Business Rule User Update

Question

When a users UPN is changed, we need to run a script that contains both the old UPN AND the new UPN entered for the user

Is there a way to create a business rule that can catch the old and new username and run a script based on those two parameters?

Answer 1

Hello,

To perform certain actions automatically after updating a user's UPN, you can use a Business Rule triggered after updating a user. To get a property of a user in a Business Rule, you can use the $Context.TargetObject.Get method in PowerShell scripts. When the method is called in a Business Rule triggered before updating a user, it will return the old value for the property before it was changed. In a Business Rule triggered after updating a user, it will return the new value. Since you need both the old and the new values, you can use two Business Rules. The first Business Rule will be triggered before updating a user and will save the old UPN to a certain property of the user. For this purpose, you can use one of Adaxes virtual properties. Such properties are not saved in AD, but can be used as any other property of AD objects. Another Business Rule triggered after updating a user can be used to retrieve the new UPN, and also the old UPN from the virtual property.

To implement such a solution:

I. Create a Business Rule triggered before updating a user
To create a Business Rule that saves the old UPN to a virtual property:

1. Create a new Business Rule.

2. On the 2nd step of the Create Business Rule wizard, select User and Before Updating a User.
   

3. On the 3rd step, add the Run a Program or PowerShell script action and paste the following script in the Script field. The script saves the old UPN to the CustomAttributeText1 property. If you want to use another property, modify the script.
   

    try
    {
        $oldUsername = $Context.TargetObject.Get("userPrincipalName")
    }
    catch
    {
        $oldUsername = $NULL
    }
    $Context.SetModifiedPropertyValue("adm-CustomAttributeText1", $oldUsername)
   

4. Add a short description for the script and click OK.

5. To add a condition for the Business to be triggered only when a user's UPN was changed, double-click Always.

6. Select the If <property> changed condition type.

7. Select the User Logon Name property.

8. Select has changed.
   

II. Create a Business Rule triggered after updating a user
To create a Business Rule that retrieves the old and the new UPN and does the rest of the job:

1. Create a new Business Rule.

2. On the 2nd step of the Create Business Rule wizard, select User and After Updating a User.
   

3. On the 3rd step, add the Run a Program or PowerShell script action and paste the following script in the Script field. The script gets the old UPN from the CustomAttributeText1 property. If you used another virtual property in the previous Business Rules, modify the script. Also, you can add here other code from your script.
   

    # Get the old UPN
    try
    {
        $oldUsername = $Context.TargetObject.Get("adm-CustomAttributeText1")
    }
    catch
    {
        # TODO: What should be done if the user didn't have a UPN
    }
   
    # Get the new UPN
    try
    {
        $newUsername = $Context.TargetObject.Get("userPrincipalName")
    }
    catch
    {
        # TODO: What should be done if the UPN was cleared
    }
   
    # TODO: Your code
   

4. Add a short description for the script and click OK.

5. To add a condition for the Business to be triggered only when a user's UPN was changed, click the Add Condition button.
   

6. Select the If <property> changed condition type.

7. Select the User Logon Name property.

8. Select has changed.