Adaxes

Rule based groups based on users attributes

0 votes

Hi,

would it be possible to achieve the following idea:

Creating and updating rule based groups, based on user attributes like company?

For each company value in AD, there should be a rule based group looking for this company.

So in theory, we need to get all unique company values, then create a group with this company value as filter.

by (1.5k points)

1 Answer

0 votes
by (288k points)

Hello,

It is possible using a scheduled task and a PowerShell script. The script will need to do the following:

  1. Find all the unique property values.
  2. Find all the existing rule-based groups.
  3. Check each group for a rule containing the criteria based property value.
  4. For all the property values that do not correspond to criteria in the found groups, create a new rule-based group.

It would significantly decrease the timing for the script execution if all those groups are located in a single OU. Unfortunately, we do not have such a script, but the following article should be a good starting point: https://www.adaxes.com/sdk/IAdmGroup2.

0

Ok, I will try this and have the first blocker How to read the rule?

I tried this

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the group
$groupDN = "mygroupdn"
$group = $service.OpenObject("Adaxes://$groupDN", $null, $null, 0)

# 
$rules = $group.MembershipRules

$rules shows me 

Type                 : ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY
BaseObjectPath       : Adaxes://<GUID=17894c9b-0451-4e83-a5c2-962ab06ac1e7>
BaseObjectDnTemplate : 
Scope                : ADS_SCOPE_SUBTREE
Exclude              : False
Disabled             : False

How can I now read/create/update the rule?

by (1.5k points)
0

Hello,

The MembershipRules property returns an object represented by the IAdmBusinessUnitMembershipRules interface. It is a collection and you need to iterate through the items in the collection to find the required membership rule and check its criteria. Membership rules in the collection are each represented by the IAdmBusinessUnitMembershipRule interface.

by (288k points)

Related questions

0 votes
1 answer
Can Azure/O365 only accounts be added to groups / business units based on attributes?

We are trying to extend our Adaxes management to O365 / Azure only user objects. Currently we use employee type to add traditional active directory accounts to business units and ... so, can this be used to create dynamic mail enabled security groups in O365?

asked May 3, 2022 by adaxes_user2 (40 points)
0 votes
1 answer
Business Rule - Send email for add or remove on rule-based groups

I am trying to create a business rule to send an email to the manager of the group when a member is added or removed from a rule-based group. I have created the business rule and it works for other groups but not for a rule-based group. Can this be done?

asked Jul 19, 2021 by mark.it.admin (2.3k points)
0 votes
1 answer
Report to audit rule-based group query attributes

We would like to be able to, possibly through a script or report, search for attributes that equal specific values and find all rule-based groups that used those rules. An ... and being able to list all rule-based groups that use that in their query set.

asked Oct 5, 2022 by wesmcmillan (20 points)
0 votes
1 answer
Is there a way to add group managed service accounts, GMSA, to rule based groups?

When setting up a rule based group, GMSA objects are not visible. Is there a setting or view I need to add to make these availabe to rule based groups, or is it simply not an option?

asked Sep 16 by ajmilic (100 points)
0 votes
1 answer
Time scheduler for rule-based groups

Hello, I have a lot of rule-based groups which are updated every day at 5 a.m. but now I would like to change the synchronization time for all groups, for ... custom command be created which updates all groups when executed? Many thanks for your help! D.

asked Jan 9 by DRiVSSi (300 points)
3,538 questions
3,229 answers
8,224 comments
547,747 users