0 votes

I belive we may have opened a ticket for this question in the past but I can't find the answer.

We have a need to delay changing user attributes until their transfer/promotion date.

So we have a Custom Command called Promote/Transfer. It takes in several parameters (manager, title, department)

We set the transfer/promotion date in adm-customattributedate2

We have a scheduled task that runs the following powershell hourly.

# Get all pending Approval Requests
$containerPath = $Context.GetWellKnownContainerPath("ApprovalRequests")
$container = $Context.BindToObject($containerPath)

$requests = $container.GetApprovalRequests("ADM_APPROVALSTATE_PENDING")

foreach ($requestID in $requests)
{
    # Bind to the Approval Request
    $guid = [Guid]$requestID
    $request = $Context.BindToObjectEx("Adaxes://<GUID=$guid>", $True)

    $approversInfo = $request.GetApproversInfo()
    if (-not ($approversInfo.IsApproverEx($Context.Initiator.UserAdsObject, $request.Requestor, $request.TargetObject)))
    {
        continue # The Scheduled Task is not an approver
    }

    # Get date when modifications are due
    $operation = $request.DescriptionOfOperationToApprove
    $result = $operation | Select-String -Pattern "(?<=\{.{8}-.{4}-.{4}-.{4}-.{12}\}\s)\d{2}\/\d{2}\/\d{4}(?=\s\{.{8}-.{4}-.{4}-.{4}-.{12}\})"

    if ($result -eq $NULL)
    {
        $Context.LogMessage("Cannot find a date when to execute the following operation: '$operation'.", "Warning")
        continue
    }

    try
    {
        $date = [Datetime]::ParseExact($result.Matches[0].Value, "dd/MM/yyyy", $NULL)
    }
    catch
    {
        $Context.LogMessage("Cannot convert a date when to execute the following operation: '$operation'.", "Warning")
        continue
    }

    if ($date -gt [System.Datetime]::UtcNow)
    {
        continue
    }

    # Approve the request
    $request.Approve()
}

Somehow someone changed something and now its not working anymore. I can't for the life of me find the original article/ticket that this powershell came from, but it had the instructions we needed to delay modifying a user's manager, title, and department until the scheduled date.

Any help would be much much appreciated. Thanks!

by (70 points)
edited by

1 Answer

0 votes
by (270k points)

Hello,

It looks like you mean the below script.

# Get all pending Approval Requests
$containerPath = $Context.GetWellKnownContainerPath("ApprovalRequests")
$container = $Context.BindToObject($containerPath)

$requests = $container.GetApprovalRequests("ADM_APPROVALSTATE_PENDING")

foreach ($requestID in $requests)
{
    # Bind to the Approval Request
    $guid = [Guid]$requestID
    $request = $Context.BindToObjectEx("Adaxes://<GUID=$guid>", $True)

    $approversInfo = $request.GetApproversInfo()
    if (-not ($approversInfo.IsApproverEx($Context.Initiator.UserAdsObject, $request.Requestor, $request.TargetObject)))
    {
        continue # The Scheduled Task is not an approver
    }

    # Get date when modifications are due
    $operation = $request.DescriptionOfOperationToApprove
    $result = $operation | Select-String -Pattern "(?<=\{.{8}-.{4}-.{4}-.{4}-.{12}\}\s)\d{2}\/\d{2}\/\d{4}(?=\s\{.{8}-.{4}-.{4}-.{4}-.{12}\})"

    if ($result -eq $NULL)
    {
        $Context.LogMessage("Cannot find a date when to execute the following operation: '$operation'.", "Warning")
        continue
    }

    try
    {
        $date = [Datetime]::ParseExact($result.Matches[0].Value, "dd/MM/yyyy", $NULL)
    }
    catch
    {
        $Context.LogMessage("Cannot convert a date when to execute the following operation: '$operation'.", "Warning")
        continue
    }

    if ($date -gt [System.Datetime]::UtcNow)
    {
        continue
    }

    # Approve the request
    $request.Approve()
}

However, we cannot be sure. For us to suggest a full solution which might not require any scripts, please, post here or send us (support@adaxes.com) a screenshot of the custom command you are using. Any additional details regarding the workflow you have will be much appreciated.

Related questions

0 votes
0 answers

Say you have Manager A that has 30 users under them. Manager A leaves and Manager B takes the position. What is the best way to update all 30 users so their new manager is Manager B.

asked Jun 7, 2021 by Jmbrown04 (60 points)
0 votes
1 answer

Hello, I'm trying to create a business rule that will update a user account expiry date when that user logs in for the first time. I'm new to Adaxes, so I don't have a ... updated by a user's action, such as "Last Logon". Is it possible to make this work?

asked Mar 6 by sjjb2024 (40 points)
0 votes
0 answers

Hello! We have a business rule in place that will request approval from a group's owner before adding an account to that group for certain groups. We also have a custom ... name reference is invalid. Do you have any ideas for how to get around this error?

asked Jan 24, 2022 by KelseaIT (320 points)
0 votes
1 answer

We used to run AD Audit and it would provide additional details on what was locking a user's account (workstation name, application, etc...). Is there are way with Adaxes ... on what is locking an account? Or a way to pull historical data on locked accounts?

asked Nov 16, 2020 by pulsifers (20 points)
0 votes
1 answer

What specific permission is needed in a security role to grant access to enable a user account?

asked Dec 7, 2023 by mightycabal (1.0k points)
3,326 questions
3,026 answers
7,727 comments
544,682 users