0 votes

Hello,

A year ago, in a previous ticket, I inquired about the possibility of mandating that Adaxes users enter a ticket number before adding a member to a group. At that time, it was feasible to add one group at a time but not multiple groups. I would like to confirm if this limitation still exists.

Additionally, I am curious if implementing this requirement would affect the automatic business rules that facilitate the addition/removal of members from groups.

Regards, Fabian

by (380 points)
0

Hello Fabian,

Please, describe the configuration you have in all the possible details with live examples and screenshots. You can post the details here or send to us at support@adaxes.com.

0

I have business rules that automatically add users to groups upon user creation and remove users when the deprovision command is executed. image.png

0

Hello Fabian,

Sorry for the confusion, but this does not describe anything about the process of adding a ticket number when modifying membership of a group. Business rule only trigger before or after an operation and perform the corresponding actions. They cannot request a user input.

0

I do not have it configured. I would only like to know if it is possible.

1 Answer

+1 vote
by (287k points)
selected by
Best answer

Hello Fabian,

Thank you for clarifying. It is possible using a custom command and two parameters. One parameter will be used to enter the ticket number, the other will be used to select the groups. In case of selecting multiple groups, a PowerShell script will be required for membership update. At the same time, there will be only a single ticket number for all the groups. In the logs, you will be able to see the ticket number as parameter value for the custom command execution.

0

If we want to set this up, I would need to revoke the write member property on all groups for all users. Am I right? They can still only add users to groups using the custom commands in groups where they have the appropriate permissions, correct?

image.png

0

Hello Fabian,

Yes, that is correct. They will only need the permissions to execute the custom command on the corresponding user accounts.

0

Can I also control with the custom command which groups users are permitted to add members to? Or will they be able to add members on all groups they can see?

0

Hello Fabian,

There are two points here as groups will be selected in a parameter:

  • You can configure the parameter settings to only display groups that match certain criteria.
  • No matter of the criteria configured for the parameter, users will only be able to see the groups they are allowed to see by Adaxes security roles.
0

and for adding devices to groups they can use the same button?

0

Hello Fabian,

If you mean computer objects, it will not work. A custom command can only be configured for a specific object type. As such, you will need a separate custom command for each object type.

0

Okey and for the revocation of groups I also would need a separate custom command for users and devices?

0

Hello Fabian,

Yes, that is correct.

Related questions

0 votes
1 answer

Hello, I am attempting to configure a business rule that adjusts an adaxes custom property of a user, upon that user being added/removed from a group. I cannot seem to ... (like username, office, description, email, etc.) but not so much on custom attributes.

asked Jul 14, 2023 by NKB#2772 (70 points)
0 votes
1 answer

I have a scheduled task that runs a Powershell script against an AD group, "Group 1". I need to get all of the members of Group 1, and add them to Group 2. The ... identity in the error message start with 'user;'? What is the correct way to accomplish this?

asked Aug 27, 2019 by ngb (290 points)
0 votes
1 answer

Hello, I would like to ensure that before a computer object is moved in Adaxes, the user must enter a ticket number, and after the input, the PC is moved to ... prompts the user to enter a ticket number before the move/delete operation? Kind regards, Fabian

asked Mar 20 by fabian.p (380 points)
0 votes
1 answer

Hi team, I would like to add an action of having an input of Helpdesk Users, before adding someone to a group. I tried to create business rule, running "before ... very helpful: https://www.adaxes.com/questions/877/custom-scripts-user-input-at-running-time

asked May 17 by wintec01 (1.5k points)
0 votes
1 answer

I need a specific user, when requesting another user to join a group, to have an approval sent to the AD management team. I tried to create a "Business Rule", but I'm getting an "Access Denied" error. Any idea what this could be?

asked Aug 20 by fgmello (40 points)
3,526 questions
3,217 answers
8,197 comments
547,625 users