Hello Pudong,
Thank you for the confirmation. Below is the script that should do the trick. Same like the previous one, this script should be executed in a business rule triggering Before adding a member to a group. In the script:
- $predefinedAccountDN – Specifies the distinguished name (DN) of the person to submit the request for approval and send email to if no division manager is found. For information on how to get an object DN, see https://adaxes.com/sdk/HowDoI.GetDnOfObject.
- $subject – Specifies the email notification subject.
- $message – Specifies the email notification text.
- $businessUnitDN – Specifies the distinguished name (DN) of the business unit containing division managers.
$predefinedAccountDN = "CN=John Smith,OU=Users,DC=company,DC=com" # TODO: modify me
$subject = "Division Manager not found for %adm-MemberFullName%." # TODO: modify me
$message = "Division Manager not found for %adm-MemberFullName%. Please check for alternative approver" # TODO: modify me
$businessUnitDN = "CN=My Unit,CN=Business Units,CN=Configuration Objects,CN=Adaxes Configuration,CN=Adaxes" # TODO: modify me
function SendMail ($recipientDN, $subject, $message)
{
# Get recipient email
$recipient = $Context.BindToObjectByDN($recipientDN)
try
{
$recipientEmail = $recipient.Get("mail")
$Context.SendMail($recipientEmail, $subject, $message, $NULL)
}
catch
{
$Context.LogMessage("The specified recipient has no email address. No notification will be sent.", "Warning")
}
}
function GetApproverDN ($objectDN, $unit, $alreadyProcessedObjects)
{
if (-not $alreadyProcessedObjects.Add($objectDN))
{
return $NULL
}
$object = $Context.BindToObjectByDN($objectDN)
if ($unit.IsMember($object))
{
return $objectDN
}
else
{
# Get manager
try
{
$managerDN = $object.Get("manager")
}
catch
{
return $NULL
}
$objectDN = GetApproverDN $managerDN $unit $alreadyProcessedObjects
}
return $objectDN
}
# Bind to the business unit
$unit = $Context.BindToObjectByDN($businessUnitDN)
# Bind to the member
$member = $Context.BindToObject("Adaxes://%member%")
# Check division manager
try
{
$memberManagerDN = $member.Get("manager")
}
catch
{
$Context.SubmitForApproval(@($predefinedAccountDN), $False, $False, $False, $False)
SendMail $predefinedAccountDN $subject $message
}
$alreadyProcessedObjects = New-Object "System.Collections.Generic.HashSet[System.String]"
$approverDN = GetApproverDN $memberManagerDN $unit $alreadyProcessedObjects
# Submit for approval
if ($NULL -ne $approverDN)
{
$Context.SubmitForApproval(@($approverDN), $False, $False, $False, $False)
}
else
{
$Context.SubmitForApproval(@($predefinedAccountDN), $False, $False, $False, $False)
SendMail $predefinedAccountDN $subject $message
}