0 votes

Since all the old groups are deleted when a function is changed, we have created an after update for each function so that the user is added to the same groups as if it were an after create. As we have many functions, is it possible to create a script that copies all the "ifs" from the after create to an after update? Or is it possible to run an after update that queries all the after creates?

thank you

by (320 points)

1 Answer

0 votes
by (294k points)

Hello,

You can use the below script. It should be execute in Windows PowerShell. When prompted, specify the credentials of the Adaxes service account. In the script:

  • $serviceHost - the host name of the computer where Adaxes service is installed.
  • $sourceRuleDN - the distinguished name (DN) of the business rule to copy actions/conditions from. For details on how to get an object DN, see https://adaxes.com/sdk/HowDoI.GetDnOfObject.
  • $targetRuleDN - the distinguished name (DN) of the business rule to copy actions/conditions to.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$serviceHost = "localhost"
$sourceRuleDN = "CN=After create user,CN=User,CN=Business Rules,CN=Configuration Objects,CN=Adaxes Configuration,CN=Adaxes" # TODO: modify me
$targetRuleDN = "CN=After update user,CN=User,CN=Business Rules,CN=Configuration Objects,CN=Adaxes Configuration,CN=Adaxes" # TODO: modify me

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly($serviceHost)

# Prompt for credentials.
$credential = Get-Credential

$sourceRule = $service.OpenObject("Adaxes://$sourceRuleDN", $credential.UserName, $credential.GetNetworkCredential().Password, 0)
$targetRule = $service.OpenObject("Adaxes://$targetRuleDN", $credential.UserName, $credential.GetNetworkCredential().Password, 0)

# Copy actions and conditions
foreach ($set in $sourceRule.ConditionedActions)
{
    # Create a new set of actions and conditions
    $actionsAndConditions = $targetRule.ConditionedActions.Create()
    $actionsAndConditions.ConditionsLogicalOperation = 
        $set.ConditionsLogicalOperation
    $actionsAndConditions.SetInfo()

    # Copy conditions
    foreach ($condition in $set.Conditions)
    {
        $newCondition = $actionsAndConditions.Conditions.CreateEx($condition.Class)
        $newCondition.SetCondition($condition.GetCondition())
        $newCondition.SetInfo()
        $actionsAndConditions.Conditions.Add($newCondition)
    }

    # Copy actions
    foreach ($action in $set.Actions)
    {
        $newAction = $actionsAndConditions.Conditions.CreateEx($action.Class)
        $newAction.ExecutionOptions = $action.ExecutionOptions
        $actionObj = $action.GetAction()

        # 'add to group' -> 'remove from group'
        if ($actionObj.IsOperationOfType($null, "change membership") -and
            $actionObj.ActionType -eq "ADM_CHANGEGROUPMEMBERSHIPACTION_ADD")
        {
            $actionObj.ActionType = "ADM_CHANGEGROUPMEMBERSHIPACTION_REMOVE"
        }
        $newAction.SetAction($actionObj)
        $newAction.SetInfo()
        $actionsAndConditions.Actions.Add($newAction)
    }

    # Add the set to the custom command
    $targetRule.ConditionedActions.Add($actionsAndConditions)
}
0

Hello thank you for the code, but the code does not work. when we start the script, it deletes all the if. And now the actions in the if are changed to remove from group but it should rest add to group. thanks

0

Hello,

That is something that was present in the previous version of the script. There are only two options here:

  1. Full replace of the actions/conditions in the target business rules (the way the script works).
  2. Keep the existing actions/conditions in the target rules and add the ones from the source rule. If this is what you need, just remove line $targetRule.ConditionedActions.Clear() from the script. Keep in Mind that each time the script runs, all the actions/conditions will be copied and that is not something you can avoid.
0

Hello,

  1. We agree with this. However, we now have a after create in the $sourceRuleDN with 3 if. these 3 if should be copied into 3 after update with the script. when i run the script, it deletes all the if in the $sourceRuleDN and copies nothing into the three $targetRuleDNs.

  2. if the script would work, it changes the actions in the if from add to group to remove from group. however, add to group should remain add to group.

Thank you

0

Hello,

As per our tests, the script works exactly as it should for option one. The source rule remains untouched. Please, make sure to use the last version of the script and change nothing in it except for the variable values.

0

Thank you very much! I have found the error. I have about 60 positions in the $targetRuleDNs and one of them was the same as $sourceRuleDN. So everything was deleted and then copied... Which is also correct :D Thanks a lot!

Related questions

0 votes
1 answer

Hello, after update to 2021.1 we have problems with an old Windows 2003 domain. The service account for the domain will rapidly locked out from the Adaxes server. What we ... in 2021.1 for Managed Domain? Or how can I integrade old domains? regards Helmut

asked Mar 12, 2021 by a423385 (510 points)
0 votes
1 answer

Hello I am trying to set up a script to copy the 'Members Of' from specific accounts to a new user account after creating the user. Something very similar to this: https:/ ... to the ever changing nature of the business. Is someone able to help me with this?

asked May 28, 2020 by adantona (40 points)
0 votes
1 answer

Hello, I'm trying to create a business rule that will update a user account expiry date when that user logs in for the first time. I'm new to Adaxes, so I don't have a ... updated by a user's action, such as "Last Logon". Is it possible to make this work?

asked Mar 6 by sjjb2024 (60 points)
0 votes
1 answer

I've looked at https://www.adaxes.com/script-repository/copy-group-membership-from-specified-user-s590.htm. is there away to change from group names to a group type? Like exclude all distribution groups?

asked Dec 4, 2023 by Derek.Axe (480 points)
0 votes
1 answer

Hi we want to Copy the Master Data Location properties (Adress, Company, Country etc.) from one User to another User. Personal Data like Name, Mailadress, Groups ... hope someone can give us something similar just for properties. Thank you in advance Marcus

asked Sep 7, 2023 by mvr (20 points)
3,589 questions
3,278 answers
8,303 comments
548,132 users