0 votes

Hello

We have the need to create a home page action for creating groups, security and distribution. We would like to see if this script https://www.adaxes.com/script-repositor ... t-s427.htm can me modified to achieve our end goal.

End Goal:

  • Home Page action that has a few fields the user (Admin for now) will select or type in.
    First selection is type of group: [Distribution, File Share or Security]
    Second selection is Company: [Company A, Company B, Company C]
    Third selection is text field: [Type in What this controls]
    Fourth selection is type of employee: [employee, contractor or intern] This is optional

    Description then gets created using the information in the four selection above, something like, This selection 1 (Security Group) controls access for selection 2 (Company A) to selection 3 (whatever is typed)

Thank you for taking the time to look at this.
Jay

by (3.2k points)
0

Hello Jay,

Do we understand correctly that you need a Home Page Action that will create a group (Security or Distribution) or a File Share with specific property values and a Description generated based on the values? If that is not what you need to achieve, provide us with all the possible details on the desired scenario.

Keep in mind, that you can grant permissions only to members of Security groups using Adaxes Security Roles.

0

@Support2

Yes you are understanding correctly. We want the groups to be dynamic based on attributes we provide.

1 Answer

0 votes
by (287k points)
selected by
Best answer

Hello Jay,

As a solution, we recommend using a Scheduled Task that will build an LDAP filter for each group based on its property values and add/remove members from the group based on this filter. The filter will be stored in a group property. If this solution meets your requirements, provide us with the following details:

What exactly do you mean by File Share group type?

What are admins going to enter into the third field (What this controls)?

0

File Share is internal language we use on our storage drives and devices. Just a security group but we named it file share to quickly distinguish.
When building out the name of the group we want structure and consistentance, so the third field will be what program for security group or department for distribution group.

As i reread the title, i may have been to precise in the name. We are looking for a solution to make dynamic groups not just distribution groups. I understand the process is the same but wanted to make sure you had the facts.

0

Hello Jay,

The properties you provided in your first post will be used to query users that should be added/removed from groups. How exactly should the third field be included into the query? For example, the second field will specify a company (e.g. A, B, C), what values can admins enter into the third field?

0

Third field would not be part of the query. Third would be just for static groups.

0

Hello Jay,

Thank you for clarifying. The solution will include a Home Page Action, a Scheduled Task and a Property Pattern. The Home Page Action form will contain only the group name field and the four fields you mentioned in your first post. The Scheduled Task will create an LDAP filter for group members and add corresponding users to the group. The Property Pattern will specify a template used to generate group Description.

As long as Company of a group is a Company of the group owner, we recommend using one of Adaxes text attributes (e.g. CustomAttributeText1) to store the company name that will be used to filter group members. For the third and fourth field, we also recommend using Adaxes custom text attributes (e.g. CustomAttributeText2 and CustomAttributeText3)

i. Creating the Home Page Action

  1. Launch Adaxes Web Interface Customization Tool.
  2. Select the interface type and click Configure Home Page Actions on the General tab.
  3. Click Add and select Create New Group.
  4. Click Next.
  5. On step 2 of the wizard, specify the conditions for selecting the container where new groups will be created and click Next.
  6. Select Use customized form and click Customize Form.
  7. Delete all the sections except for the General one.
  8. Delete all the properties from the section except for Group Name and Group Type.
  9. Click Add below Section fields.
  10. Select Show all properties.
  11. Select CustomAttributeText1, CustomAttributeText2 and CustomAttributeText3.
  12. Click OK twice and finish creating the Home Page Action.

