0 votes

Hi, I'm new to this forum so I hope this question hasn't already been answered.

The sceanrio is that the Adaxes servert is part of domain A and is used to manage other domains. There's no problem accessing the AD's and create/modify objects. The problem occurs when I try to create a user using business rules and in that rule create a home folder for that user. It seems that Adaxes is then using the service account that runs the Adaxes service and not the specified logon account for the target domain? Is there any way to specify which account that it should use during the business rule run?

I saw one thing that might work, that is to run a PS script (where you can specify runas account) instead but I can't manage to get that to work,. See script below. It gives me this error:
"Exception calling "AddAccessRule" with "1" argument(s): "Some or all identity references could not be translated.""

Any help is much appreciated!

#Create Users homefolder
$homeFolder = "\\fileserver\Users"
$userHome = "$homeFolder\%username%"

New-Item "$userHome" -type Directory

$acl = Get-Acl $userHome

#Add full control user permissions
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("%username%","FullControl","ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)

#Commit Changes
Set-Acl $userHome $acl

by (260 points)
0

Anyone that has a solution to this problem? :|

0

Hello Niclas,

To troubleshoot the issue, we need some information from you. First of all, when you try creating home folders with the help of the built-in action, what is the result? Does the home folder get created, but appropriate permissions are not assigned, or the home folder is not created at all?

Also, what version of Adaxes (including the build number) are you using?

0

Due to the fact that the Adaxes server isn't in the same domain and the builtin "Create Home folder" function seem to use the serviceaccount of the adaxes service it never gets created due to access denied.
If I instead use a PS script (the one below) and let that run as an account in the target domain I get the error "Exception calling "AddAccessRule" with "1" argument(s): "Some or all identity references could not be translated."
I also tried to do a Remote PS Session from the Adaxes server to the target fileserver and also get the same error. So maybe some changes is needed in the target server to let the Adaxes server do remote scripting?

Adaxes server is 2013.1

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello Niclas,

Adaxes server is 2013.1

In Adaxes 2013.1, indeed, the account of Adaxes default service administrator (the user that you specified during Adaxes installation) was used to create home folders using the built-in Business Rule action, however this behavior was changed in Update 1 to Adaxes 2014.1. Starting from that version, if Adaxes cannot create a home folder using the account of Adaxes default service administrator, Adaxes uses the logon account for the target user's domain. Thus, to resolve the issue, you simply need to upgrade to the latest version. You can get the latest release here.

Upgrade Instructions.

For a complete list of new features and improvements in Adaxes 2014.1, see What's New.

0

Ah.. Nice. I'll try to do an upgrade asap. Thanks for the info.

0

I've taking over this installation from another admin which ofcourse didn't write down the config for the service account used by Adaxes. Is there any way to change service account?

0

.. or is it OK to reset the password in AD and just change the service logon password and restart the service?

0

Solved by resetting password. Got the answer from Adaxes support team.

Related questions

0 votes
1 answer

Hello Adaxes Support, is there any way you could help me with a script that changes the permissions on a users home folder? I need to remove the permission to delete the folder and add the permission to delete subfolders and files.

asked Aug 1 by dominik.stawny (280 points)
0 votes
1 answer

Good Morning, I've been working through some of my processes and I'm not looking to make sure the deletion of Home directories (both remote and standard) as well as ... for user deletion. If there are any questions or clarification needed, please let me know.

asked Oct 16, 2015 by jtop (700 points)
0 votes
1 answer

Hi folks, I already have a great script (thank you) that monitors our HR system for adds/removes/changes of our staff and reflects those changes in AD via scheduled ... way of doing this? Could I possibly incorporate it into the existing script? Thanks Corey

asked Dec 11, 2014 by ckemp (170 points)
0 votes
1 answer

I am having an issue with home folder moves between servers. When I move a folder between servers, using Adaxes, the user permissions are lost. I know that this is expected ... to re-assign the user permissions so they can access their home folder again :?:

asked Sep 23, 2014 by rmedeiros (380 points)
0 votes
1 answer

I would like to generate a script that would copy the contents of a users home folder to their managers home folder when the deprovisioning script is fired off. ... to managerhomefolder\old users\deprovisionedusername\contents how would I do this in a script?

asked Jun 19, 2012 by gallawayg (40 points)
3,589 questions
3,278 answers
8,303 comments
548,115 users