0 votes

Hello,

Is it possible to capture properties of a user before and after it is changed and put both entries in an email?

For example:

Joe User has his title changed from Accounting Clerk to Accounting Supervisor via the Adaxes interface. Is it possible to produce an email about that user with the previous title (Accounting Clerk) and the new title (Accounting Supervisor)?

by (110 points)
+1

Hello,

It can be done using two Business Rules triggering Before and After updating a user. The first rule will save the current Job Title to a custom text attribute (e.g. CustomAttributeText1). The second rule will get the new Job Title, get the old job title from the custom attribute and then send both via email. Then the custom attribute will be cleared. If this approach meets your needs, please, specify what should be included into the email notification if the property value is changed to/from empty and we will provide you with detailed instructions.

0

Thanks, this satisfies my query.

0

Hello,

Thank you for the confirmation. What should the email notification contain if the value being set is empty or the property value was not set previously? Should it be something like empty value?

0

Yes, stating that the property was empty or blank previously would be the right approach for the email.

1 Answer

0 votes
by (288k points)

Hello,

Thank you for clarifying. Find detailed instructions for creating the Business Rules below.

i. Creating the Business Rule triggering Before updating a user

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, right-click your service node.
  3. In the context menu, navigate to New and click Business Rule. image.png
  4. On step 2 of the Create Business Rule wizard, select the User object type.
  5. Select Before updating a user and click Next. image.png
  6. Click Add an action.
  7. Select Run a program or PowerShell script.
  8. Paste the below script into the Script field. In the script:
    • $emptyValue - Specifies a value that will be set for the custom attribute if currently Job Title is empty.
    • $propertyName - Specifies the LDAP name of the custom attribute to store the current Job title.
$emptyValue = "empty" # TODO: modify me
$propertyName = "adm-CustomAttributeText1" # TODO: modify me

# Get current Job Title
try
{
    $oldTitle = $Context.TargetObject.Get("title")    
}
catch
{
    $oldTitle = $emptyValue
}

# Set custom attribute value
$Context.TargetObject.Put($propertyName, $oldTitle)
$Context.TargetObject.SetInfo()
  1. Enter a short description and click OK. image.png
  2. Right-click the action you created and then click Add Condition. image.png
  3. Select If <property/> changed.
  4. Select If Job Title has changed and click OK. image.png
  5. Click Next and finish creating the Business Rule.

ii. Creating the Business Rule triggering After updating a user

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, right-click your service node.
  3. In the context menu, navigate to New and click Business Rule.
  4. On step 2 of the Create Business Rule wizard, select the User object type.
  5. Select After updating a user and click Next. image.png
  6. Click Add an action.
  7. Select Run a program or PowerShell script.
  8. Paste the below script into the Script field. In the script:
    • $emptyValue - Specifies a value that will be used in the email notification if the new Job Title is empty.
    • $to - Specifies the email address of the notification recipient.
    • $subject - Specifies the email notification subject.
    • $bodyTemplate - Specifies a template for the email notification body. In the template, the {0} placeholder will be replaced with the new Job Title or the value specifies in the $emptyValue variable.
$emptyValue = "empty" # TODO: modify me
$to = "s.kabarukhin@softerra.com" # TODO: modify me
$subject = "Job title of user %fullname% changed" # TODO: modify me
$bodyTemplate = @"
Job title of user %fullname% changed:

Old value: %adm-CustomAttributeText1%
New value: {0}
"@ # TODO: modify me

# Get new Job Title
try
{
    $newTitle = $Context.TargetObject.Get("title")
}
catch
{
    $newTitle = $emptyValue
}

# Build mail message
$mailMessage = [System.String]::Format($bodyTemplate, $newTitle)

# Send mail
$Context.SendMail($to, $subject, $mailMessage, $NULL)
  1. Enter a short description and click OK.
  2. Right-click the action you created and then click Add New Action.
  3. Select Update the user and click Add. image.png
  4. In the Property to modify drop-down, select the custom attribute that stores the old Job Title.
  5. Select Remove property and click OK twice. image.png
  6. Right-click the action you created again and then click Add Condition.
  7. Select If <property/> changed.
  8. Select If Job Title has changed and click OK.
  9. Click Next and finish creating the Business Rule. You should have something like the following: image.png

Related questions

0 votes
0 answers

We have delegated updating user properties in AD and the usrs have requested those changes updated in the GAL. Is ther ea way to do this in Adaxes?

asked Feb 13, 2020 by Derek.Axe (480 points)
0 votes
1 answer

Hello, I want to include in a sent email notification after removing a member from a group the active directory user property "company" and "co" of a user. How can I achieve this? I can not select a property %adm-membercompany% nor %adm-memberco"

asked Jun 7 by fabian.p (380 points)
0 votes
1 answer

Topic question, we are looking into AD Auditing and I would like to know if this solution is on-prem. And I would like to know if there is a built in report to see ... to access folders they do not have permissions to, is this something I can do with Adaxes?

asked Jun 10, 2021 by anthonysmills (20 points)
0 votes
0 answers

Hello! We have a business rule in place that will request approval from a group's owner before adding an account to that group for certain groups. We also have a custom ... name reference is invalid. Do you have any ideas for how to get around this error?

asked Jan 24, 2022 by KelseaIT (320 points)
0 votes
1 answer

I need a specific user, when requesting another user to join a group, to have an approval sent to the AD management team. I tried to create a "Business Rule", but I'm getting an "Access Denied" error. Any idea what this could be?

asked Aug 20 by fgmello (40 points)
3,541 questions
3,232 answers
8,225 comments
547,805 users