0 votes

Dear support,

Active Directory on Windows 2016 will support this much anticipated feature. It will be possible to assign a user to a group for a limited time frame

I would really love if you could investigate about this new possibility and support it in a near futur.

Cheers

by (750 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello Pierre,

The feature is on our radar as well, and with a very high priority.

0

Hello,

Its been more then 1 year. How much on the radar is this function?
It is quite critical to the way security procedures work in our company, thus I would like to escalate this request.

Kind regards.

0

Hello,

The feature has been announced in Windows Server 2016. We are investigating the possibility of adding it to Adaxes.

As a workaround we suggest the following scenario:

  1. In the Web interface, there will be several Home Page Actions, using which users can be added to groups.
  2. When a user clicks a Home Page Action, they will be presented with a form where they will be able to specify the end date where their membership expires.
  3. When the action is executed, the user will be added to the selected grou or groups. the end date that the user specified and the group DN will be saved in a custom multivalued property of the user. For example, you can use one of Adaxes custom attributes, such as, for example, CustomAttributeMultiValue1. Using a multi-valued attribute will allow add the same user to multiple groups at a time.
  4. A Scheduled Task that runs, say, once a day will check the date specified for each group. When due, it will remove the user from the corresponding groups.

Will this suit your needs?

Related questions

0 votes
1 answer

We have RBAC groups inside an OU. We would like to restrict users from being added to multiple RBAC groups at a time. For example: RBAC Roles OU Sales RBAC Group ... groups outside of this OU structure though. What's the best way to achieve this? Thanks

asked Oct 13, 2021 by bavery (250 points)
0 votes
1 answer

As part of business rules etc we are able to add\remove accounts to groups. It would be nice if this feature could be extended to allow for wildcard ... multiple groups that meet the matching condition (without resorting to PowerShell script actions). Thanks

asked Aug 5, 2014 by firegoblin (1.6k points)
0 votes
1 answer

feature request: Allow scheduled reports to have any email address as a recipient.

asked Nov 24 by PaulPCGuy7 (20 points)
0 votes
1 answer

It would be good to have a selectable column for the tasks schedule pane. This would allow us to easily show tasks scheduled dates and give us the ability to sort by the ... case it would be good to sort all of these password resets by their scheduled date.

asked Apr 30 by Moodie007 (60 points)
0 votes
1 answer

the script repo examples are almost entirely written in ADSI, however powershell is now far more widely used, is it possible to have all scripts written in both ADSI and powershell.

asked Jan 5 by i*windows (300 points)
3,589 questions
3,278 answers
8,303 comments
548,130 users