0 votes

I would like to know if it is possible to create a field in the web UI under user management to "assign" a machine to a user. I would like to be able to put the machine object in the field and have a task run that would move said machine to a different OU.

Say under Bob there is a field called "assigned computer", I would like to put "bob's PC" in that field and then that machine would be moved to "workstation OU.

Is there s custome field that can be used to accomplish this?

by (70 points)
0

Hello,

It can be done using a DN syntax property and a Business Rule triggering After updating a user that will run a script to move the computer specified in the property to the required OU. Unfortunately, there are currently no Adaxes custom attributes of DN syntax type (the feature is in our roadmap). You can use one of Active Directory DN syntax properties (e.g. Assistant). Alternatively, the update and move can be done using a Custom Command and the distinguished name (DN) of the computer will be stored in a custom text attribute. As another option, you can store a user in the Managed By property of the assigned computer. In this case, the computer will be present in the Managed Objects property of the user.

Please, specify which approach meets your needs and we will provide you with detailed instructions.

0

I apologize for the late response, I replied via email and just no realized it was from a no-reply address.

If we were to use the Managed by and Managed objects option would we be able to set up a task/custom command to move the machines to different OU's?

I think the first option will work the best If I could get details on that

0

Hello,

In this case, you will need to use a Business Rule triggering After updating a computer to move computers after their Managed By property update. For us to provide you with details, please, specify how exactly the destination OU should be determined. Live examples will be very helpful.

0

So he have Department OU's and a sub user OU under each of those.

Here is an example:

Customer service> Users Workstation/ Info Tech> users Workstation/ Collections > users Workstation/

So say a customer service rep starts, I would put them in the customer service>users OU, then there is also a Sub OU under customer service called workstations, that is where I would like the PC object to move to.

We also have department drop down under user management that we could use to tie in to this as well. "if department property=customer service, move "pc object" to customer service>workstations.

1 Answer

0 votes
by (288k points)

Hello,

Thank you for the provided details. As we mentioned in the previous posts, you will need to use a Business Rule triggering After updating a computer. The rule will look like the following: image.png The Business Rule will execute the following script:

# Build distinguished name of target OU
$ownerDn = New-Object "Softerra.Adaxes.LDAP.DN" "%managedBy%"
$ownerParentOu = $ownerDn.Parent
$targetOuDn = "OU=Workstations," + $ownerParentOu

# Bind to the target OU
try
{
    $targetOu = $Context.BindToObjectByDNEx($targetOuDn, $True)
}
catch
{
    $Context.LogMessage("Workstations OU does not exist for computer %name%.", "Error")
    return
}

# Move computer
$targetOu.MoveHere($Context.TargetObject.AdsPath, $NULL)

If you need to make sure that the computers are always located in the corresponding OUs and bring them back in case of mistakes, you can use a Scheduled Task like the following. In the task, you will need to create an Else If block for each of the computer locations/departments you have. image.png

0

I have setup this business rule as above with the script however I am getting the error Log message "Workstations OU does not exist for computer "xxx" when updating the managed by user

0

Hello,

The error message occurs because there is no Workstations OU existing in the OU where the user sets as computer owner is located. For example, if the user is located in OU with distinguished name OU=Users,DC=example,DC=com, the script will attempt to place the computer into the OU with distinguished name OU=Workstations,CN=Users,DC=example,DC=com. If the OU does not exist, the script will throw the corresponding error message.

0

Here is another example of our OU sctructure.

A machine would be in OU=workstation, OU=customer service, DC=example, DC=.com

Then a user would be in OU=Users, OU=Customer Service, DC=example, DC=.com

So this script is written to work as if the workstation is a sub OU under users? The workstation is the same level OU as users

image.png

0

Hello,

Thank you for the provided details. Unfortunately, we got your OU structure. We updated the script to work accordingly, find it below.

# Build distinguished name of target OU
$ownerDn = New-Object "Softerra.Adaxes.LDAP.DN" "%managedBy%"
$ownerParentOuDn = New-Object "Softerra.Adaxes.LDAP.DN" $ownerDn.Parent
$ownerGrnadParentOuDn = $ownerParentOuDn.Parent
$targetOuDn = "OU=Workstations," + $ownerGrnadParentOuDn

# Bind to the target OU
try
{
    $targetOu = $Context.BindToObjectByDNEx($targetOuDn, $True)
}
catch
{
    $Context.LogMessage("Workstations OU does not exist for computer %name%.", "Error")
    return
}

# Move computer
$targetOu.MoveHere($Context.TargetObject.AdsPath, $NULL)
0

This is now working as intended, thank you for the quick follow up! I think we are all set here

Related questions

0 votes
1 answer

Hello all, I'm sure this is possible, but I'm confused on a few points. I'm trying to set up the security role and matching homepage action that will allow a user ... I'd like to use the least amount of permissions possible, just for security's sake. Thanks!

asked Jan 18, 2017 by ctdhelpdesk (190 points)
0 votes
1 answer

What is the minimum permission required to move user accounts between OUs?

asked Feb 14, 2012 by BradG (950 points)
0 votes
1 answer

Then I could put the approval on the custom command.

asked Dec 4, 2023 by mightycabal (1.0k points)
0 votes
1 answer

We've the following script we want to use in Adaxes to create as part of user creation, to ask if the user will need a AWS workspace, then asks employeetype for different ... "Error") exit(-1) } else { $Context.LogMessage("Created workspace", "Information") }

asked May 3 by Plusa (20 points)
0 votes
1 answer

We would like to have a business unit that is based on an adaxes custom attribute. I don't see a way of doing this. Do you all have any ideas?

asked May 18, 2020 by mark.it.admin (2.3k points)
3,543 questions
3,233 answers
8,227 comments
547,809 users