Schedule tasks for directory management
Scheduled tasks enable you to automatically perform routine administrative tasks on a periodic basis. You can use them to automate a variety of actions, including adding and removing members from groups, moving objects to appropriate organizational units, handling inactive user and computer accounts, sending email notifications, etc.
In this tutorial you will learn hot to create and configure a scheduled task.
-
Launch Adaxes Administration console.
How { #collapse1}
-
On the computer where Adaxes Administration console is installed, open Windows Start menu.
-
Click Adaxes Administration Console.
-
-
Expand your Adaxes service, right-click Scheduled Tasks, point to New and click Scheduled Task.
-
Enter a name for the new scheduled task, and click Next.
It is recommended to use nouns to name scheduled tasks (e.g. Membership Manager, Location Updater), because tasks will appear as operation initiators in the Adaxes log and approval email notifications.
-
Specify how often the task should run, and click Next.
-
Select the type of objects the task actions should be performed for. For example, if you want the task to add users to groups, or execute custom commands on user accounts, select User.
Click Next.
-
Click Add an action.
-
Select the action you need in the list and configure the action parameters and execution options.
Approvals
Actions executed by scheduled tasks can be submitted for approval. For example, you may want inactive user accounts to be disabled only after an approval is granted by the user's manager or an administrator. To request approval for an action, select the Get approval for this action option and specify the approvers.
When done, click OK.
-
To add more actions, right-click a condition/action set and click Add Action in the context menu.
Actions are executed sequentially according to their order in the set. To move an action up and down, select it, and use the buttons.
-
To execute actions only if certain conditions are met, right-click the action set, and click Add Condition in the context menu.
If there are two or more conditions, they are combined by AND/OR operator. If conditions are combined by the AND operator, the actions are executed provided that all conditions are met. If conditions are combined by the OR operator, the actions are executed if at least one condition is met. To change the operator, click it.
Else If and Else blocks
You can use Else If and Else blocks to avoid duplication of conditions for different sets of related but mutually exclusive actions.
The Else block is useful when you need to perform some actions on specific conditions, and different actions in all other cases.
To add Else If and Else blocks to a set of actions, right-click it and then click Add Else and Add Else If in the context menu.
-
To perform different actions for different conditions, you need to add a separate set of actions and then assign the necessary conditions to it. To add a set of actions, click Add new action set.
Action sets are executed sequentially. To change the order, select a set and use the buttons. To move the whole set, make sure no actions and conditions are selected.
When done, click Next.
-
On the Activity Scope step, click Add.
Select from the following items:
-
All Objects – select to perform the task on all objects of the specified type in all domains managed by Adaxes.
-
Domain – select to perform the task on all objects of the specified type within a specific domain.
-
OU or Container – select to perform the task on the objects located in an organizational unit or container.
-
Group – select to perform the task on members of a group.
-
Business Unit – select to perform the task on members of a business unit. To select a business unit, open the Look in drop-down list and select the Business Units item.
You can exclude specific objects, groups, organizational units, business units and domains from the activity scope of the task. For example, if you assigned the task over all objects in a domain, but do not want it to be executed on members of a certain group, you can exclude the group from the activity scope. To exclude an object, select the Exclude the selection option in the Assignment Options dialog box.
Step by step { #exclude_scope}
-
Make sure objects of the desired type are displayed in the list.
-
Click the object you want to exclude.
-
In the Assignment Options dialog, select the Exclude the selection option.
-
Click OK.
-
-
Click OK and then click Finish.
Scheduled task examples
Example 1 – Add all users located in a specific organizational unit to a group
Example 2 – Move user objects between OUs
Example 3 – Remove disabled users from all groups
Script { #view_script_disabled_accounts}
# Get the groups the user is a direct member of
$groupGuidsBytes = $Context.TargetObject.GetEx("adm-DirectMemberOfGuid")
# Get the primary group ID
$primaryGroupId = $Context.TargetObject.Get("primaryGroupID")
foreach ($guidBytes in $groupGuidsBytes)
{
# Bind to the group
$groupGuid = [Guid]$guidBytes
$groupPath = "Adaxes://<GUID=$groupGuid>"
$group = $Context.BindToObject($groupPath)
# Skip the primary group
if ($group.Get("primaryGroupToken") -eq $primaryGroupId)
{
continue
}
# Remove the user from the group
$group.Remove($Context.TargetObject.AdsPath)
}
For information on how to create scripts for scheduled tasks, see Server-side scripting.