I'm having issue in adding a group to a Business Unit. The situation is as following:

We have given our IT ServiceDesk access to manage certain groups. This is done through a Security role and Scoped to a Business Unit. We would like to give them control to add groups to the Business Unit so the fall within scope. I'm trying to do that through a custom command. The command executes without problems but it's not adding the group. The following script is used:

# Load the Adaxes ADSI module

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the business unit
$businessUnitsPath = $service.Backend.GetConfigurationContainerPath("BusinessUnits")
$unitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" $businessUnitsPath
$containerPathObj = $unitsPathObj.CreateChildPath("CN=IT ServiceDesk")
$unitPath = $containerPathObj.CreateChildPath("CN=test")
$unit = $service.OpenObject($unitPath.ToString(), $null, $null, 0)

# Log paths for debugging
$Context.LogMessage("$unitsPathObj", "Information")
$Context.LogMessage("$containerPathObj", "Information")
$Context.LogMessage("$unitPath", "Information")

# Bind to the group
$GroupDN = "<common name of group"
$Group = $service.OpenObject("Adaxes://$GroupDN", $null, $null, 0)

# Get membership rules of the business unit
$rules = $unit.GetMembershipRules()

# Create and configure the include rule
$includeRule.Exclude = $false
$includeRule.Object = $Group

# Add the include rule to the business unit

# Save the changes to the business unit

# Log completion message
$Context.LogMessage("Group successfully added to the Business Unit.", "Information")

Can you please verify what is preventing the addition?

Thank you.

1 Answer

Your script is missing the call of the SetMembershipRules method which saves changes in business unit membership rules collection. Additionally, since the script is executed in a custom command, there is no need to explicitly connect to the service. Instead, you can get the ADS path of the BusinessUnits container and bind to a unit using a predefined PowerShell variable $Context. We updated the script accordingly. Please, find it below.

$GroupDN = "CN=MyGroup,OU=Groups,DC=domain,DC=com" # TODO: modify me

# Bind to the business unit
$businessUnitsPath = $Context.GetWellKnownContainerPath("BusinessUnits")
$unitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" $businessUnitsPath
$containerPathObj = $unitsPathObj.CreateChildPath("CN=IT ServiceDesk")
$unitPath = $containerPathObj.CreateChildPath("CN=test")
$unit = $Context.BindToObject($unitPath)

# Log paths for debugging
$Context.LogMessage("$unitsPathObj", "Information")
$Context.LogMessage("$containerPathObj", "Information")
$Context.LogMessage("$unitPath", "Information")

# Bind to the group
$Group = $Context.BindToObjectByDN($GroupDN)

# Get membership rules of the business unit
$rules = $unit.GetMembershipRules()

# Create and configure the include rule
$includeRule.Exclude = $false
$includeRule.Object = $Group

# Add the include rule to the business unit

# Save the changes to the business unit

# Log completion message
$Context.LogMessage("Group successfully added to the Business Unit.", "Information")

thank you for your prompt response. It's now working!

