0 votes

Hi

We've had a request to forward to a mailbox any user who has had their username and email address changed, the email is to show old user name, new user name, old email address and new email address. My plan is to use the 'After User Rename' business rule and 'Send e-mail notification' but I'm not sure how to show the old and new user name and email address, would it need to be a Powershell script for this?

Thanks in advance.

by (700 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

A Business Rule triggered after renaming a user won't help you in this case. The thing is that renaming a user means changing a user's Name property. The Name property specifies sets a name under which a user account appears in Active Directory, for example, John Doe. A username specifies the name under which a user can log in to Active Directory, for example, jdoe@example.com or EXAMPLE\jdoe. That is, a Business Rule triggered after renaming a user will be executed only when the Name property is changed, but not when you set a different username.

To achieve what you want, you'll actually need not 1, but 2 Business Rules. One of the Business Rules will be triggered before updating a user. If an operation changes a username and an e-mail address of a user account, the Business Rule will save the old username and e-mail in certain Adaxes custom attributes of the user account, for example, CustomAttributeText1 and CustomAttributeText2. Such attributes are not stored in Active Directory, but can be used the same as any other attributes of AD objects.

Another Business Rule triggered after updating a user will send the e-mail message. The old values for the properties will be taken from the Adaxes custom attributes that you used in the 1st Business Rule. The new values for the properties will be taken from their current values after the operation is complete.

To create such Business Rules:

I. Create Business Rule triggered before updating username and e-mail to save old values to custom attributes

A Business Rule created per the following instructions will save the old username to the CustomAttributeText1 property, and the old e-mail to the CustomAttributeText2 property.

  1. Create a new Business Rule.

  2. On Step 2 of the Create Business Rule wizard, select User and Before Updating a User.

  3. On Step 3, add the Run a program or PowerShell script action and paste the following script in the Script field:

     # Get current username and mail property values
     $currentUsername = $Context.TargetObject.Get("sAMAccountName")
     $currentMail = $Context.TargetObject.Get("mail")
    
     # Save current username and mail to the custom attributes
     $Context.TargetObject.Put("adm-CustomAttributeText1", $currentUsername)
     $Context.TargetObject.Put("adm-CustomAttributeText2", $currentMail)
     $Context.TargetObject.SetInfo()
    
  4. Enter a short description for the script and click OK.

  5. Now, you need to add conditions for the Business Rule to be triggered only when username and e-mail are changed. For this purpose, double-click Always.

  6. Select the If <property> Changed condition type.

  7. Specify If User Logon Name has changed.

  8. Click OK.

  9. Right-click the condition that you've just added and click Add New Condition.

  10. Select the If <property> Changed condition type.

  11. Specify If Email has changed.

  12. Click OK and finish creation of the Business Rule.

Now, in a Business Rule triggered after updating a user, you can use value references to insert the old and the new values for the properties in the e-mail template. To insert the old values, use value references for the virtual attributes that you used, e.g. %adm-CustomAttributeText1% and %adm-CustomAttributeText2%. To get the new values, use the %username% and %mail% value references. Here's a sample mail template:

The Business Rule that you need to configure will look something like this:

Related questions

0 votes
1 answer

I'd like to be able to either send an email report or export a CSV of all of the business rules carried out when a user is disabled. This would be ... Management Activity section but this includes things that weren't part of the disable operation. Thanks

asked Feb 19, 2020 by bavery (250 points)
0 votes
1 answer

We use this date to determin transfers and start dates. Basicaly on this day the Adaxes resets the password. In the report I would like to ... name, first name, last name, employeeID, CustomAttributeboolean1, customattributeboolean2, and customattributedate2.

asked May 17, 2023 by mightycabal (1.0k points)
0 votes
1 answer

We used to run AD Audit and it would provide additional details on what was locking a user's account (workstation name, application, etc...). Is there are way with Adaxes ... on what is locking an account? Or a way to pull historical data on locked accounts?

asked Nov 16, 2020 by pulsifers (20 points)
0 votes
1 answer

Hi, I've tried to modify a existing report to my needs, without success. The requirement ist to see the add/moved from a group. Like here: Would this be possible with Adaxes? Thanks

asked Feb 20, 2023 by boris (550 points)
0 votes
1 answer

I created a Report asking the report to get the Assinged Microsoft Supbsription license assinged to the Users, When the Reports runs it geta few users but time out ... way to increase the time Out oprtion fro Reports that are getting information from Azure?

asked May 16 by George.Holden (60 points)
3,589 questions
3,278 answers
8,303 comments
548,115 users