Adaxes

CustomAttribute to Manager DN

0 votes

Hello,

We have a workflow where we get the manager name via our HR system. I am putting this into a customattribute.

As the name pulled from HR is in the form of firstname lastname and the manager attribute cant handle this.

I would like to utilize Adaxes to take the customattribute1 (example) and modify it to a DN and put it into the target user manager field.

Is this possible? If so; how?

by (40 points)
0

Hello,

Sorry for the confusion, but we are not sure what exactly you mean. Do you need to take the first name and last name of a user from a user property, find the corresponding user account and set them as the user manager? If that is correct, what should be done if there is more than one user with the specified first and last name found?

Any additional details and live examples of the desired workflow will be much appreciated.

by (289k points)
0

Let me try and make it more clear, we get our Manager property from our HRM system via an API.

This value is "Firstname Lastname" feeding this directly into the manager property cant be done as the manager property within AD requires the DN name and not the Firstname Lastname of the object.

So we would like to feed the value from the API into the customattribute15 (example) and then from there get Adaxes to look at this and "translate" it to the DN.

If more then one user with the same firstname and lastname is there then that could be a problem I havent thought of yet.

We could also use the WorkerID (value from HRM) instead of firstname/lastname and translate that to the object in AD in the same way I guess.

by (40 points)
0

Hello,

So we would like to feed the value from the API into the customattribute15 (example) and then from there get Adaxes to look at this and "translate" it to the DN.

Should the DN replace the custom attribute value? Alternatively, the DN can be directly passed to the Manager property and the custom attribute will be cleared.

We could also use the WorkerID (value from HRM) instead of firstname/lastname and translate that to the object in AD in the same way I guess.

Any value that is unique in all the domains managed by Adaxes will work just fine. However, we still need to know what should be done in case of duplicates being found.

by (289k points)
0

Passing it to the Manager property and not clearing the Custom Attribute will be fine.

Incase we use the WorkerID there should not be a duplicate ID. The ID is unique.

by (40 points)

1 Answer

0 votes
by (289k points)

Hello,

Thank you for the confirmation. Here is the script you can use. It can be executed in a business rule, custom command or scheduled task configured for the User object type. In the script:

  • $propertyStoringManagerID - Specifies the LDAP name of the user property (customattribute15 in your example) storing the identity of the manager to be set.
  • $managerIDPropertyName - Specifies the LDAP name of the manager property (WokerID in your example) that should be equal the identity stored in the corresponding user property.
$propertyStoringManagerID = "adm-CustomAttributeText15" # TODO: modify me
$managerIDPropertyName = "employeeID" # TODO: modify me

# Get manager ID
try
{
    $managerID = $Context.TargetObject.Get($propertyStoringManagerID)
}
catch
{
    $Context.LogMessage("Property $propertyStoringManagerID is empty.", "Warning")
    return
}

# Search parameters
$searcher = $Context.TargetObject
$searcher.SearchFilter = "(&(sAMAccountType=805306368)($managerIDPropertyName=$managerID))"
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SizeLimit = 2
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.VirtualRoot = $True

try
{
    # Execute search
    $searchResultIterator = $searcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()

    if($searchResults.Length -eq 0)
    {
        $Context.LogMessage("No user found with $managerIDPropertyName set to $managerID.", "Warning")
        return
    }
    elseif($searchResults.Length -ge 2)
    {
        $Context.LogMessage("Found 2 or more users with $managerIDPropertyName set to $managerID.", "Warning")
        return
    }

    # Update the user
    $managerDN = $managerDN = $searchResults[0].GetPropertyByName("distinguishedName").Values[0]

    $Context.TargetObject.Put("manager", $managerDN)
    $Context.TargetObject.SetInfo()
}
finally
{
    # Release resources
    if ($searchResultIterator){ $searchResultIterator.Dispose() }
}

Related questions

0 votes
1 answer
cannot get DN passed to script

trying to leverage thsi script in a custom command, bu ti cannot get the parameter to pass to it. https://www.adaxes.com/script-repository/copy-group-membership-from-specified-user-s590.htm

asked Jan 24, 2022 by Derek.Axe (480 points)
0 votes
1 answer
Grant permission to edit a user when the initiatior DN is present in the SeeAlso attribute

We are using the SeeAlso attribute to store who is responsible for specific accounts. We do not wish to use the Manager field, because the Manager/Direct Report structure is ... to, for example, extende the expiration date of an account. Is that possible?

asked Jan 28, 2020 by manuel.galli (100 points)
0 votes
1 answer
Need to retrieve name associated with DN value

I have a Powershell script running as a schedule task that is exporting user records. I have a custom attribute, positionPrimarySupervisor, that contains the DN of the user's ... supervisor. Can you provide me a script to get the information. Thanks... Sandra

asked Oct 8, 2015 by sandramnc (870 points)
0 votes
1 answer
Get address from proxyAddresses and add to CustomAttribute

I would like to create a task to get an address from proxyAddresses (Email Proxy Addresses) and add the number to a CustomAttribute field. The address would be DIR:xxxx ... digit number) and I would like to add the 4 digit number to adm-CustomAttributeText5.

asked May 6, 2016 by Kikaida (1.1k points)
0 votes
1 answer
PowerShell Command to update adm-CustomAttribute fields

What would the PowerShell command be to modify a CustomAttribute field? For example, if I wanted to modify a user and change adm-CustomAttributeText1 to be the contents of $HomeEmail?

asked Apr 26, 2016 by Kikaida (1.1k points)
3,549 questions
3,240 answers
8,232 comments
547,816 users