I have created a Business Rule (call it BR1) that occurs “After adding or removing a member from a group”. For testing purposes, it currently runs a PowerShell script that only logs a message, nothing more. The Activity Scope of BR1 is a particular Group (call it G1); both for the group itself and its members (not “direct members only”). The idea is that any membership change in G1 or any of its sub-groups triggers BR1.
This works fine in the Console (and presumably in the Web Interface too): when you add a new member to G1, either a user or a group, BR1 triggers and the message appears in the log. If you remove a member from G1, either a user or a group, BR1 triggers and the message appears in the log. This applies even to members that are more than one level deep, i.e. inside a sub-group that is a member of G1. This is exactly what I want!
Unfortunately, when I attempt to remove a member using a Custom Command that runs a PowerShell script, BR1 is not triggered. More details:
- In the Console, navigate to G1 and use the right-click menu to choose All Tasks > CC.
- The CC has a hard-coded group that it removes (just for testing). It calls “$Context.TargetObject.Remove($group.AdsPath)” to do the work. Note that there is more code in that script to populate $group, but that line is the heart of it.
- The CC succeeds, the group is removed from the parent as expected.
- However, BR1 never runs, there is no log message.
I tried some variations:
- Instead of calling Remove() in the script, I invoked the Remove-AdmGroupMember cmdlet. This worked, but did not trigger BR1.
- As per https://www.adaxes.com/questions/13571/business-rule-being-trigger-adsi-context-command-group-member, I tried binding the group using “$Context.BindToObjectByDNEx()”, but this made no difference: although the group was removed as expected, BR1 was not triggered.
- Instead of using a PowerShell script CC, I created a CC that calls the built-in “Remove this group from another group” with a parameter to choose the parent group. This did trigger BR1 when it was run.
It seems that removing a member from a group from within a PowerShell script bypasses the Business Rule I created. Is this expected behavior? Or am I doing something wrong?