Adaxes

Auto-populate AD OU's

0 votes

Is there a way to auto-populate AD group membership without specifying a separate condition statement for each group? I was hoping to pass the 'department' value by reference after the user is created and then have the membership assigned to the referenced group accordingly.

by (90 points)

1 Answer

0 votes
by (18.0k points)

Hello,

Yes it is possible using a script. Here is a sample one:

Import-Module Adaxes
# Bind to a group. The distinguished name of the group depends on the Department property of the user.
$myGroup = Get-AdmGroup "CN=%department%,CN=Users,DC=company,DC=com"
# Add the user to the group
Add-AdmGroupMember $myGroup "%distinguishedName%"

To use the script, you need to install the Adaxes PowerShell Module on the computer, where the Adaxes service is running. Adaxes PowerShell Module is installed with the same installation package as used to install Adaxes service.

For more details, please see Automatically Change Group Membership Using Scripts.

Show 14 previous comments
0

by (470 points)
0

Hello Joe,

Probably, the issue is that the conditions of your Business Rule are not met. Can you also post the actions and conditions of your Business Rule?

by (216k points)
0

I'm attempting to use this script and receiving the following error:

Cannot validate argument on parameter 'TargetPath'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.

This is my modified version of the script:

Import-Module Adaxes
$Office = "%Office%"
$departmentMap = # TODO: modify me
@{
"Dallas"="OU=USA-Dallas,OU=Adaxes,DC=mydomain,DC=local";
"London"="OU=GBR-London,OU=Adaxes,DC=mydomain,DC=local";
}
$targetOU = $departmentMap[$Office]
if ($targetOU -eq $NULL)
{
$Context.LogMessage("No target OU specified for Office '$Office'", "Warning")
return
}
Move-AdmObject "%distinguishedName%" $targetOU

by (350 points)
0

Michael,

The value reference for the Office property is not %Office%, it is %physicalDeliveryOfficeName% because the LDAP name for this property is physicalDeliveryOfficeName. Here's the script modified to your needs:

Import-Module Adaxes
$Office = "%physicalDeliveryOfficeName%"
if ([System.String]::IsNullOrEmpty($Office))
{
    $Context.LogMessage("The Office property is not specified", "Warning")
    return
}

$departmentMap = # TODO: modify me
@{ 
    "Dallas"="OU=USA-Dallas,OU=Adaxes,DC=mydomain,DC=local";
    "London"="OU=GBR-London,OU=Adaxes,DC=mydomain,DC=local";
}

$targetOU = $departmentMap[$Office]
if ([System.String]::IsNullOrEmpty($targetOU))
{
    $Context.LogMessage("No target OU specified for Office '$Office'", "Warning")
    return
}
Move-AdmObject "%distinguishedName%" $targetOU

We tested the script in our testing environment and it works perfectly. We didn't manage to reproduce the error that you get.

by (216k points)
0

Thank you that did the trick!

by (350 points)

Related questions

0 votes
1 answer
Create a business Unit to auto populate based on group owners in a specific OU

Is it possible to create a business unit and have it auto populate with group owners in a specific OU. I've tried a few scripts to get propertie adm-managedbylist but none have worked so far.

asked 5 days ago by C27 (20 points)
0 votes
1 answer
Is there a report that will show users recently moved (in the last 7 days) to one of four different OUs in AD?

We have four OUs in Active Directory (Pending Deletion, Disabled with Mail Delegates, Disabled with HR Extensions and Disabled_Temp_Leave) that users are moved to prior to their eventual ... past 7 days have been moved to one of 4 of these OUs. Thanks!

asked Jun 3, 2021 by RayBilyk (240 points)
0 votes
1 answer
Auto-Add/Remove to a Security Group Based on an AD Attribute

Is it possible to script having users added (or removed) from a Security Group based on another AD Attribute? I have found ways to do this in Powershell (something like): ... just utilize the PS script and just run it through Adaxes on a timed fashion? Thanks!

asked Oct 7, 2014 by PunkinDonuts (360 points)
0 votes
1 answer
Auto Lock AD User Account.

Hi, Is there a way to give an (by default for every user) automatic lockout expiry to each new user account that is created? I know there's a way of adding expiry ... -Feb-2013, then it should by automatically get locked out again on 04-Mar-2013. Regards,

asked Sep 29, 2013 by jeet (80 points)
0 votes
1 answer
Unable To Browse AD OUs in Custom Web Portal

I'm unable to Browse the AD OUs my Security Role Trustee is Assigned Over in my Custom Web Portal. When clicking Browse it states "No objects to display". How can I rectify this issue?

asked Feb 1, 2013 by mdeflice (350 points)
3,548 questions
3,239 answers
8,232 comments
547,814 users