Create Dynamic Distribution Group Home Page Action

Question

Hello

We have the need to create a home page action for creating groups, security and distribution. We would like to see if this script https://www.adaxes.com/script-repositor ... t-s427.htm can me modified to achieve our end goal.

End Goal:

• Home Page action that has a few fields the user (Admin for now) will select or type in.
  First selection is type of group: [Distribution, File Share or Security]
  Second selection is Company: [Company A, Company B, Company C]
  Third selection is text field: [Type in What this controls]
  Fourth selection is type of employee: [employee, contractor or intern] This is optional

  Description then gets created using the information in the four selection above, something like, This selection 1 (Security Group) controls access for selection 2 (Company A) to selection 3 (whatever is typed)

Thank you for taking the time to look at this.
Jay

Comments

Hello Jay,

Do we understand correctly that you need a Home Page Action that will create a group (Security or Distribution) or a File Share with specific property values and a Description generated based on the values? If that is not what you need to achieve, provide us with all the possible details on the desired scenario.

Keep in mind, that you can grant permissions only to members of Security groups using Adaxes Security Roles.

---

@Support2

Yes you are understanding correctly. We want the groups to be dynamic based on attributes we provide.

Answer 1

Hello Jay,

As a solution, we recommend using a Scheduled Task that will build an LDAP filter for each group based on its property values and add/remove members from the group based on this filter. The filter will be stored in a group property. If this solution meets your requirements, provide us with the following details:

What exactly do you mean by File Share group type?

What are admins going to enter into the third field (What this controls)?

Comments

File Share is internal language we use on our storage drives and devices. Just a security group but we named it file share to quickly distinguish.
When building out the name of the group we want structure and consistentance, so the third field will be what program for security group or department for distribution group.

As i reread the title, i may have been to precise in the name. We are looking for a solution to make dynamic groups not just distribution groups. I understand the process is the same but wanted to make sure you had the facts.

---

Hello Jay,

The properties you provided in your first post will be used to query users that should be added/removed from groups. How exactly should the third field be included into the query? For example, the second field will specify a company (e.g. A, B, C), what values can admins enter into the third field?

---

Third field would not be part of the query. Third would be just for static groups.

---

Hello Jay,

Thank you for clarifying. The solution will include a Home Page Action, a Scheduled Task and a Property Pattern. The Home Page Action form will contain only the group name field and the four fields you mentioned in your first post. The Scheduled Task will create an LDAP filter for group members and add corresponding users to the group. The Property Pattern will specify a template used to generate group Description.

As long as Company of a group is a Company of the group owner, we recommend using one of Adaxes text attributes (e.g. CustomAttributeText1) to store the company name that will be used to filter group members. For the third and fourth field, we also recommend using Adaxes custom text attributes (e.g. CustomAttributeText2 and CustomAttributeText3)

i. Creating the Home Page Action

1. Launch Adaxes Web Interface Customization Tool.
2. Select the interface type and click Configure Home Page Actions on the General tab.
   
3. Click Add and select Create New Group.
   
4. Click Next.
5. On step 2 of the wizard, specify the conditions for selecting the container where new groups will be created and click Next.
6. Select Use customized form and click Customize Form.
   
7. Delete all the sections except for the General one.
8. Delete all the properties from the section except for Group Name and Group Type.
9. Click Add below Section fields.
   
10. Select Show all properties.
11. Select CustomAttributeText1, CustomAttributeText2 and CustomAttributeText3.
    
12. Click OK twice and finish creating the Home Page Action.

For information on how to change property display names, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.Man ... Names.html.

ii. Creating the Property Pattern

1. Launch Adaxes Administration Console.
2. Right-click your Adaxes service node, navigate to New and click Property Pattern.
   
3. On step 2 of the Create Property Pattern wizard, select Group Object type and click Next.
   
4. Click Add and select Description.
   
5. In the Generate default value field, type the template. For example:
   This group controls access for %adm-CustomAttributeText1% to %adm-CustomAttributeText2%.
   
6. Click OK.
7. Click Next and finish creating the Property Pattern.

iii. Creating the Scheduled Task

1. Launch Adaxes Administration Console.

2. Right-click your Adaxes service node, navigate to New and click Scheduled Task.
   

3. On step 3 of Create Scheduled Task wizard select Group Object type and click Next.
   

4. Click Add Action.

5. Select Run a program or Powershell script.

6. Paste the below script into the Script field.

    $companyProperty = "adm-CustomAttributeText1" # TODO: modify me
    $employeeTypeProperty = "adm-CustomAttributeText2" # TODO: modify me
   
    function SearchObjects($filter, $domainName, $properties)
    {
        # Set search parameters
        $searcher = $Context.BindToObject("Adaxes://$domainName")
        $searcher.SearchFilter = $filter
        $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
        $searcher.PageSize = 500
        $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
        $searcher.SetPropertiesToLoad($properties)
   
        try
        {
            # Execute search
            $searchResultIterator = $searcher.ExecuteSearch()
            $searchResults = $searchResultIterator.FetchAll()
   
            return ,$searchResults
        }
        finally
        {
            # Release resources
            if ($searchResultIterator){ $searchResultIterator.Dispose() }
        }
    }
   
    # Get company for LDAP filter
    try
    {
        $company = $Context.TargetObject.Get($companyProperty)
    }
    catch
    {
        $Context.LogMessage("Company not specified", "Warning")
        return
    }
   
    # Get employee type for LDAP filter
    try
    {
        $employeeType = $Context.TargetObject.Get($employeeTypeProperty)
    }
    catch
    {
        $employeeType = $NULL
    }
   
    # Build filter
    $filter = New-Object "System.Text.StringBuilder"
    [void]$filter.Append("(&(sAMAccountType=805306368)(company=$company)")
    if (-not([System.String]::IsNullOrEmpty($employeeType)))
    {
        [void]$filter.Append("(employeeType=$employeeType)")
    }
    [void]$filter.Append(")")
    $domainName = $Context.GetObjectDomain("%distinguishedName%")
   
    # Search users
    $searchResults = SearchObjects $filter.ToString() $domainName @("distinguishedName")
   
    # Add users to group
    if ($searchResults.Length -eq 0)
    {
        $Context.TargetObject.PutEx("ADS_PROPERTY_CLEAR", "member", $NULL)
    }
    else
    {
        [System.Array]$userDNs = $searchResults | %%{$_.Properties["distinguishedName"].Value}
        $Context.TargetObject.PutEx("ADS_PROPERTY_UPDATE", "member", $userDNs)
    }
   
    # Save the changes
    $Context.TargetObject.SetInfo()

7. Enter a short description and click OK.
   

8. Click Next and finish creating the Scheduled Task.