0 votes

Hello,

A year ago, in a previous ticket, I inquired about the possibility of mandating that Adaxes users enter a ticket number before adding a member to a group. At that time, it was feasible to add one group at a time but not multiple groups. I would like to confirm if this limitation still exists.

Additionally, I am curious if implementing this requirement would affect the automatic business rules that facilitate the addition/removal of members from groups.

Regards, Fabian

by (380 points)
0

Hello Fabian,

Please, describe the configuration you have in all the possible details with live examples and screenshots. You can post the details here or send to us at support@adaxes.com.

0

I have business rules that automatically add users to groups upon user creation and remove users when the deprovision command is executed. image.png

0

Hello Fabian,

Sorry for the confusion, but this does not describe anything about the process of adding a ticket number when modifying membership of a group. Business rule only trigger before or after an operation and perform the corresponding actions. They cannot request a user input.

0

I do not have it configured. I would only like to know if it is possible.

1 Answer

+1 vote
by (295k points)
selected by
Best answer

Hello Fabian,

Thank you for clarifying. It is possible using a custom command and two parameters. One parameter will be used to enter the ticket number, the other will be used to select the groups. In case of selecting multiple groups, a PowerShell script will be required for membership update. At the same time, there will be only a single ticket number for all the groups. In the logs, you will be able to see the ticket number as parameter value for the custom command execution.

0

If we want to set this up, I would need to revoke the write member property on all groups for all users. Am I right? They can still only add users to groups using the custom commands in groups where they have the appropriate permissions, correct?

image.png

0

Hello Fabian,

Yes, that is correct. They will only need the permissions to execute the custom command on the corresponding user accounts.

0

Can I also control with the custom command which groups users are permitted to add members to? Or will they be able to add members on all groups they can see?

0

Hello Fabian,

There are two points here as groups will be selected in a parameter:

  • You can configure the parameter settings to only display groups that match certain criteria.
  • No matter of the criteria configured for the parameter, users will only be able to see the groups they are allowed to see by Adaxes security roles.
0

and for adding devices to groups they can use the same button?

0

Hello Fabian,

If you mean computer objects, it will not work. A custom command can only be configured for a specific object type. As such, you will need a separate custom command for each object type.

0

Okey and for the revocation of groups I also would need a separate custom command for users and devices?

0

Hello Fabian,

Yes, that is correct.

Related questions

0 votes
1 answer

Hello, I am attempting to configure a business rule that adjusts an adaxes custom property of a user, upon that user being added/removed from a group. I cannot seem to ... (like username, office, description, email, etc.) but not so much on custom attributes.

asked Jul 14, 2023 by NKB#2772 (70 points)
0 votes
1 answer

I have a scheduled task that runs a Powershell script against an AD group, "Group 1". I need to get all of the members of Group 1, and add them to Group 2. The ... identity in the error message start with 'user;'? What is the correct way to accomplish this?

asked Aug 27, 2019 by ngb (300 points)
0 votes
1 answer

Hello, I would like to ensure that before a computer object is moved in Adaxes, the user must enter a ticket number, and after the input, the PC is moved to ... prompts the user to enter a ticket number before the move/delete operation? Kind regards, Fabian

asked Mar 20, 2024 by fabian.p (380 points)
0 votes
1 answer

Hi team, I would like to add an action of having an input of Helpdesk Users, before adding someone to a group. I tried to create business rule, running "before ... very helpful: https://www.adaxes.com/questions/877/custom-scripts-user-input-at-running-time

asked May 17, 2024 by wintec01 (1.6k points)
0 votes
1 answer

I need a specific user, when requesting another user to join a group, to have an approval sent to the AD management team. I tried to create a "Business Rule", but I'm getting an "Access Denied" error. Any idea what this could be?

asked Aug 20, 2024 by fgmello (40 points)
3,605 questions
3,292 answers
8,342 comments
548,446 users