0 votes

Hi

Using the latest 2018.1 build, I have a user deprovision task which stores relevant information about the user to the custom attributes before disabling and moving it.
I've tried a number of options, but I don't seem to be able to write the users originating OU to their account :|

The best result I can get, is to set custom attribute text 1 to %ou%, as I don't get any errors, but at the end of the event log, there is an entry which says that the first business rule is it clearing this same attribute!

There is nothing in the business rule to do this, it simply sets this attribute and then moves the user to a deprovision user OU for further processing. Any thoughts on why this is happening?

Thanks

Matt

by (2.0k points)
0

Hello Matt,

For troubleshooting purposes, could you post here or send us (support[at]adaxes.com) the following screenshots:

  • A screenshot of the Execution log you get when deprovisioning a user.
  • A screenshot of your deprovision task.
  • A screenshot of the Business Rule that is specified as clearing the custom attribute.
0

Hi, I've just emailed you.

Thanks

1 Answer

0 votes
by (289k points)
selected by
Best answer

Hello Matt,

Thank you for the provided details. You see clearing the custom attribute in the Execution log because the ou property is empty for the user. This behavior is by design.

To save the distinguished name of the container where the user is located before it gets moved to another location, use the %adm-ParentDN% value reference. Your action will look like the following:

0

Brilliant, I shall give it a go.

So the %ou% attribute isn't used by Adaxes for anything?

0

Hello,

Actually, the ou property is used to store the name of an Organizational Unit. It is not automatically populated for users unlike for OUs. You need to set the property value manually if required. This behavior comes from Active Directory, not Adaxes. You can check details about this property in the following article by Microsoft: https://msdn.microsoft.com/en-us/library/cc221049.aspx.

0

Thanks for the info.

0

Just to confirm, using the %adm-ParentDN% attributed worked a treat.

Thanks as always for your help :D

Related questions

0 votes
1 answer

Hi there, I've created a Delete User feature in the Web Interface Configurator. I am trying to restrict object selection via a User Criteria. Need to exclude Service ... won't appear when selecting target user for the 'Delete User' feature. Thanks, David

asked Sep 19 by dshortall (80 points)
0 votes
0 answers

The past week all my scheduled tasks to move users to specific OU's have stopped working. For example I have a scheduled task set up which moves a user to an OU called " ... , but when looking via AD this doesn't reflect what the logs/task say. Any ideas?

asked May 2, 2023 by Homelander90 (350 points)
0 votes
1 answer

Hi, Can you tell me how to look up a list of last logged-in users for computers from specific OU? Have OU called Laptops and need to know who as last person logged into ... username-of-last-user-who-lgged-on-to-computer-s269.htm but it' s not design for OU

asked Dec 2, 2019 by roberttryba (70 points)
0 votes
1 answer

I have setup a form to allow HR to edit some details on AD accounts. Currently the scope is limted to only AD object under one pre-chosen OU. The other option is an ldap filter. How can I allow this action to display user accounts from two seperate OU

asked Nov 18, 2019 by ice-dog (170 points)
0 votes
1 answer

Hello, I try to change the script from Report 'Inactive users' to get only users which are located under an specific "Admin" OU. I can't use "Look ... "(|" + $filterNoLastLogon + $filterLoggedOnBefore + ")" + $filterPasswordChangedBefore + ")" regards Helmut

asked Feb 13, 2019 by a423385 (510 points)
3,549 questions
3,240 answers
8,232 comments
547,820 users