0 votes

I'm trying to setup SelfService group management. We have multiple Forests. Because of the Forests we can't add users from a different forest to the ManagedBy. We can add a local security group and do group nesting of a global group from the other forest though.

I'm trying build an ldap query for a business unit that will list the groups a user is allowed to manage. Since it's a group that is in the ManagedBy I need to get that first then find if the user is a memberof that group and then have it display in the Business Unit.

I'm not great with LDAP and seem to be finding it difficult to build this kind of query if it's even possible.

Any suggestions would help.

Thank you.

Current Query for Business Unit, there are two different ones: (&(objectCategory=group)(managedBy=%distinguishedName%)) (&(objectCategory=group)(msExchCoManagedByLink=%distinguishedName%))

These get the manageBy if the DN of the user is a member. I'm having a hard time trying to figure out how to get the managedBy Group first then find if the users %distinguishedName% is a member of that group.

If seems like my queries end up getting all the groups a user is a memberof or nothing at all. :)

by (790 points)

1 Answer

0 votes
by (294k points)

Hello,

Unfortunately, there is no way to achieve the desired behavior using just a Query results membership rule with an explicit LDAP filter. You will need to store the filter for each user in their properties and use a value reference for the property in the business unit settings. For details, have a look at the following script from our repository: https://www.adaxes.com/script-repository/create-ldap-filter-to-find-all-objects-managed-by-user-s268.htm.

Related questions

0 votes
1 answer

I have 18 domains managed by Adaxes and have noticed that Admin (full access) t all objects acts normally, but for piecemeal scopes like Service Desk that scopes to individual ... role (including 16 denies) and expect it to grow as we add more domains.

asked Sep 20, 2022 by DA-symplr (100 points)
0 votes
1 answer

Hello, I have some AD Groups I would like to exclude from a business unit I'm using. I have standard group names across multiple OUs, some should be a part of the ... than simply having a working exclude query. Any thoughts on how I can get this working?

asked Mar 24, 2016 by drew.tittle (810 points)
0 votes
1 answer

I need a way of triggering a business rule based on the user (and not the group) being added or removed from a group. The reason I would like this triggered on the user is so ... prefer not to do that. I am checking to see if there is another way to do this.

asked May 16, 2023 by mark.it.admin (2.3k points)
0 votes
1 answer

I'd like to be able to either send an email report or export a CSV of all of the business rules carried out when a user is disabled. This would be ... Management Activity section but this includes things that weren't part of the disable operation. Thanks

asked Feb 19, 2020 by bavery (250 points)
0 votes
1 answer

Is there any way to add a warning message when someone tries to add a group member that already is member? Checked config but found nothing related. Added a new member that ... the group and there is no warning, and the logs show that the task was completed.

asked Jul 9 by lramirez (20 points)
3,588 questions
3,277 answers
8,303 comments
548,090 users