Adaxes

Is an attribute "On-View" Trigger Condition Possible

0 votes

Is it possible to trigger a command based on a user viewing an attribute (native AD or custom)?

Scenario is a Web UI user viewing a sensitive object attribute (in our case the value of the local administrator password for a computer - either a custom Adaxes attribute or the native 'LAPS' attribute used to store randomised passwords when using MS LAPS).

In this scenario we'd like this to trigger an action to force a reset of the password (by updating the/an accompanying change date attribute).

Thanks

by (1.6k points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

For this specific scenario we suggest using a Custom Command. You can create a Custom Command executed on a computer object that outputs the current password of the computer to the Execution Log and also schedules a password reset. To do this, the Custom Command needs to launch a PowerShell script. For information on how to update the Execution Log using a script, see section Updating the Execution Log in Server-Side Scripting. To schedule a password reset, you need to use the Reset-AdmPwdPassword from the LAPS management tools.

For information on how to create a Custom Command, see the Create a Custom Command Tutorial. Use it as a guide.

  • On step 3 of the tutorial, select Computer.
  • On step 4, add the Run a program or PowerShell script action.

Related questions

0 votes
1 answer
Is it possible to configure SSPR from the Windows Logon screen on an Autopiloted device?

We are testing Windows Autopilot and would still like to use the adaxes client to allow for SSPR. Is it possible to configure the Windows Integration settings on a machine that is not domain joined but is joined through Azure AD?

asked Sep 3, 2020 by scoutcor (120 points)
0 votes
1 answer
Is it possible to setup a an object selection on Users in folders with a specific name

We're trying to setup a new action in our Web interface that runs on User's that are currently in an OU called 'New Starters' that is in all of our domains (An ... no results, There are no other fields we can use that are unique to accounts in those OUs

asked Feb 7, 2020 by richarddewis (260 points)
0 votes
1 answer
Trigger an event on the first logon?

Is it possible to trigger an event when a user logs in for the first time? We would like to setup a process that sends the user an email shortly after they login for the first time.

asked May 24, 2019 by ggallaway (300 points)
0 votes
1 answer
During the Deprovisioning process we want to clear a Extension Attribute and add one as well, is this possible?

Here is what i have been trying with Set-ADUser -Identity $user -Clear "extensionAttribute5" Set-ADUser -Identity $user -Add @{extensionAttribute5 = "NoLicenseNeeded"}

asked Nov 29, 2021 by Markh (20 points)
0 votes
1 answer
How can I restrict users automatically based on an AD attribute?

This is for license purposes and we do not want them visible in the Adaxes portal.

asked Oct 22, 2021 by jfrederickwl (20 points)
3,549 questions
3,240 answers
8,232 comments
547,820 users