0 votes

Hallo everyone,

I'm new to this Forum and I hope that someone can help me.

My Environment:
- Adaxes Backend Service and Web Frontend running on different mashines.
- The backend Service is located in Domain A and we have two other domains connected and managed.

Goal:
- I want to run a Scheduled Task to check if a set of groups are in the AD of domain B.
- If the groups are not there the Power Shell script in Adaxes should create them.

The Script:

#####################################
# Load Modules
#####################################
Import-Module Adaxes
#####################################
# Variables
#####################################
$Domain = 'hhcl.local'
$OUCustomers = 'OU=Customers,DC=hhcl,dc=local'

$CompanyGroups = @{'User' = 'Every user from this Company must be a member of this group'}
$CompanyGroups.Add('Exchange','Every Exchange user must be a member of this group')
$CompanyGroups.Add('Desktop','Default Desktop')
$CompanyGroups.Add('DesktopVDI','Default Desktop VDI')
$CompanyGroups.Add('App-Internet Explorer','Microsoft Internet Explorer')
$CompanyGroups.Add('App-Google-Chrome','Google Chrome')
$CompanyGroups.Add('App-Mozilla-Firefox','Mozilla Firefox')
$CompanyGroups.Add('Dev-Printer','Local printers from Client')
$CompanyGroups.Add('ThintPrint-Users','User that use ThinPrint devices')
$CompanyGroups.Add('Dev-Drives','Local drivers from Client')
$CompanyGroups.Add('Dev-USB','USB Devices from Client')
$CompanyGroups.Add('App-MUI-DE','Desktop language German')
$CompanyGroups.Add('App-Paint.Net','Paint.Net')
$CompanyGroups.Add('App-PDF Reader','PDF Reader')
$CompanyGroups.Add('App-OfficePro','Microsoft Office Pro')
$CompanyGroups.Add('App-OfficeProPlus','Microsoft Office Pro Plus with Access')
$CompanyGroups.Add('App-OfficeVisioStandard','Microsoft Office Visio Standard')
$CompanyGroups.Add('App-OfficeVisioProfessional','Microsoft Office Visio Professional')
$CompanyGroups.Add('App-OfficeProjectStandard','Microsoft Office Project Standard')
$CompanyGroups.Add('App-OfficeProjectProfessional','Microsoft Office Project Professional')
$CompanyGroups.Add('Res-LicenseOfficePro','Home License Office Professional')
$CompanyGroups.Add('Res-LicenseOfficeProPlus','Home License Office Professional Plus')
$CompanyGroups.Add('Res-LicenseOutlook','Home License Office Outlook')
$CompanyGroups.Add('Res-SmartSync','License Smart Sync')
$CompanyGroups.Add('Res-SmartSyncWeb','License Smart Sync Web')
$CompanyGroups.Add('Res-Token','Two factor authentication')

$ExchangeGroups = @{'OutlookWebAccess' = 'Exchange Access for OWA'} 
$ExchangeGroups.Add('ActiveSync','Exchange access for mobile Sync')
$ExchangeGroups.Add('OutlookAnywhere','Exchange Access for mobile Outlook')
$ExchangeGroups.Add('EWS','Exchange access for the Exchange Web Services')

$CSNs = Get-AdmOrganizationalUnit -Filter * -AdaxesService 'localhost' -SearchBase $OUCustomers -Server $Domain -SearchScope 'OneLevel'
#####################################
# Script
#####################################

foreach($CSN in $CSNs)
{
        # Walk through every Customer to check all the Groups
        $CompanyGroups.GetEnumerator() | ForEach-Object {

            $ErrorActionPreference = 'SilentlyContinue'
            $WarningPreference = $ErrorActionPreference

            $Groupname = $null
            $Groupname = "$($CSN.Name)-$($_.Name)"
            $GroupDescription = "$($_.Value)"
            $objGroup = Get-AdmGroup -Identity $Groupname -AdaxesService 'localhost' -Server $Domain

            if ($objGroup.Name -eq $NULL) {
                New-AdmGroup -Name $Groupname -Path "OU=Ressources,OU=Group,OU=$($CSN.Name),$($OUCustomers)" -GroupScope Global -Description "$($GroupDescription)"  -AdaxesService 'localhost' -Server $Domain
                $Context.LogMessage("Gruppe $($Groupname) angelegt.", "Information")
            }
        }

