0 votes

Hello

In a Custom Command, a manager can remove the a user from all groups (except for some mandetory ones).

Removal is done this way: Remove-AdmGroupMember -Identity $Gruppe.sAMAccountName -Members "%sAMAccountName%" -Server $Server -AdaxesService localhost -Confirm:$False

Removal from some groups may need to be approved by the (target) user's manager.
This is triggered by a Business Rule, that programmatically sends the approval request to the manager.

When a manger initiates the CC on a user, I expect that the removal should be auto-approved, but the initiator seems unknown and the user is not removed. Instead, the manager gets a approval requst ?

In the Log, Adaxes Service is identified as initiator. This may technically be correct, but issues some troubles.

I wonder why and where the real (human) initiator is lost in the process ?

- Thanks

by (2.6k points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

the issue occurs because you remove a user from a group using a script. Scripts are run by Adaxes service. The service runs under the credentials of Adaxes default service administrator (the user account that you specified when installing Adaxes). Thus, the initiator is the default service administrator. Most probably, it is displayed as N/A in the Web interface because the user doesn't have sufficient permissions to view the service administrator in Active Directory.

You can work around the issue using Adaxes ADSI interfaces. The following script will do the job:

$groupPath = $Gruppe.AdsPath

# Bind to group
$group = $Context.BindToObjectEx($groupPath, $True)

# Remove user from group
$group.Remove($Context.TargetObject.AdsPath)
0

Got it now :oops:

- Thanks

Related questions

0 votes
1 answer

Hello @All, I have a little question about the parameter -AdaxesService and -Service. In a PowerShell Script I have to define the two parameters every time I run an CmdLet from ... I define the Values one time per Power Shell Script? Thanks for some help ;)

asked Apr 29, 2015 by ATiedemann (360 points)
0 votes
1 answer

I am trying to proxy through the AdaxesService but running as a non elevated user. I need to understand what permissions are needed to run Adaxes cmdlets with ... via Adaxes proxy service" -Enabled $false -AdaxesService localhost Thank you for any assistance.

asked Feb 12, 2015 by mknowlesus (50 points)
0 votes
1 answer

This may sound a little convoluted, but I will try and explain. I'd like to have an operation require approval by a group. And if the initiator is a member of that group, I don ... into it at a new company. I've got to dust off some of the brain cells. Thanks.

asked Jul 17 by wd.swaters (40 points)
0 votes
1 answer

Hi, I would like to have a copy of Report "Errors in Adaxes log" and exlcude one or more specific Initiators in this report (cause they are generating a lot of errors ... this easy with default options? Or do I need to create an own report by script?

asked Oct 30, 2023 by wintec01 (1.5k points)
0 votes
1 answer

On Approval Requests, in the web console, Initiator shows "N/A" instead of the custom command scheduled task. The admin console shows the custom command scheduled task though. Any way to fix that?

asked Jan 21, 2021 by mark.it.admin (2.3k points)
3,589 questions
3,278 answers
8,303 comments
548,131 users