary/assistant

These properties are obtained from the accounts specified in the Secretary or Assistant properties of the user account in context.

  • Property

  • Description

  • adm-SecretaryEmail

  • The e-mail of user's secretary.

    This property can be used to send e-mail notifications to the secretary of a user. For this purpose, specify the notification receiver as %adm-SecretaryEmail%.

  • adm-SecretaryFirstName

  • The first name of user's secretary.

  • adm-SecretaryFullName

  • The full name of user's secretary.

  • adm-SecretaryLastName

  • The last name of user's secretary.

  • adm-SecretaryUserName

  • The logon name of user's secretary.

  • adm-SecretaryDisplayName

  • The display name of user's secretary.

  • adm-SecretaryMobile

  • The mobile of user's secretary.

    This property can be used to send SMS messages to the secretary of a user. For this purpose, specify the SMS receiver as %adm-SecretaryMobile%.

  • adm-SecretaryPhone

  • The phone number of user's secretary.

  • adm-AssistantEmail

  • The e-mail of user's assistant.

    This property can be used to send e-mail notifications to the assistant of a user. For this purpose, specify the notification receiver as %adm-AssistantEmail%.

  • adm-AssistantFirstName

  • The first name of user's assistant.

  • adm-AssistantFullName

  • The full name of user's assistant.

  • adm-AssistantLastName

  • The last name of user's assistant.

  • adm-AssistantUserName

  • The logon name of user's assistant.

  • adm-AssistantDisplayName

  • The display name of user's assistant.

  • adm-AssistantMobile

  • The mobile of user's assistant.

    This property can be used to send SMS messages to the assistant of a user. For this purpose, specify the SMS receiver as %adm-AssistantMobile%.

  • adm-AssistantPhone

  • The phone number of user's assistant.

New group member

These calculated properties are available only in business rules triggering before/after adding/removing a member from a group.

  • Property

  • Description

  • adm-MemberEmail

  • The e-mail of the group member who is being added or removed. This property can be used to send e-mail notifications to new group members. For this purpose, specify the notification receiver as %adm-MemberEmail%.

  • adm-MemberFirstName

  • The first name of the group member who is being added or removed.

  • adm-MemberFullName

  • The full name of the group member who is being added or removed.

  • adm-MemberLastName

  • The last name of the group member who is being added or removed.

  • adm-MemberUserName

  • The logon name of the group member who is being added or removed.

  • adm-MemberDisplayName

  • The display name of the group member who is being added or removed.

  • adm-MemberMobile

  • The mobile of the group member who is being added or removed. This property can be used to send SMS messages to new group members. For this purpose, specify the SMS receiver as %adm-MemberMobile%.

  • adm-MemberPhone

  • The phone number of the group member who is being added or removed.

  • adm-MemberObjectType

  • The object type of the group member that is being added or removed.

Operation initiator

These properties are obtained from the user account or the scheduled task that initiated the operation.

  • Property

  • Description

  • adm-InitiatorDN

  • The DN of the user who performed the operation.

  • adm-InitiatorGuid

  • The GUID of the user who performed the operation.

  • adm-InitiatorSid

  • The SID of the operation initiator.

  • adm-InitiatorDomainDN

  • The DN of the domain where the operation initiator is located.

    For example, if you specify the value CN=Users,%adm-InitiatorDomainDN%, value reference %adm-InitiatorDomainDN% will be replaced with the DN of the domain of the user who performed the operation. If this user is located in the example.com domain, the resulting value will be CN=Users,DC=example,DC=com.

  • adm-InitiatorParentDN

  • The DN of the OU/container where the operation initiator is located.

  • adm-InitiatorEmail

  • The e-mail of the operation initiator.

  • adm-InitiatorFirstName

  • The first name of the operation initiator.

  • adm-InitiatorFullName

  • The full name of the operation initiator.

  • adm-InitiatorLastName

  • The last name of the operation initiator.

  • adm-InitiatorUserName (alias: initiator)

  • The logon name of the operation initiator.