For information on how to change property display names, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.Man ... Names.html.

ii. Creating the Property Pattern

  1. Launch Adaxes Administration Console.
  2. Right-click your Adaxes service node, navigate to New and click Property Pattern.
  3. On step 2 of the Create Property Pattern wizard, select Group Object type and click Next.
  4. Click Add and select Description.
  5. In the Generate default value field, type the template. For example:
    This group controls access for %adm-CustomAttributeText1% to %adm-CustomAttributeText2%.
  6. Click OK.
  7. Click Next and finish creating the Property Pattern.

iii. Creating the Scheduled Task

  1. Launch Adaxes Administration Console.

  2. Right-click your Adaxes service node, navigate to New and click Scheduled Task.

  3. On step 3 of Create Scheduled Task wizard select Group Object type and click Next.

  4. Click Add Action.

  5. Select Run a program or Powershell script.

  6. Paste the below script into the Script field.

     $companyProperty = "adm-CustomAttributeText1" # TODO: modify me
     $employeeTypeProperty = "adm-CustomAttributeText2" # TODO: modify me
    
     function SearchObjects($filter, $domainName, $properties)
     {
         # Set search parameters
         $searcher = $Context.BindToObject("Adaxes://$domainName")
         $searcher.SearchFilter = $filter
         $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
         $searcher.PageSize = 500
         $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
         $searcher.SetPropertiesToLoad($properties)
    
         try
         {
             # Execute search
             $searchResultIterator = $searcher.ExecuteSearch()
             $searchResults = $searchResultIterator.FetchAll()
    
             return ,$searchResults
         }
         finally
         {
             # Release resources
             if ($searchResultIterator){ $searchResultIterator.Dispose() }
         }
     }
    
     # Get company for LDAP filter
     try
     {
         $company = $Context.TargetObject.Get($companyProperty)
     }
     catch
     {
         $Context.LogMessage("Company not specified", "Warning")
         return
     }
    
     # Get employee type for LDAP filter
     try
     {
         $employeeType = $Context.TargetObject.Get($employeeTypeProperty)
     }
     catch
     {
         $employeeType = $NULL
     }
    
     # Build filter
     $filter = New-Object "System.Text.StringBuilder"
     [void]$filter.Append("(&(sAMAccountType=805306368)(company=$company)")
     if (-not([System.String]::IsNullOrEmpty($employeeType)))
     {
         [void]$filter.Append("(employeeType=$employeeType)")
     }
     [void]$filter.Append(")")
     $domainName = $Context.GetObjectDomain("%distinguishedName%")
    
     # Search users
     $searchResults = SearchObjects $filter.ToString() $domainName @("distinguishedName")
    
     # Add users to group
     if ($searchResults.Length -eq 0)
     {
         $Context.TargetObject.PutEx("ADS_PROPERTY_CLEAR", "member", $NULL)
     }
     else
     {
         [System.Array]$userDNs = $searchResults | %%{$_.Properties["distinguishedName"].Value}
         $Context.TargetObject.PutEx("ADS_PROPERTY_UPDATE", "member", $userDNs)
     }
    
     # Save the changes
     $Context.TargetObject.SetInfo()
  7. Enter a short description and click OK.

  8. Click Next and finish creating the Scheduled Task.

Related questions

0 votes
1 answer

Hi I have a colleague who claims, that objectCategory and/or objectClass should be included in LDAP searches, to reduce load on the domain controller. It sound reasonable, but ... build into the code behind the Home Page Action ? View Group example: - Thanks

asked Jan 4, 2018 by Boxx.dk (2.6k points)
0 votes
1 answer

Hi, I am trying to setup a Home Page action in the Help Desk portal to modify a User account, for this i want to specify the default value of a property to be the ... the user account i am modifying to get the default value? Thanks in advance for any help!

asked Dec 1, 2016 by sam.webster (370 points)
0 votes
0 answers

I have followed the tutorial on how to set an addresses based on the Office field. http://www.adaxes.com/tutorials_Simplif ... Office.htm The scenario is that for employees I ... g only let them be edited if there if a values such as "Contractor" is selected?

asked Aug 11, 2016 by jscovill (110 points)
0 votes
1 answer

Is it possible to configure a home page action to change the Picture attribute? Currently, if you put the property in a form, a text box is displayed. Is there a way to duplicate the UI of the set photo dropdown?

asked Feb 23, 2015 by polley (1.2k points)
0 votes
1 answer

Is it possible to create a Home Page Action to copy group memebership from one user to another? (Already existing users)

asked May 5, 2014 by kjesoo (960 points)
3,526 questions
3,217 answers
8,197 comments
547,625 users