0 votes

Hey there,

Our users manage their distrubution group members via Outlook. Using native AD tools, our service desk technicians are accustomed to having a checkbox underneath the 'Managed By' field that grants the individual/group the ability to add/remove users in Outlook. This checkbox is not present in the Adaxes tabbed views. Is there a script or settings we can tap into?

In a nutshell: If Managed By value is changed, then...
-- 1) Remove permissions for the previous 'Managed By' object
-- 2) Grant permission to add/remove users via Outlook to the new object (Group or User).

Thanks in advance!
Kirk

by (60 points)
0

Hello Kirk,

At the beginning of the next week we will be releasing a minor update for 2012.1. We'll include this feature in that release.

1 Answer

0 votes
by (18.0k points)

Hello,

Today we released a minor update for 2012.1. Now your service desk technicians can enjoy the Manager can update membership list option ;)

You can download the latest build here.
Upgrade instructions.

0

How do we implement this? I see the "Manager can update membership using native tools (not Adaxes)", but I do not see where\how to set it up that the managers can update the membership lists.

Thanks

0

Hello,

The Manager can update membership using native tools (not Adaxes) option allows the Manager of a group to add or remove members to/from the group using native tools (including Outlook).

0

Understood. We do not have Exchange and we do not use Outlook. How do we set it up so that the users that are assigned as managers of groups have the rights to update those groups via Adaxes?

We are running version 3.3.8530.0 and we want our Help Desk and admins to use Adaxes for all AD modifications. We also want to be able to allow a user to modify the members of groups that they are managers of. I have seen a previous post that uses a Business Rule to fail the change unless the user is a manager of the group, but this would interfere with my Help Desk and Admins. Having an audit trail is important and being able to manage everything via Adaxes would be preferred.

0

Hello,

If you want group memberships to be modified by group managers, Help Desk personnel and Administrators, this is possible with a Business Rule, but please provide us with more information.

0

I think I am getting it now, but I would like to hear some recommendations

Currently:
The short list of domain admins are Adaxes admins.
Help Desk has been added to the built-in Group Managers and Account Managers roles with access to certain OUs

So I suppose I would either create a new role to allow group membership changes and allow all domain users. Then a business rule that would cancel the task if the initiator is not the manager of the group or not in the built-in Group Manager or Account Manager roles. Or instead of roles, if not in a member of the Help Desk group.

We are just getting started with Adaxes and this seems it may lead to some tricky details in the future.

My apologies to all. It seems that I have hijacked this thread. I had thought that the post by Eugene was indicating that there was a new option for what I needed.

Help is very much appreciated. Thank you

0

Hello,

So I suppose I would either create a new role to allow group membership changes and allow all domain users. Then a business rule that would cancel the task if the initiator is not the manager of the group or not in the built-in Group Manager or Account Manager roles. Or instead of roles, if not in a member of the Help Desk group.

Yes, both these options are possible to implement. If you want, we will provide you with more detailed instructions.

Related questions

0 votes
1 answer

Hello, I have 3 groups in my AD environment and want to show all the users that belong to each group. For example - Group 1 Group 2 Group 3 The existing report in the Adaxes ... -Usser D etc. Is there a way to create a report like this? Thank you in advance!

asked Nov 6, 2020 by sirslimjim (480 points)
0 votes
1 answer

I created a group Business Rule that triggers "After adding or removing a member from a group". On its Activity Scope I added a test group, and set it for "The group ... does not trigger. What should I do to make the BR detect this (admittedly rare) case?

asked Mar 16, 2023 by alex.vanderwoude (60 points)
0 votes
1 answer

Hello, I created a Business Unites that contains groups that apecifc users can change members of.^ Then, I created a Security Role, set permissions ans assignments. When the user ... he get two errors (see printscreens) What is missing? Thanks for your help.

asked Dec 4, 2018 by tentaal (1.1k points)
0 votes
1 answer

This script description says it can find the manager via FullName Distinguished name or Display name. Wondering if we can change it to use employeeID or SamAccountName.

asked Oct 24, 2022 by mightycabal (1.0k points)
0 votes
1 answer

I have tried it using the Custom Commands Action "Add the user to a group", which only allows me to add the user to one group at a time, and can't use the multiple DNs that the ... I can't get it to work. Could you assist me in finding the best way to do this?

asked Jan 16 by dominik.stawny (280 points)
3,588 questions
3,277 answers
8,303 comments
548,092 users