0 votes

Hello,

I would like to create a custom command "Add domain user to local admin group".
The powershell command to execute this is quite easy.
Where I'm struggling is another point.
The initiator has to select first the user name from AD and than the computer name from AD.
This would garantee the user and the computer exist.
Is it possible to create such a task without a custom form?

Many thanks.

by (460 points)

1 Answer

0 votes
by (294k points)
selected by
Best answer

Hello Horst,

There is no possibility to achieve what you need without using a custom form in a Home Page Action.

As a solution you can use a Modify User Home Page Action with a Custom Form and a Business Rule triggering After Updating a User. In the Custom form of the action, there will be only one DN syntax attribute (e.g. Assistant) used to select the computer. The Business Rule will trigger after updating the attribute and execute a PowerShell script that will add the modified user to the local admin group. If this solution meets your requirements, we will provide you with detailed instructions.

0

Hi,

after some time I implemented your solution and it works very well.
There is only one point: in the same BR where the powershell script runs I added a command to clear the assistant field and now the process runs into a loop "after updating a user".
How can I prevent this?

Thanks.

0

Hello Horst,

You need to add the If Assistant is not empty condition to your Business Rule.

0

Hello,

to do this in the recommended way will produce a lot of problems :( :(

The BR "after updating a user" is triggered from "create a user" and from the action "add user to local admin" and from other different actions.

That means the BR "after updating a user" is triggered from a handful actions and it's not possible to create conditions for every case.

My recommendation for the next Adaxes upgrade: add the possiblity to create a condition like "if action = actionname".

Regards.

0

Hello Horst,

Thank you for the suggestion, we will consider it.

Related questions

0 votes
1 answer

Hi We have a couple of scheduled tasks set up to remove accounts which have been disabled for a perios of time. This works fine for normal user accounts, but we ... and former domain admin accounts? We're running the latest version of Adaxes Thanks Matt

asked Oct 26, 2022 by chappers77 (2.0k points)
0 votes
0 answers

We have a multiforest set up. One of the domains is a non hybrid. Whenever a user is created in that domain it gives an error saying- 'Property 'ms-exch-target- ... active Directory schema'. How can we write an exception while adding to that non-hybrid domain?

asked Oct 31, 2022 by Aishwarya Gavali (40 points)
0 votes
1 answer

I'm currently writing an "After User Creation" rule and I have a PowerShell script that adds the newly created, on-premises synced user to a handful of cloud ... powershell cmdlet that fails. I need to use PowerShell for the additional condtional flexibility.

asked Dec 13 by smcfarland (60 points)
0 votes
1 answer

Hi all, How can I add a user directly to an Entra ID group? I understand it might be possible via CLI e.g. Add-AzureADGroupMember - But is there a built-in GUI method via Business Rules? Thanks, David

asked Oct 2 by dshortall (80 points)
0 votes
1 answer

I need a specific user, when requesting another user to join a group, to have an approval sent to the AD management team. I tried to create a "Business Rule", but I'm getting an "Access Denied" error. Any idea what this could be?

asked Aug 20 by fgmello (40 points)
3,589 questions
3,278 answers
8,303 comments
548,105 users