        $CompanyGroups.GetEnumerator() | ForEach-Object {
            $Groupname = $null
            $Groupname = "LD-$($CSN.Name)-$($_.Name)"
            $GroupDescription = "$($_.Value)"
            $objGroup = Get-AdmGroup -Identity $Groupname -AdaxesService 'localhost' -Server $Domain

            if ($objGroup.Name -eq $NULL) {
                New-AdmGroup -Name $Groupname -Path "OU=Security,OU=Group,OU=$($CSN.Name),$($OUCustomers)" -GroupScope DomainLocal -Description "$($GroupDescription)"  -AdaxesService 'localhost' -Server $Domain
                $Context.LogMessage("Gruppe $($Groupname) angelegt.", "Information")
            }
        }

        $CompanyGroups.GetEnumerator() | ForEach-Object {
            try {
                $Groupname = $null
                $Groupname = "$($CSN.Name)-$($_.Name)"
                $X = Get-AdmGroup -Identity "LD-$($Groupname)" -AdaxesService 'localhost' -Server $Domain
                $X = Get-AdmGroup -Identity "$($Groupname)" -AdaxesService 'localhost' -Server $Domain
                Add-AdmGroupMember -Identity "LD-$($Groupname)" -Members "$($Groupname)"  -AdaxesService 'localhost' -Server $Domain
            }
            catch { }
        }

        # Adding language groups to local ressource group LD-SW2-Global-TS-Language-DE
        try {
            $Groupname = $null
            $Groupname = "$($CSN.Name)-App-MUI-DE"
            $X = Get-AdmGroup -Identity "$($Groupname)"  -AdaxesService 'localhost' -Server $Domain
            $X = Get-AdmGroup -Identity 'S-1-5-21-624545983-476723688-3951924058-7257'  -AdaxesService 'localhost' -Server $Domain
            Add-AdmGroupMember -Identity 'S-1-5-21-624545983-476723688-3951924058-7257' -Members "$($Groupname)"  -AdaxesService 'localhost' -Server $Domain
        }
        catch { }

        # Adding Dev-Printer group to local ressource group LD-SW2-Local-Printers
        try {
            $Groupname = $null
            $Groupname = "$($CSN.Name)-Dev-Printer"
            $X = Get-AdmGroup -Identity "$($Groupname)"  -AdaxesService 'localhost' -Server $Domain
            $X = Get-AdmGroup -Identity 'S-1-5-21-624545983-476723688-3951924058-4885'  -AdaxesService 'localhost' -Server $Domain
            Add-AdmGroupMember -Identity 'S-1-5-21-624545983-476723688-3951924058-4885' -Members "$($Groupname)"  -AdaxesService 'localhost' -Server $Domain
        }
        catch { }

        # Adding Dev-Printer group to local ressource group LD-SW2-Local-DrivesFixed
        try {
            $Groupname = $null
            $Groupname = "$($CSN.Name)-Dev-Drives"
            $X = Get-AdmGroup -Identity "$($Groupname)"  -AdaxesService 'localhost' -Server $Domain
            $X = Get-AdmGroup -Identity 'S-1-5-21-624545983-476723688-3951924058-4884'  -AdaxesService 'localhost' -Server $Domain
            Add-AdmGroupMember -Identity 'S-1-5-21-624545983-476723688-3951924058-4884' -Members "$($Groupname)"  -AdaxesService 'localhost' -Server $Domain
        }
        catch { }

        # Adding Dev-Printer group to local ressource group LD-SW2-Local-DrivesUSB
        try {
            $Groupname = $null
            $Groupname = "$($CSN.Name)-Dev-USB"
            $X = Get-AdmGroup -Identity "$($Groupname)"  -AdaxesService 'localhost' -Server $Domain
            $X = Get-AdmGroup -Identity 'S-1-5-21-624545983-476723688-3951924058-4883'  -AdaxesService 'localhost' -Server $Domain
            Add-AdmGroupMember -Identity 'S-1-5-21-624545983-476723688-3951924058-4883' -Members "$($Groupname)"  -AdaxesService 'localhost' -Server $Domain
        }
        catch { }

