Adaxes

Rule based groups based on users attributes

0 votes

Hi,

would it be possible to achieve the following idea:

Creating and updating rule based groups, based on user attributes like company?

For each company value in AD, there should be a rule based group looking for this company.

So in theory, we need to get all unique company values, then create a group with this company value as filter.

by (1.8k points)

1 Answer

0 votes
by (301k points)

Update

Starting with Adaxes 2020.1, you can configure groups to be rule-based without using scheduled tasks and/or scripts. For details, have a look at section Rule-based groups of the following tutorial: https://www.adaxes.com/help/AddUsersToGroupsByDepartment/#dynamicgroups.

Original

Hello,

It is possible using a scheduled task and a PowerShell script. The script will need to do the following:

  1. Find all the unique property values.
  2. Find all the existing rule-based groups.
  3. Check each group for a rule containing the criteria based property value.
  4. For all the property values that do not correspond to criteria in the found groups, create a new rule-based group.

It would significantly decrease the timing for the script execution if all those groups are located in a single OU. Unfortunately, we do not have such a script, but the following article should be a good starting point: https://www.adaxes.com/sdk/IAdmGroup2.

0

Ok, I will try this and have the first blocker How to read the rule?

I tried this

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the group
$groupDN = "mygroupdn"
$group = $service.OpenObject("Adaxes://$groupDN", $null, $null, 0)

# 
$rules = $group.MembershipRules

$rules shows me 

Type                 : ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY
BaseObjectPath       : Adaxes://<GUID=17894c9b-0451-4e83-a5c2-962ab06ac1e7>
BaseObjectDnTemplate : 
Scope                : ADS_SCOPE_SUBTREE
Exclude              : False
Disabled             : False

How can I now read/create/update the rule?

by (1.8k points)
0

Hello,

The MembershipRules property returns an object represented by the IAdmBusinessUnitMembershipRules interface. It is a collection and you need to iterate through the items in the collection to find the required membership rule and check its criteria. Membership rules in the collection are each represented by the IAdmBusinessUnitMembershipRule interface.

by (301k points)

Related questions

0 votes
1 answer
Can Azure/O365 only accounts be added to groups / business units based on attributes?

We are trying to extend our Adaxes management to O365 / Azure only user objects. Currently we use employee type to add traditional active directory accounts to business units and ... so, can this be used to create dynamic mail enabled security groups in O365?

asked May 3, 2022 by adaxes_user2 (40 points)
0 votes
1 answer
Business Rule - Send email for add or remove on rule-based groups

I am trying to create a business rule to send an email to the manager of the group when a member is added or removed from a rule-based group. I have created the business rule and it works for other groups but not for a rule-based group. Can this be done?

asked Jul 19, 2021 by mark.it.admin (2.3k points)
0 votes
1 answer
Report to audit rule-based group query attributes

We would like to be able to, possibly through a script or report, search for attributes that equal specific values and find all rule-based groups that used those rules. An ... and being able to list all rule-based groups that use that in their query set.

asked Oct 5, 2022 by wesmcmillan (20 points)
0 votes
1 answer
Report of scheduled tasks and rule based groups and their running time

Hi team, is it somehow possible to fetch and export information from scheduled tasks and rule based groups about their schedule time? Maybe also about the next run time and how ... an overview and see if some or too many tasks are running at the same time.

asked Mar 5 by wintec01 (1.8k points)
0 votes
1 answer
Is there a way to add group managed service accounts, GMSA, to rule based groups?

When setting up a rule based group, GMSA objects are not visible. Is there a setting or view I need to add to make these availabe to rule based groups, or is it simply not an option?

asked Sep 16, 2024 by ajmilic (110 points)
3,679 questions
3,361 answers
8,504 comments
549,354 users