    This property can be used to insert information about the user who initiated the operation. For example, you can specify the pattern Created by: %initiator% for the Description property via a business rule that triggers after object creation. In this case, the description of new objects will contain logon names of the users who created these objects e.g. 'Created by: johndoe@company.com'.

  • adm-InitiatorMobile

  • The mobile of the operation initiator.

    This property can be used to send SMS messages to the user who performed the operation. For this purpose, specify the SMS receiver as %adm-InitiatorMobile%.

Manager of the initiator

These properties are obtained from the account specified in the Manager property of the user who initiated the operation.

  • Property

  • Description

  • adm-InitiatorManagerDN

  • The DN of the initiator's manager.

  • adm-InitiatorManagerEmail

  • The e-mail of the initiator's manager.

    This property can be used to send e-mail notifications to the manager of the user who performed the operation. For this purpose, specify the notification receiver as %adm-InitiatorManagerEmail%.

  • adm-InitiatorManagerFirstName

  • The first name of the initiator's manager.

  • adm-InitiatorManagerFullName

  • The full name of the initiator's manager.

  • adm-InitiatorManagerLastName

  • The last name of the initiator's manager.

  • adm-InitiatorManagerUserName

  • The logon name of the initiator's manager.

  • adm-InitiatorManagerDisplayName

  • The display name of the initiator's manager.

  • adm-InitiatorManagerMobile

  • The mobile of the initiator's manager.

    This property can be used to send SMS messages to the manager of the user, who performs the operation. For this purpose, specify the SMS receiver as %adm-InitiatorManagerMobile%.

  • adm-InitiatorManagerPhone

  • The phone number of the initiator's manager.

Secretary/assistant of the initiator

These properties are obtained from the accounts specified in the Secretary or Assistant properties of the user who initiated the operation.

  • Property

  • Description

  • adm-InitiatorSecretaryDN

  • The DN of the initiator's secretary.

  • adm-InitiatorSecretaryEmail

  • The e-mail of the initiator's secretary.

    This property can be used to send e-mail notifications to the secretary of the user who performed the operation. For this purpose, specify the notification receiver as %adm-InitiatorSecretaryEmail%.

  • adm-InitiatorSecretaryFirstName

  • The first name of the initiator's secretary.

  • adm-InitiatorSecretaryFullName

  • The full name of the initiator's secretary.

  • adm-InitiatorSecretaryLastName

  • The last name of the initiator's secretary.

  • adm-InitiatorSecretaryUserName

  • The logon name of the initiator's secretary.

  • adm-InitiatorSecretaryDisplayName

  • The display name of the initiator's secretary.

  • adm-InitiatorSecretaryMobile

  • The mobile of the initiator's secretary.

    This property can be used to send SMS messages to the secretary of the user, who performs the operation. For this purpose, specify the SMS receiver as %adm-InitiatorSecretaryMobile%.

  • adm-InitiatorSecretaryPhone

  • The phone number of the initiator's secretary.

  • adm-InitiatorAssistantDN

  • The DN of the initiator's assistant.

  • adm-InitiatorAssistantEmail

  • The e-mail of the initiator's assistant.

    This property can be used to send e-mail notifications to the assistant of the user who performed the operation. For this purpose, specify the notification receiver as %adm-InitiatorAssistantEmail%.

  • adm-InitiatorAssistantFirstName

  • The first name of the initiator's assistant.

  • adm-InitiatorAssistantFullName

  • The full name of the initiator's assistant.

  • adm-InitiatorAssistantLastName

  • The last name of the initiator's assistant.

  • adm-InitiatorAssistantUserName

  • The logon name of the initiator's assistant.

  • adm-InitiatorAssistantDisplayName

  • The display name of the initiator's assistant.

  • adm-InitiatorAssistantMobile

  • The mobile of the initiator's assistant.

    This property can be used to send SMS messages to the assistant of the user, who performs the operation. For this purpose, specify the SMS receiver as %adm-InitiatorAssistantMobile%.

  • adm-InitiatorAssistantPhone

  • The phone number of the initiator's assistant.