Add Direct reports of managers who report to CEO

Question

Hi,

Is there a way I can create a rule based group or scheduled task in which the Direct reports of the direct reports are added to a group? So for example:

CEO VP's report to CEO Directors report to VP's

In this case I only want the Directors added but this can't be done with job title and the titles don't all inlcude Director. Essentially, I'd like to be able to check if a user reports to CEO (by name, rather than role) then add direct reports to the group and then also remove anyone that is already in the list that no longer reports to a manager who reports to the CEO.

Thanks in advance

Comments

Hello Gareth,

Do we understand correctly that a specific group should contain anybody whose manager has CEO in their name?

For us to suggest a solution, please, specify the version of Adaxes you are using. For information on how to check it, have a look at the following help article: https://www.adaxes.com/help/CheckServiceVersion.

---

Hi,

Thanks for the quick reply.

No, so essentially the group needs to contain all the direct reports of the users who report to the CEO.

So if say usera reports to the CEO then the group needs to contain all of the direct reports of usera but not usera itself.

I am using 3.15.20817.0

Thanks!

---

Hello Gareth,

Thank you for clarifying. Do you have just a single CEO user or there are multiple ones?

---

There is only a single CEO user and we can target them by samaccountname or job title, whichever is easiest.

I don't know whether or not it would be easier perhaps to use a boolean custom attribute?

So if users manager reports to CEO: Then mark boolean as true

Then make a rule based membership based on the boolean attribute?

I just can't work out how to assign the attribute and get the logic right for the if statement.

Answer 1

Hello Gareth,

Thank you for the confirmation. There is no need to use any additional attributes. Also, for your information, Adaxes custom attributes cannot be used in search criteria. To achieve the desired, use the below script in a scheduled task configured for the User object type. The Activity Scope of the task should only include the CEO user. In the script, the $groupDN variable specifies the distinguished name (DN) of the group. For information on how to get an object DN, see https://adaxes.com/sdk/HowDoI.GetDnOfObject.

$groupDN = "CN=My group,OU=Groups,DC=domain,DC=com" # TODO: modify me

# Bind to the group
$group = $Context.BindToObjectByDN($groupDN)

# Get direct reports of target user
try
{
    $directReportDNs = $Context.TargetObject.GetEx("directReports")
}
catch
{
    # Remove all group members
    $group.Put("member", $NULL)
    $group.SetInfo()
    return
}

$newMembers = New-Object System.Collections.ArrayList
foreach ($directReportDN in $directReportDNs)
{
    # Get second level direct reports
    $directReport = $Context.BindToObjectByDN($directReportDN)
    try
    {
        $secondLevelReportDNs = $directReport.GetEx("directReports")
    }
    catch
    {
        continue
    }

    # Add second level direct reports to group
    $newMembers.AddRange($secondLevelReportDNs)
}

# Update group members
if ($newMembers.Count -eq 0)
{
    $group.Put("member", $NULL)
}
else
{
    $group.Put("member", $newMembers.ToArray())
}

# Save the changes
$group.SetInfo()

Comments

Thanks, that's great! Does that also remove users who are no longer direct reports of the ceo's direct reports?

---

Hello Gareth,

Yes, that is included.

---

Thank you!