Create multiple objects in one operation
Using Adaxes, it is possible to create objects from within business rules, custom commands and scheduled tasks. In this tutorial, you will learn how to create a custom command that will create an organizational unit with the name specified by the user, and then create a user account and a group in the new OU.
The custom command will also perform the following actions:
-
Add the new user to the new group.
-
Set the user who initiated the operation as an owner of the new organizational unit.
-
Handle the case where another organizational unit with the same name already exists.
-
Launch Adaxes Administration console.
How { #collapse1}
-
On the computer where Adaxes Administration console is installed, open Windows Start menu.
-
Click Adaxes Administration Console.
-
-
Expand your Adaxes service, right-click Custom Commands, point to New and click Custom Command.
-
Enter a name for the new custom command, select an icon, and specify a short description.
Since the custom command will prompt for user input, it is recommended to disable the confirmation popup. To do it, clear the Confirmation checkbox.
Click Next.
-
Select the Organizational Unit object type, as the command will create objects in an OU selected by the user.
Click Next.
-
Add a parameter to allow users to specify the name of the new organizational unit.
-
Click New.
-
Select Edit box and click Next.
-
Enter the parameter name and display name.
-
Click Next.
-
Configure the parameter options and click Finish.
When done, click Next.
-
-
To add an action that will create an organizational unit:
-
Click Add an action.
-
In the Add Action dialog, select the Create a directory object action.
-
In the Type drop-down list, select Organizational Unit.
-
In the Location field, specify where a new organizational unit will be created.
If you set the location to %distinguishedName%, the value reference will be replaced with the DN of the organizational unit targeted by the custom command. Hence, the new OU will be created right under the OU on which the command is executed.
-
To set the name of the organizational unit to the value of the custom command parameter:
-
Right-click the Organizational Unit Name property and then click Edit in the context menu.
-
Click the button.
-
Select the custom command parameter in the list.
-
Click OK two times.
-
-
To set the user who executed the custom command as an owner of the new organizational unit:
-
Click Add and select either the Managed By (Primary) or the Managed By property.
Which property to select
Objects can have multiple owners in Adaxes, and the property you select defines how the owner will be stored. In Active Directory domains, Managed By (Primary) represents the primary owner stored in Active Directory, while Managed By represents secondary owners stored in Adaxes and available only from Adaxes.
In Microsoft Entra ID, all owners are stored in the Managed By property, while Managed By (Primary) is unavailable. For more details on how object ownership works in Adaxes, see Object owners.
-
Click the button.
-
Activate the Template tab and click the button.
-
Select the InitiatorDN property in the list.
-
Click OK three times.
-
If necessary, provide values for other properties of the organizational unit.
When done, click OK.
-
-
-
To add an action that will create a user account in the new organizational unit:
-
Right-click the set of actions and then click Add Action in the context menu.
-
In the Add Action dialog, select the Create a directory object action.
-
In the Type drop-down list, select User.
-
In the Location field, specify where a new user account will be created. To create it in the organizational unit created by this custom command, use the following template:
OU=%param-OrganizationName%,%distinguishedName%
The %param-OrganizationName% value reference will be replaced with the value of the custom command parameter, and the %distinguishedName% value reference will be replaced with the DN of the organizational unit the custom command is executed on.
-
Modify the values of the Full Name and Username properties.
For example, you can set the properties to the following values:
Full Name: %param-OrganizationName% Admin Username: %param-OrganizationName:lower%_admin
The %param-OrganizationName% value reference will be replaced with the value of the custom command parameter. If the parameter is set to Acme, the property values will be as follows:
Full Name: Acme Admin Username: acme_admin
The domain part for the username will be automatically selected based on a user property pattern effective over the OU on which this custom command is executed. For details on how to configure domain part selection, see Automatically set default domain part for the username.
Alternatively, you can specify the domain part directly in the template.
%param-OrganizationName:lower%_admin@acme.com => acme_admin@acme.com
-
If necessary, provide values for other properties of the user account.
-
When done, click OK.
-
-
To add an action that will create a group:
-
Right-click the set of actions and then click Add Action in the context menu.
-
In the Add Action dialog, select the Create a directory object action.
-
In the Type drop-down list, select Group.
-
In the Location field, specify where a new group object will be created. To create it in the organizational unit created by this custom command, use the following template:
OU=%param-OrganizationName%,%distinguishedName%
The %param-OrganizationName% value reference will be replaced with the value of the custom command parameter, and the %distinguishedName% value reference will be replaced with the DN of the organizational unit the custom command is executed on.
-
Modify the value of the Group Name property.
For example, if you set the property to %param-OrganizationName%, the name of the group will set to the value of the custom command parameter and thus will be the same as the name of the organizational unit.
-
To add the user account created by this custom command to the new group:
-
Click Add and select the Member property.
-
Click the button.
-
Activate the Template tab.
-
In the Template field, specify a template to be used to generate the DN of the user.
To build a template, use the value of the Full Name property you specified for the user account. For example, if the Full Name property was set to %param-OrganizationName% Admin, the template should look like this:
CN=%param-OrganizationName% Admin,OU=%param-OrganizationName%,%distinguishedName%
-
Click OK two times.
-
-
If necessary, provide values for other properties of the group object.
-
When done, click OK.
-
-
To cancel command execution if an organizational unit with the same name already exists, do the following:
-
Click Add new action set.
-
Right-click the new set and then click Add Action in the context menu.
-
In the Add Action dialog, select the Cancel this operation action.
-
In the Reason field, type the text of the error message.
-
Click OK.
-
Right-click the new action and then click Add Condition in the context menu.
-
In the Add Condition dialog, select the If <object> exists condition.
-
In the Condition Parameters section, specify a template for the DN of the organizational unit created by the custom command.
To build a template, use the value of the Organizational Unit Name property that you specified for the organizational unit. If the property was set to %param-OrganizationName%, the template should look like this:
OU=%param-OrganizationName%,%distinguishedName%
-
Click OK.
-
To perform the check before creating objects, select the action set and click the button to move it up.
To move the whole set, make sure no actions and conditions are selected.
Click Next.
-
-
On the Permissions step, you can select the security roles to which you want to add the permission to execute the new custom command.
You can skip this step and configure the permissions later. For details, see Grant rights to cxecute custom commands.
Click Finish.
For instructions on how to place a custom command on the Actions pane in the Web interface, see Configure Actions pane.
For instructions on how to disable a custom command in the Web interface, see Disable operations on directory objects.