Hello Adrian,
Yes, that's possible. First of all, you'll need properties to specify when an account should be enabled or disabled. We suggest using Adaxes virtual properties that can store date/time values, for example, CustomAttributeDate1 for the date when an account must be enabled and CustomAttributeDate2 to specify when an account must be disabled. Adaxes virtual properties are not stored in AD, but can be used the same as any other properties of AD objects.
Then, you'll need to perform the following tasks:
- Create a Scheduled Task that will run daily to enable/disable users on the dates specified
- Allow users to modify the properties you've chosen via the Web Interface so that they can specify a date when a user account should be enabled or disabled
- Configure the properties to appear in the Web interface under your own names (optional)
I. Create a Scheduled Task to enable/disable users on the dates specified
For this purpose, you'll need to create a Scheduled Task that will run each day and will enable or disable users if the date specified in the properties you've chosen is the current date. To create Such a Scheduled Task:
-
Create a new Scheduled Task.
-
On the 3rd step, select the User object type.
-
On the 4th step, add the Enable/disable the User account action.
-
Select the Enable the User account option. This action will be used for scheduled enabling of the objects.
-
Click OK.
-
Now, you need to specify when a user will be enabled. A user will be enabled if the user's account is disabled and if the date stored in the property for enabling users is today. To check this, you'll need a PowerShell script. Double-click Always.
-
Select the If PowerShell script returns true condition type.
-
Paste the following script in the Script field:
$enableOn = "adm-CustomAttributeDate1" # TODO: modify me
$Context.ConditionIsMet = $False
if (-not($Context.TargetObject.AccountDisabled))
{
return # The account is already enabled
}
try
{
$enableDate = $Context.TargetObject.Get($enableOn).Date
}
catch
{
return # The property is empty
}
$today = [System.DateTime]::Now.Date
if ($enableDate -eq $today)
{
$Context.ConditionIsMet = $True
}
-
In the script, $enableOn specifies the name of the property that will be used for the date when an account must be enabled. Modify it, if necessary.
-
Enter a short description for the script and click OK.
-
Now, you need to add an action that will disable users. Click the Add action to a new set link.
-
Select the Enable/disable the User account action.
-
Select the Disable the User account option.
-
Click OK.
-
Now, you need to specify when a user will be disabled. Double-click Always.
-
Select the If PowerShell script returns true condition type.
-
Paste the following script in the Script field:
$disableOn = "adm-CustomAttributeDate2" # TODO: modify me
$Context.ConditionIsMet = $False
if ($Context.TargetObject.AccountDisabled)
{
return # The account is already disabled
}
try
{
$disableDate = $Context.TargetObject.Get($disableOn).Date
}
catch
{
return # The property is empty
}
$today = [System.DateTime]::Now.Date
if ($disableDate -eq $today)
{
$Context.ConditionIsMet = $True
}
-
In the script, $disableOn specifies the name of the property that will be used for the date when an account must be disabled. Modify it, if necessary.
-
Enter a short description for the script and click OK.
-
Finish creation of the Scheduled Task.
II. Allow users to modify the properties via the Web Interface
For information on how to add the properties to the pages for creating and editing users, see step 6 of the following tutorial: http://www.adaxes.com/tutorials_WebInte ... tomization.
III. Configure the properties to appear in the Web interface under your own names
Since names like CustomAttributeDate1 won't tell much to your users about the meaning and the function of the fields, you'll probably want to give the properties your own names. For information on how to do this, see Customizing Display Names for AD Properties..