        # Adding Dev-Printer group to local ressource group LD-SW2-ThinPrint-Users
        try {
            $Groupname = $null
            $Groupname = "$($CSN.Name)-ThintPrint-Users"
            $X = Get-AdmGroup -Identity "$($Groupname)"  -AdaxesService 'localhost' -Server $Domain
            $X = Get-AdmGroup -Identity 'S-1-5-21-624545983-476723688-3951924058-7278'  -AdaxesService 'localhost' -Server $Domain
            Add-AdmGroupMember -Identity 'S-1-5-21-624545983-476723688-3951924058-7278' -Members "$($Groupname)" -AdaxesService 'localhost' -Server $Domain
        }
        catch { }

        # "Exchange-OWA","Exchange-ActiveSync","Exchange-OutlookAnywhere","Exchange-EWS"
        $ExchangeGroups.GetEnumerator() | foreach {
            try {
                $Groupname = $null
                $Groupname = "$($CSN.Name)-Exchange"
                $X = Get-ADmGroup -Identity "LD-SW2-Exchange-$($_.Name)" -AdaxesService 'localhost' -Server $Domain
                Add-ADmGroupMember -Identity  "LD-SW2-Exchange-$($_.Name)" -Members "$($Groupname)" -AdaxesService 'localhost' -Server $Domain
            }
            catch { }
        }
}

Scheduled Tast settings:

  • Perform the following action on each Group effected by this task:
  • Action: The script above

Symtom:

  • When I run the script in the Admin Center it runs fine and end in two minutes. ;)
  • When I start the Scheduled Task, the script run hours and will not end :?:
  • The same issue when I change the scope of objects :?:

Question:
Can someone help me?
Thanks a lot.

by (360 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

It looks like an issue of assigning your Scheduled Task correctly.

As far as we can see from your description, you've configured the Task for the Group object type.

  • Perform the following action on each Group effected by this task

When you configure a Task for the group object type, this means that the Task will be run for each group included in its Activity Scope. Thus, if, for example, you've assigned your Task over your Domain B, this means that the Task will be executed for each group in that domain. If you have, let's say, 50 groups in Domain B, the script will be run 50 times each time, one run per each group.

As far as we can see from the script, you define the necessary groups within your script and search for them with the help of Adaxes cmdlets. This means that, actually, it doesn't really matter which object type the Scheduled Task is configured for. If you configure the Scheduled Task not for groups, but for objects of any other type, Adaxes cmdlets used in the script will find your groups anyway. Thus, we advise you to create a Scheduled Task for the Domain-DNS object type. In this case, you'll be able to execute the Scheduled Task for a domain object.

On the final step of the wizard, include your Domain B in the Activity Scope of the Task. When configured like this, the Task will run only once because it is configured to be executed on domains, and its Activity Scope includes only 1 domain, which is Domain B.

0

Hallo Support,

many thanks for your reply.
I have test the new settings and it works fine.

Have a nice day :D
Arne Tiedemann

Related questions

0 votes
1 answer

Hello, Based on your script, we check whether there is already a request. However, we often get the following error and do not know why. Can you help us? ... Cannot compare "Softerra.Adaxes.Adsi.Search.AdmSearchResult" because it is not IComparable. Thank you

asked Apr 16 by DRiVSSi (300 points)
0 votes
1 answer

Is it possible to get an email notification if a scheduled task fails to run, or if 1 step in the task failed? I have a scheduled task that goes through a few steps ... part was failing to send, is it possible to get an email notification if this happens?

asked Apr 30, 2018 by ScottGriff (400 points)
0 votes
1 answer

and script is but nothing is happeneing. my user in adaxe browwser has the attribute to yes

asked May 10, 2023 by fjacques (20 points)
0 votes
1 answer

Hello, I need to check, from a csv file, if users exist or not. I do not have the login name but only the atributs Name givenName The output must be another csv file ... " --> False or True Is there an Adaxes script existing doing this? Thanks in advance!

asked Feb 4, 2019 by tentaal (1.1k points)
0 votes
1 answer

I have a created a powershell script that imports users in to Active Directory, creates a result file, archives the CSV and the result file, and e-mails specified users when with ... but I'm very new to Powershell and I have no idea where to begin. Thanks!

asked Jan 24, 2014 by rlsparks (130 points)
3,548 questions
3,238 answers
8,232 comments
547,810 users