0 votes

I need a group created based on %ipPhone% when ever a new user is provisioned. The group name has to match %ipPhone% and have email enabled and to be hidden from the address list.

We are on Version 3.8.314823.0

by (1.3k points)
0

Hello,

Do we understand correctly that the group name should be exactly as the value of the ipPhone property of the new user? Where should the group be created? Should it be the same OU where the user is created or some other OU which will remain the same for all the groups? Provide us with all the possible details on the desired scenario.

0
  • The group should be named exactly as the value of the ipPhone property of the new user.

  • The group will be in a different OU than the user and only these groups are in that OU, the OU would be OU=ipgroups,OU=all,DC=company,DC=com

  • The user needs to be added to the group.

  • The group needs to have email enabled which would be %ipPhone%@company.com

  • The group will also need to be hidden from the outlook address book

When creating a new user with the extension of 1234 a new group will also be created called 1234, an email address added 1234@company.com, and hidden from address list enabled

1 Answer

0 votes
by (288k points)
selected by
Best answer

Hello,

The solution will include two Business Rules. The first Business Rule will trigger After Creating a User and execute a PowerShell script to create the ipPhone group. The second Business Rule will trigger After Creating a group and mail-enable the new group and hide it from address lists.

i. Creating the Business Rule triggering After Creating a User

  1. Launch Adaxes Administration Console.

  2. Right-click your Adaxes service, navigate to New and click Business Rule.

  3. On step 2 of the Create Business Rule wizard, select User Object type.

  4. Select After Creating a User and click Next.

  5. Click Add Action.

  6. Select Run a program or PowerShell script.

  7. Paste the below script into the Script field.
    In the script:

    • $ouDN – specifies the distinguished name (DN) of the OU where to create the group;
    • $groupTypeTemplate – specifies the type of group to create. For possible values, see https://www.adaxes.com/sdk/?ADS_GROUP_TYPE_ENUM.html. Take into account that only universal groups can be mail-enabled.
     $groupName = "%ipPhone%" 
     $ouDN = "OU=ipgroups,OU=all,DC=company,DC=com" #TODO: modify me
     $groupTypeTemplate = "ADS_GROUP_TYPE_UNIVERSAL_GROUP, ADS_GROUP_TYPE_SECURITY_ENABLED" #TODO: modify me
    
     # Bind to the ou
     $ou = $Context.BindToObjectEx("Adaxes://$ouDN", $True)
    
     # Create group
     [Softerra.Adaxes.Interop.Adsi.ADS_GROUP_TYPE_ENUM]$groupType =
         $groupTypeTemplate
    
     $group = $ou.Create("group","CN=$groupName")
     $group.Put("groupType", [Int32]$groupType)
     $group.Put("sAMAccountName", $groupName)
    
     # Add user to the group
     $group.Put("member", "%distinguishedName%")
     $group.SetInfo()
  8. Enter a short description and click OK.

  9. Click Next and finish creating the Business Rule.

ii. Creating the Business Rule triggering After Creating a Group

  1. Launch Adaxes Administration Console.
  2. Right-click your Adaxes service, navigate to New and click Business Rule.
  3. On step 2 of the Create Business Rule wizard, select Group Object type.
  4. Select After Creating a Group and click Next.
  5. Click Add Action.
  6. Select Establish e-mail address in Exchange and click OK.
  7. Right-click the action you created and click Add New Action.
  8. Select Modify Exchange properties and click Edit.
  9. On the General tab, select both checkboxes in front of Hide from address lists and click OK twice.
  10. Click Next and finish creating the Business Rule.
0

Great that helps with our new users, thank you.

Is there a way this could be run on current users as well?

0

Hello,

Yes, it is possible. What should be done if a group with the ipPhone specified for a user already exists in the OU? Should the script just add the user to the group?

0

Yes

0

Hello,

Thank you for clarifying. You will need to create a Scheduled Task configured for User object type. The task will execute the below script for all users that have the ipPhone property specified. The script will either add the user to an existing group or create a new one and then add the user to is. The Scheduled Task needs to be executed just once and will look like the following:

As an alternative, you can create a similar Custom Command and execute it manually on the required users.

$groupName = "%ipPhone%" 
$ouDN = "OU=ipgroups,OU=all,DC=company,DC=comc" #TODO: modify me
[Softerra.Adaxes.Interop.Adsi.ADS_GROUP_TYPE_ENUM]$groupType = "ADS_GROUP_TYPE_UNIVERSAL_GROUP, ADS_GROUP_TYPE_SECURITY_ENABLED" #TODO: modify me

# Bind to the container
$ou = $Context.BindToObjectEx("Adaxes://$ouDN", $True)

# Get group
try
{
    $group = $Context.BindToObjectByDN("CN=$groupName,$ouDN")
}
catch
{
    # Create group
    $group = $ou.Create("group","CN=$groupName")
    $group.Put("groupType", [Int32]$groupType)
    $group.Put("sAMAccountName", $groupName)
    $group.SetInfo()
}

# Add to group
$group.Add($Context.TargetObject.AdsPath)
0

I'm getting the following error when I try to run on a user.

0

Hello,

Sorry for the confusion, the BindToObjectByDNEx method was introduced only in Adaxes 2018.1 and is not supported by earlier versions. Here is the updated script:

$groupName = "%ipPhone%" 
$ouDN = "OU=ipgroups,OU=all,DC=company,DC=com" #TODO: modify me
[Softerra.Adaxes.Interop.Adsi.ADS_GROUP_TYPE_ENUM]$groupType = "ADS_GROUP_TYPE_UNIVERSAL_GROUP, ADS_GROUP_TYPE_SECURITY_ENABLED" #TODO: modify me

# Bind to the container
$ou = $Context.BindToObjectEx("Adaxes://$ouDN", $True)

# Get group
try
{
    $group = $Context.BindToObjectByDN("CN=$groupName,$ouDN")
}
catch
{
    # Create group
    $group = $ou.Create("group","CN=$groupName")
    $group.Put("groupType", [Int32]$groupType)
    $group.Put("sAMAccountName", $groupName)
    $group.SetInfo()
}

# Add to group
$group.Add($Context.TargetObject.AdsPath)

Related questions

0 votes
1 answer

Hello, When a user account is created, we would like for that user to be added to a group whose name is based on a certain naming convention. If the group doesn't yet exist ... If that group doesn't exist, it will first create the group and then add the user.

asked Mar 11 by sjjb2024 (60 points)
0 votes
1 answer

We have a business need for automating and controlling the creation of service accounts in our AD. For example, we want all new service accounts to start with "svc_" for ... customize the "New User" form to create a "New Service Account" workflow in Adaxes?

asked Sep 10, 2021 by joshua.lapchuk (60 points)
0 votes
1 answer

We were wondering if Adaxes has a script available to create AS400 accounts during the AD creation. This will allow us to totally automate the new hire process going forward.

asked Jan 26, 2017 by willy-wally (3.2k points)
0 votes
1 answer

I would like to create groups when an OU is created. The groups will need to have the name of the OU or grab a custom variable from the OU to append to the group name. If ... the user creation at the same time for the newly created OU and add it to the group.

asked May 20, 2015 by bkemp (20 points)
0 votes
1 answer

Currently, when I disable a user account in Adaxes, the group memberships of the user remain intact. I'd like to automate the removal of group memberships such as distribution ... a list of groups/DL that the user was previously in and removed from. Thanks!

asked Nov 3, 2021 by jayden.ang (20 points)
3,542 questions
3,233 answers
8,227 comments
547,809 users