Adaxes

Add group to Business Unit by executing custom command

0 votes

Dear,

I'm having issue in adding a group to a Business Unit. The situation is as following:

We have given our IT ServiceDesk access to manage certain groups. This is done through a Security role and Scoped to a Business Unit. We would like to give them control to add groups to the Business Unit so the fall within scope. I'm trying to do that through a custom command. The command executes without problems but it's not adding the group. The following script is used:

# Load the Adaxes ADSI module
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the business unit
$businessUnitsPath = $service.Backend.GetConfigurationContainerPath("BusinessUnits")
$unitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" $businessUnitsPath
$containerPathObj = $unitsPathObj.CreateChildPath("CN=IT ServiceDesk")
$unitPath = $containerPathObj.CreateChildPath("CN=test")
$unit = $service.OpenObject($unitPath.ToString(), $null, $null, 0)

# Log paths for debugging
$Context.LogMessage("$unitsPathObj", "Information")
$Context.LogMessage("$containerPathObj", "Information")
$Context.LogMessage("$unitPath", "Information")

# Bind to the group
$GroupDN = "<common name of group"
$Group = $service.OpenObject("Adaxes://$GroupDN", $null, $null, 0)

# Get membership rules of the business unit
$rules = $unit.GetMembershipRules()

# Create and configure the include rule
$includeRule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$includeRule.Exclude = $false
$includeRule.Object = $Group

# Add the include rule to the business unit
$rules.Add($includeRule)

# Save the changes to the business unit
$unit.SetInfo()

# Log completion message
$Context.LogMessage("Group successfully added to the Business Unit.", "Information")

Can you please verify what is preventing the addition?

Thank you.

by (20 points)

1 Answer

0 votes
by (14.5k points)

Hello,

Your script is missing the call of the SetMembershipRules method which saves changes in business unit membership rules collection. Additionally, since the script is executed in a custom command, there is no need to explicitly connect to the service. Instead, you can get the ADS path of the BusinessUnits container and bind to a unit using a predefined PowerShell variable $Context. We updated the script accordingly. Please, find it below.

$GroupDN = "CN=MyGroup,OU=Groups,DC=domain,DC=com" # TODO: modify me

# Bind to the business unit
$businessUnitsPath = $Context.GetWellKnownContainerPath("BusinessUnits")
$unitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" $businessUnitsPath
$containerPathObj = $unitsPathObj.CreateChildPath("CN=IT ServiceDesk")
$unitPath = $containerPathObj.CreateChildPath("CN=test")
$unit = $Context.BindToObject($unitPath)

# Log paths for debugging
$Context.LogMessage("$unitsPathObj", "Information")
$Context.LogMessage("$containerPathObj", "Information")
$Context.LogMessage("$unitPath", "Information")

# Bind to the group
$Group = $Context.BindToObjectByDN($GroupDN)

# Get membership rules of the business unit
$rules = $unit.GetMembershipRules()

# Create and configure the include rule
$includeRule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$includeRule.Exclude = $false
$includeRule.Object = $Group

# Add the include rule to the business unit
$rules.Add($includeRule)

# Save the changes to the business unit
$unit.SetMembershipRules($rules)
$unit.SetInfo()

# Log completion message
$Context.LogMessage("Group successfully added to the Business Unit.", "Information")
0

thank you for your prompt response. It's now working!

by (20 points)

Related questions

0 votes
1 answer
Business Rule is not being trigger by ADSI Context command to add group member.

We have a business rule that will update an AD attribute when a new member is added to a group. This business rule works when we use powershell commands or the admin console ... set to trigger "After adding a member to a group". Thank you for your support!

asked Mar 29, 2023 by mark.it.admin (2.3k points)
0 votes
1 answer
Custom Command - load photo and add to group

Hello We are using the script you created for us to upload the employees photo based on their employee ID which works fantastic. The script is below: $picturePath = "picture path" # ... I am missing something obvious but can't see how to do it :? Thank you.

asked Jan 9, 2015 by CBurn (700 points)
0 votes
1 answer
Business Rule and Custom Command - After adding members to group - Member not correct

Hi team, I have a follow up to this question https://www.adaxes.com/questions/14234/business-after-adding-members-powershell-script-executed Let me explain my setup A rule- ... area% failed due to the following exception: $($_.Exception.Message)", "Error") }

asked Feb 13 by wintec01 (1.5k points)
0 votes
1 answer
Custom Command for Business Unit

When creating custom commands you have to select the object type. What is the object type for a Business Unit? It doesn't seem to be OU or Container as I can not select ... execute my script against. I've been searching the site and can not find this detail.

asked Jul 5, 2021 by ComputerHabit (790 points)
0 votes
1 answer
Search for Custom Command by name and execute from Business Rule

I would like to add the following logic into a Powershell script that will be triggered on 'After Create User'. Read the value of the 'title' property of the user just created ... 'True' or 'False'. Could you assist with how to script this please? Many thanks.

asked May 1, 2020 by Bernie (310 points)
3,588 questions
3,277 answers
8,303 comments
548,079 users