Hello,
Most probably, the errors occur because you've placed your Scheduled Tasks in a certain sub-container within the Scheduled Tasks container. The sample script you've mentioned assumes that the Scheduled Task you want to run is located directly under the Scheduled Tasks container. If you've created the tasks in a certain sub-container, then you need a slightly different code.
However, this approach is not optimal from the point of view of performance. As far as we understand, the 2 Scheduled Tasks that you want to run are based on the following scripts from the Script Repository: Create LDAP filter to find all subordinates of user and Create LDAP filter to find all objects managed by user. Is that correct?
In that case, we recommend the following: you need to move all the logic contained in the Scheduled Tasks to Custom Commands. You will be able to run the commands on a schedule, using a Scheduled Task, or on the users that have been added to or removed from the groups, using a Business Rule.
What you actually need to is as follows:
- Create Custom Commands that run the scripts
- Create a Scheduled Task that runs your Custom Commands on a regular basis
- Create a Business Rule that runs your Custom Commands once a new member is added to or removed from a group to update the managed users / objects of the new or removed member.
To implement such a solution:
i. Create Custom Commands that run the scripts
To create a Custom Command that runs one of the scripts you need:
- Create a new Custom Command.
- If you don't want the Custom Command to be available in the UI, you need to disable it. Disabled Custom Commands cannot be executed on AD objects manually, but can be run using Business Rules, Custom Commands and Scheduled Tasks. To disable the command, on step 1 of the Create Custom Command wizard, remove the Enabled option.
- On step 2, select the User object type.
- On step 3, add the Run a program or PowerShell script action and paste the script that you Custom Command needs to run.
- Modify the parameters of the script, if necessary, enter a short description for the script and click OK.
- Click Next, then click Finish.
ii. Create a Scheduled Task that runs the Custom Commands on a regular basis
To create such a Scheduled Task:
- Create a new Scheduled Task.
- On step 3 of the Create Scheduled Task wizard, select the User object type.
- On step 4 add the Execute a Custom Command action and click Select.
- Select a Custom Command you need and click OK.
- To execute another Custom Command, right-click the action you've just added and select Add New Action.
- Finish creation of the Scheduled Task.
iii.Create a Business Rule to update the managed users / objects of a new or removed member.
To create a Business Rule that runs the Custom Commands once group membership changes:
-
Create a new Business Rule.
-
On step 2 of the Create Business Rule wizard, select the Group and After adding or removing a member from a Group.
-
On step 3, add the Run a program or PowerShell script action, and paste the following script. The script will run your Custom Commands for a new or removed member. If the new/removed member is a group, the script will run the commands for all users who are members of the group.
$customCommandIDs = @("{e5a15803-149d-4dec-9f33-c94afbcea436}", "{b0861f0d-47a5-4e90-bf6c-e81c30751d6f}") # TODO: modify me
# Bind to the new member
$newMember = $Context.BindToObjectEx("Adaxes://%member%", $True)
switch ($newMember.Class)
{
"User"
{
# Execute the Custom Commands
foreach ($commandID in $customCommandIDs)
{
$newMember.ExecuteCustomCommand($commandID)
}
}
"Group"
{
# Get group members
try
{
$memberGuidsBytes = $newMember.GetEx("adm-MembersGuid")
}
catch
{
return # No members
}
# Build filter to find all users who are members of the group
$filter = New-Object "System.Text.StringBuilder"
[void]$filter.Append("(&(sAMAccountType=805306368)(|")
foreach ($guidBytes in $memberGuidsBytes)
{
[void]$filter.Append([Softerra.Adaxes.Ldap.FilterBuilder]::Create("objectGuid", [Guid]$guidBytes))
}
[void]$filter.Append("))")
# Search the users
$searcher = $Context.BindToObject("Adaxes://rootDSE")
$searcher.SearchFilter = $filter.ToString()
$searcher.PageSize = 500
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.VirtualRoot = $True
try
{
$searcherResultIterator = $searcher.ExecuteSearch()
$users = $searcherResultIterator.FetchAll()
foreach ($userID in $users)
{
# Execute the Custom Commands
$user = $Context.BindToObjectEx($userID.AdsPath, $True)
foreach ($commandID in $customCommandIDs)
{
$user.ExecuteCustomCommand($commandID)
}
}
}
finally
{
# Close the search and release resources
$searcherResultIterator.Dispose()
}
}
deafult
{
return
}
}
-
In the script, $customCommandIDs specifies the IDs of the Custom Commands to run. Specify the IDs of the commands created on step i. How to get the ID of a Custom Command.
-
Finish creation of the Business Rule.