Adaxes

Business rule not applied?

0 votes

image.png

I have business rule that is NOT applied to group license_AAD_PREMIUM_P2_internal group even it should according activity scope. Scope for this group was added through PowerShell code mentioned here https://adaxes.com/sdk/DefiningScopeOfActivity/#example-4-include-a-specific-group-object-not-members-of-the-group

What can be the cause of this?

Code looks like this image.png

PS: I encountered same behaviour for security roles (also modified by PS script)

by (960 points)
edited by
0

Hello,

For troubleshooting purposes, please, do the following:

  • Specify the triggering operation of the business rule (e.g. After updating a group).
  • Provide the script you are using in TXT format.
  • Specify all the parameter values you use to execute the script.
by (289k points)
0

trigger can be anything (if I add scope bind to the same group manually, rule gets triggered)

script + parameters:

$ruleADSPath = '<ADSPathOfTheAdaxesRule>'
$baseObjectDN = '<DNofTheADObject>'
$type = 'ADM_SCOPEBASEOBJECTTYPE_GROUP'
$exclude = $false
$inheritance = 'ADS_SCOPE_BASE'

$null = [Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# connect to the Adaxes service
$adaxesService = "localhost"
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly($adaxesService)

# get base object
$baseObj = $admService.OpenObject("Adaxes://$baseObjectDN", $null, $null, 0)

# get business rule
$rule = $admService.OpenObject($ruleADSPath, $null, $null, 0)

# add new scope to the business rule
$scopeItem = $rule.ActivityScopeItems.Create()
$scopeItem.BaseObject = $baseObj
$scopeItem.Type = $type
$scopeItem.Inheritance = $inheritance
$scopeItem.Exclude = $exclude
$scopeItem.SetInfo()
$rule.ActivityScopeItems.Add($scopeItem)
$rule.SetInfo()

I am guessing that problem is in the "save" action, but I've tried setOption() too without any luck.

by (960 points)

1 Answer

0 votes
by (289k points)
selected by
Best answer

Hello,

Thank you for the provided details. The issue occurs because the $type variable is set incorrectly. As it is specified in the example you referenced, the variable must be set to ADM_SCOPEBASEOBJECTTYPE_CONTAINER. Changing the variable value will remedy the issue.

0

You are right. Usage of ADM_SCOPEBASEOBJECTTYPE_CONTAINER indeed solved the problem.

Can you clarify why? Or maybe when should I use ADM_SCOPEBASEOBJECTTYPE_GROUP type?

From official documentation it is not very clear (at least for me)

by (960 points)
+1

Hello,

Or maybe when should I use ADM_SCOPEBASEOBJECTTYPE_GROUP type?

Whenever you need to add an item as this object only, the ADM_SCOPEBASEOBJECTTYPE_CONTAINER type should be used. The ADM_SCOPEBASEOBJECTTYPE_GROUP one should only be used when it is about group members.

From official documentation it is not very clear (at least for me)

Thank you for pointing this out. We will consider updating the documentation accordingly.

by (289k points)
0

aka

if ADS_SCOPE_ONELEVEL or ADS_SCOPE_SUBTREE use ADM_SCOPEBASEOBJECTTYPE_GROUP

if ADS_SCOPE_BASE use ADM_SCOPEBASEOBJECTTYPE_CONTAINER

is that correct?

by (960 points)

Related questions

0 votes
1 answer
Business Rule and Custom Command - After adding members to group - Member not correct

Hi team, I have a follow up to this question https://www.adaxes.com/questions/14234/business-after-adding-members-powershell-script-executed Let me explain my setup A rule- ... area% failed due to the following exception: $($_.Exception.Message)", "Error") }

asked Feb 13 by wintec01 (1.5k points)
0 votes
1 answer
Business Rule not moving user to required OU

Hi, I have a business rule setup to perform actions after user creation. First action is to run a powershell script which works and it sets a required AD attribute ( ... new user sits in the original OU and does not move Am i missing something here?

asked Feb 6 by Lewis (40 points)
0 votes
1 answer
Business Rule - After adding members to group - Powershell script to user not executed

Hi team, I need to update users extensionAttribute6 after adding or removing them from a specific group. This is my setup: Group is updated based on rule set within Adaxes ... would like to update users after they were added or removed from this group. Thanks!

asked Sep 25, 2023 by wintec01 (1.5k points)
0 votes
1 answer
Business Rule - 'After user updated' not triggered when the user is added to a group.

I need a way of triggering a business rule based on the user (and not the group) being added or removed from a group. The reason I would like this triggered on the user is so ... prefer not to do that. I am checking to see if there is another way to do this.

asked May 16, 2023 by mark.it.admin (2.3k points)
0 votes
1 answer
Business Rule not triggered when action is done by script

I have created a Business Rule (call it BR1) that occurs After adding or removing a member from a group . For testing purposes, it currently runs a PowerShell script ... the Business Rule I created. Is this expected behavior? Or am I doing something wrong?

asked Apr 12, 2023 by alex.vanderwoude (60 points)
3,549 questions
3,240 answers
8,232 comments
547,814 users