0 votes

Hello

After adding or removing users (from WebUI) from certaing sec. groups, I let a Business Rule execute two Scheduled Tasks,
as shown in this http://www.adaxes.com/sdk/?ApiDocumenta ... struction.

The BR responds correctly, but I get this error:


The Script:

Adding og removing a user via the Adaxes Administration Console throws the same error.

- Thanks in advance.

by (2.6k points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

Most probably, the errors occur because you've placed your Scheduled Tasks in a certain sub-container within the Scheduled Tasks container. The sample script you've mentioned assumes that the Scheduled Task you want to run is located directly under the Scheduled Tasks container. If you've created the tasks in a certain sub-container, then you need a slightly different code.

However, this approach is not optimal from the point of view of performance. As far as we understand, the 2 Scheduled Tasks that you want to run are based on the following scripts from the Script Repository: Create LDAP filter to find all subordinates of user and Create LDAP filter to find all objects managed by user. Is that correct?

In that case, we recommend the following: you need to move all the logic contained in the Scheduled Tasks to Custom Commands. You will be able to run the commands on a schedule, using a Scheduled Task, or on the users that have been added to or removed from the groups, using a Business Rule.

What you actually need to is as follows:

  • Create Custom Commands that run the scripts
  • Create a Scheduled Task that runs your Custom Commands on a regular basis
  • Create a Business Rule that runs your Custom Commands once a new member is added to or removed from a group to update the managed users / objects of the new or removed member.

To implement such a solution:

i. Create Custom Commands that run the scripts

To create a Custom Command that runs one of the scripts you need:

  1. Create a new Custom Command.
  2. If you don't want the Custom Command to be available in the UI, you need to disable it. Disabled Custom Commands cannot be executed on AD objects manually, but can be run using Business Rules, Custom Commands and Scheduled Tasks. To disable the command, on step 1 of the Create Custom Command wizard, remove the Enabled option.
  3. On step 2, select the User object type.
  4. On step 3, add the Run a program or PowerShell script action and paste the script that you Custom Command needs to run.
  5. Modify the parameters of the script, if necessary, enter a short description for the script and click OK.
  6. Click Next, then click Finish.

ii. Create a Scheduled Task that runs the Custom Commands on a regular basis
To create such a Scheduled Task:

  1. Create a new Scheduled Task.
  2. On step 3 of the Create Scheduled Task wizard, select the User object type.
  3. On step 4 add the Execute a Custom Command action and click Select.
  4. Select a Custom Command you need and click OK.
  5. To execute another Custom Command, right-click the action you've just added and select Add New Action.
  6. Finish creation of the Scheduled Task.

iii.Create a Business Rule to update the managed users / objects of a new or removed member.
To create a Business Rule that runs the Custom Commands once group membership changes:

  1. Create a new Business Rule.

  2. On step 2 of the Create Business Rule wizard, select the Group and After adding or removing a member from a Group.

  3. On step 3, add the Run a program or PowerShell script action, and paste the following script. The script will run your Custom Commands for a new or removed member. If the new/removed member is a group, the script will run the commands for all users who are members of the group.

     $customCommandIDs = @("{e5a15803-149d-4dec-9f33-c94afbcea436}", "{b0861f0d-47a5-4e90-bf6c-e81c30751d6f}") # TODO: modify me
    
     # Bind to the new member
     $newMember = $Context.BindToObjectEx("Adaxes://%member%", $True)
    
     switch ($newMember.Class)
     {
         "User"
         {
             # Execute the Custom Commands
             foreach ($commandID in $customCommandIDs)
             {
                 $newMember.ExecuteCustomCommand($commandID)
             }
         }
         "Group"
         {
             # Get group members
             try
             {
                 $memberGuidsBytes = $newMember.GetEx("adm-MembersGuid")
             }
             catch
             {
                 return # No members
             }
    
             # Build filter to find all users who are members of the group
             $filter = New-Object "System.Text.StringBuilder"
             [void]$filter.Append("(&(sAMAccountType=805306368)(|")
             foreach ($guidBytes in $memberGuidsBytes)
             {
                 [void]$filter.Append([Softerra.Adaxes.Ldap.FilterBuilder]::Create("objectGuid", [Guid]$guidBytes))
             }
             [void]$filter.Append("))")
    
             # Search the users
             $searcher = $Context.BindToObject("Adaxes://rootDSE")
             $searcher.SearchFilter = $filter.ToString()
             $searcher.PageSize = 500
             $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
             $searcher.VirtualRoot = $True
    
             try
             {
                 $searcherResultIterator = $searcher.ExecuteSearch()
                 $users = $searcherResultIterator.FetchAll()
    
                 foreach ($userID in $users)
                 {
                     # Execute the Custom Commands
                     $user = $Context.BindToObjectEx($userID.AdsPath, $True)
                     foreach ($commandID in $customCommandIDs)
                     {
                         $user.ExecuteCustomCommand($commandID)
                     }
                 }
             }
             finally
             {
                 # Close the search and release resources
                 $searcherResultIterator.Dispose()
             }
         }
         deafult
         {
             return
         }
     }
    
  4. In the script, $customCommandIDs specifies the IDs of the Custom Commands to run. Specify the IDs of the commands created on step i. How to get the ID of a Custom Command.

  5. Finish creation of the Business Rule.

0

Great solution - thanks !

:D

Related questions

0 votes
1 answer

When I enable a scheduled task, instead of running at the scheduled time they all run imeadiately. This is not good behavior as changes are written in a way to reflect the ... is being enabled. I am hoping there is a powershell command to stop this behavoir.

asked Jul 10, 2023 by mightycabal (1.0k points)
0 votes
1 answer

I like to reuse action sets I've created in varying rules, tasks and commands. The main issue I am facing is I cannot find a way to make it copy and paste 1:1. It ... the other rule/task/command. Is this not possible or am I just not figuring it out? Thanks

asked Nov 22 by msheppard (660 points)
0 votes
0 answers

We have two instances of Adaxes set up in the Administrative console. The secondary instance is used to run some of our larger scheduled tasks, however this has since stopped working ... there a way I can get the secondary to appear in the list again? Thanks

asked Jun 12 by Homelander90 (350 points)
0 votes
1 answer

We need to run a scheduled task twice a year, so I chose every 182 days like it's suggested in here, only problem is that there is no way to change the next run ... really don't want these tasks to be triggered again if they've already been executed this year.

asked May 8 by boing (20 points)
0 votes
1 answer

It would be good to have a selectable column for the tasks schedule pane. This would allow us to easily show tasks scheduled dates and give us the ability to sort by the ... case it would be good to sort all of these password resets by their scheduled date.

asked Apr 30 by Moodie007 (60 points)
3,589 questions
3,278 answers
8,303 comments
548,135 users