0 votes

Hello again!

I'm building a script that will create Adaxes Security Roles for each new customer we bring on

I'm trying to create a Role with the ability to change passwords of users.

Specifically I want to allow members of the security role to be able to Write the Password Last Set Property and Write the Account Options Property

Here's a snip of the script:

# Allow: User -> Write Account Options Property
$entry = $role.Permissions.Create()

$userClassGuid = # the GUID of the User object class
    "{bf967aba-0de6-11d0-a285-00aa003049e2}"

$entry.AccessType = "ADM_PERMISSION_TYPE_ALLOW"
$entry.AccessMask = "ADS_RIGHT_DS_WRITE_PROP"
$entry.ObjectType = #NeedGUID for the Write Account Options Property
$entry.InheritedObjectType = $userClassGuid

$entry.SetInfo() # save the permission entry
$role.Permissions.Add($entry) # add the permission to the role

# Allow: User -> Write Password Last Set Property
$entry = $role.Permissions.Create()

$userClassGuid = # the GUID of the User object class
    "{bf967aba-0de6-11d0-a285-00aa003049e2}"

$entry.AccessType = "ADM_PERMISSION_TYPE_ALLOW"
$entry.AccessMask = "ADS_RIGHT_DS_WRITE_PROP"
$entry.ObjectType = #NeedGUID for the Password Last Set Property
$entry.InheritedObjectType = $userClassGuid

$entry.SetInfo() # save the permission entry
$role.Permissions.Add($entry) # add the permission to the role

I've found several examples that give me values for the ObjectType but I'm not sure how to find the right values for Permissions Properties. If there's a way to list all the properties for user or group objects it would really help me get the script finished up.

by (810 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

To find the GUID of a property:

  1. In the Administration Console, locate an object of the necessary type and select it. For example, if you want to know the GUID of a property of users, locate and select a user.
    The properties of the selected object will be displayed in the Result Pane (located to the right).
  2. Right-click the property you need and select Properties.

    Note: to view empty properties, you need to configure the Administration Console to show empty properties.
  3. Copy the GUID displayed under Attributes.
0

Thanks!

Related questions

0 votes
1 answer

I need a list of all the URLs that Adaxes creates in IIS on the server Adaxes is installed on.

asked Feb 6, 2020 by DaralenManta (20 points)
0 votes
1 answer

We have a rule setup that when a user requests membership into a group it will email approvers of the group for approval. I would like to create a report that sends out a list of ALL approvers for every group we have approvals setup for.

asked Dec 18, 2023 by jujones79 (20 points)
0 votes
0 answers

We are in hybrid mode with 365. All the accounts we create have to made with a .com instead of .local. How can I make that change in adaxes? Or is this some default I need to change in AD instead?

asked Apr 11, 2022 by LEGIT1 (150 points)
0 votes
1 answer

So we have a new domain , lets say @def.com. It's within our primary domain @abc.com...this was done due to a company split. What changed for our users were their ... operational. LDAP Server unavailable" If I use my @abc.com, it works. Please advise. thanks

asked Oct 1, 2013 by MeliOnTheJob (1.7k points)
0 votes
1 answer

Salutations, We have an Adaxes server that we use that was setup by someone whom is no longer with us. There is a section in the web interface that a standard user uses ... standard users fill out on one of the web pages Adaxes has setup in IIS. Suggestions?

asked Jan 16, 2023 by jkaufman-lr (20 points)
3,326 questions
3,026 answers
7,727 comments
544,678 users