0 votes

I can get the name ("cn") of the group but I am getting null for hubId ("adm-CustomAttributeText1"). What am I doing wrong here?

var parentContainer = (IADsContainer)admService.OpenObject("Adaxes://OU=All Field Users,OU=01_RCX Users,DC=railcrewxpress,DC=local", null, null, 0);
parentContainer.Filter = new object[] { "organizationalunit" };

foreach (IADs orgUnit in parentContainer)
{
var container = (IADsContainer)admService.OpenObject(orgUnit.ADsPath, null, null, 0);
container.Filter = new object[] { "group" };

foreach (IADs group in container)
{
try
{
var name = group.Get("cn").ToString();
var hubId = group.Get("adm-CustomAttributeText1").ToString();
}
catch
{ }
}
}

Thanks!

by (120 points)
0

Hello Mark,

The script looks correct. There are two possible reasons why you get null for the CustomAttributeText1 attribute. Either it is actually empty for the groups you are checking or the account of the currently logged on user has no permissions to read the attribute. In Adaxes, permissions are granted by Security Roles. For information on how to check the roles assigned to a user, see https://www.adaxes.com/help/?HowDoI.Man ... forms.html. Take into account that Deny permissions always override the Allow ones.

0

I've assigned a security role for full control over the group in question to my AD account that I am logged into my PC with but I am still having problems.
I can read all of these properties except the last two that are custom attributes. Is there a special permission I need to use or a property specific permission that is required to read these custom attributes?

var groupName = group.Get("cn").ToString();
var name = group.Get("name").ToString();
var distinguishedName = group.Get("distinguishedName").ToString();
var description = group.Get("description").ToString();
var created = group.Get("whenCreated").ToString();
var changed = group.Get("whenChanged").ToString();
var hubIdText = group.Get("adm-CustomAttributeText1").ToString();
var hubIdInt = group.Get("adm-CustomAttributeInt1").ToString();

Thanks for your help.

0

Hello,

There are no special permissions required, the Full Control permission applied to Group objects covers the custom attributes too. However, there might be another Security Role assigned to the user that denies the permission to read the properties. Deny permissions always override the Allow ones. For information on how to check Security Roles assigned to a user, see https://www.adaxes.com/help/?HowDoI.Man ... forms.html.

Also, did you make sure that the custom attributes CustomAttributeText1 and CustomAttributeInt1 are set for the group(s) you are querying? Could you check that via Adaxes Administration Console? Just select a group in the Console Tree and check whether the attributes are displayed in the Result Pane on the right.

0

Here are the security roles for the user (Read Properties role gives Full Control): There are no Deny permissions on any of the built in's.


And here are the attributes for the group:

0

Hello Mark,

Could you post here or send us (support[at]adaxes.com) the screenshots of all Security Roles assigned to the user with Assignments? We need something like the following for each Security Role:

Please log in or register to answer this question.

Related questions

0 votes
1 answer

Is it possible to script having users added (or removed) from a Security Group based on another AD Attribute? I have found ways to do this in Powershell (something like): ... just utilize the PS script and just run it through Adaxes on a timed fashion? Thanks!

asked Oct 7, 2014 by PunkinDonuts (360 points)
0 votes
1 answer

Hello, We need to be able to put the ticket number into the custom command 'Deprovision'. Action -> Modify the user: set description to [ ... deprovision process set adminDescription with ticket number run Custom Command 'Deprovision' regards Helmut

asked Oct 14, 2020 by a423385 (510 points)
0 votes
1 answer

Hello, i have created a custom attribute named user entry date. When a new user is created they need to enter the entry date with the create user command. The entry date ... buisness rule because it does not write any value in the sent email. Thank you, Fabian

asked Jun 7 by fabian.p (380 points)
0 votes
1 answer

We need to capture the Office365 (if any) on the user account before we disable. These are accounts taht are temps or contractors that we disabled and re enable for ... Example of group name is Office-E3-EXO and we want to capture it to CustomAttributeText31

asked Aug 4, 2020 by willy-wally (3.2k points)
0 votes
1 answer

We would like to have a business unit that is based on an adaxes custom attribute. I don't see a way of doing this. Do you all have any ideas?

asked May 18, 2020 by mark.it.admin (2.3k points)
3,589 questions
3,278 answers
8,303 comments
548,121 users