Adaxes

need some help with groups memberships

0 votes

hello!

we have a ton of users in a specific OU. As of right now, the only way to identify if that user uses a specific system is by the groups that they are in.
I'd like to create a process that when a user is added to a particular group/DL(we have about 10 of them), they are then added to another group.

For some reason I can't figure out how to do this. I created a Business rule checking the group, and then adding, but no cigar.
I looked at some old thread, but it didn't specifically say how to accomplish this.
I then tried to write a PS command after checking the group, to add the user to group, but that too didn't happen.

can someone help?

thanks!

by (1.7k points)

1 Answer

0 votes
by (289k points)
selected by
Best answer

Hello,

Sorry for a delayed reply.

This cannot be done using Business Rules. The reason is that, when adding a user to a Group the User itself is not updated, but the group is. Thus, any Business Rule triggered by the operation can be triggered on the group, and not on the user. As a workaround we suggest using a Scheduled Task that will add users to a Group 2 if they are already members of Group 1.

To do so:

  1. Create a new Scheduled Task.

  2. On step 3 of the Create Scheduled Task wizard, select User.

  3. Click Add Action and select Add the User to a group.

  4. Click Select group and select the group you want to add the user to, (Group 2).

  5. Click OK.

  6. Double-click Always.

  7. Select If is a member of <Group>.

  8. Click Select Group and select the group a user should be member of (Group 1).

  9. Click OK.

  10. Right-click the action you have created and click Add Condition.

  11. Select If is a member of <Group>.

  12. Click Select group and select Group 2.

  13. Select is not.

  14. Click OK.

  15. If you also need to remove the user from Group 2 once they are no longer members of Group 1, click Add action to a new set and add the following:

    • Conditions: If a user is member of Group 2 and If a User is not a member of group 1.
    • Action: Remove a User from Group 2.

  16. Click Next and select where the Scheduled Task will manage the group memberships. When done, click Finish.

Related questions

0 votes
1 answer
Copy only specific Groups of a user to another user - some with approval

Hi there, i know the multiple ways of copying the user groups - or all of them within the user creation wizard. I want to copy only a couple of groups ... is it possible to create an approval operation out of an powershellscript? Kind regards, Constantin

asked May 27, 2021 by Constey (190 points)
0 votes
1 answer
I need to make some mass updates in the console but don't want it to kick off business rules and create log entries.

We'll be updating over 14K accounts with data (adding data to a virtual attribute) using a scheduled task but I don't want the updates to trigger Business Rules and flood the Adaxes log with entries. Is there an easy way to prevent this?

asked Apr 12, 2022 by sandramnc (870 points)
0 votes
1 answer
Need help creating and updating users from fixed formatted

Need help creating and updating users from a fixed formatted file exported daily by the HR system system. I just want to make sure that I am on the right track before ... this work? Any suggestions as to how to handle this scenario, best practices? Thanks!

asked Feb 2, 2016 by afshin (50 points)
0 votes
1 answer
As part of offboarding users I need to keep a note of all AD/Entra groups, Azure / M365 roles and licenses

As part of offboarding a user I need to generate a report of all AD groups, Entra groups and all Azure / M365 roles and licenses the user has before they ... about keeping a record of the leavers configured profile to simplify cloning them onto new starters.

asked Jun 24 by dhardyuk (20 points)
0 votes
1 answer
[Help] Deprovisioning - Remove from all groups EXCEPT [xyz]

Hi all, I need some help with this builtin script. It's a good foundation for what I'd like to do but I need to be able to keep the user in two groups (one, ... this, some kind of output log of the tasks completed on the deprovisioned user).. Thank you!

asked Nov 30, 2017 by adriank (100 points)
3,552 questions
3,242 answers
8,243 comments
547,828 users