0 votes

I would like to create groups when an OU is created. The groups will need to have the name of the OU or grab a custom variable from the OU to append to the group name. If it is possible I would like to also bring up the user creation at the same time for the newly created OU and add it to the group.

by (20 points)

1 Answer

0 votes
by (289k points)

Update 2019

Starting with version 2019.1, you can create multiple directory objects in a single operation. For details, have a look at the following tutorial: https://www.adaxes.com/tutorials_ActiveDirectoryManagement_CreateReport.htm.

Original

Hello,

This can be done very easily with the help of a PowerShell script that will be run by a Business Rule triggered after creating an Organizational Unit in Active Directory. To create such a Business Rule:

  1. Create a new Business Rule.

  2. On step 2 of the Create Business Rule Wizard, select Organizational-Unit and After Creating a Organizational-Unit.

  3. On step 3, add the Run a program or PowerShell script action and paste the below PowerShell script in the Script field:

     $groupNameProperty = "adm-CustomAttributeText1" # TODO: modify me
     $groupNameTemplate = "{0} Group" # TODO: modify me
     [Softerra.Adaxes.Interop.Adsi.ADS_GROUP_TYPE_ENUM]$groupType =
         "ADS_GROUP_TYPE_GLOBAL_GROUP, ADS_GROUP_TYPE_SECURITY_ENABLED" # TODO: modify me
     $userName = "%name%-admin" # TODO: modify me
     $userPassword = "secret" # TODO: modify me
    
     # Create Group
    
     try
     {
         $groupNamePart = $Context.TargetObject.Get($groupNameProperty)
     }
     catch
     {
         $groupNamePart = $NULL
         $Context.LogMessage("Group name is not specified", "Warning")
     }
    
     if ($groupNamePart -ne $NULL)
     {
         $groupName = [System.String]::Format($groupNameTemplate, $groupNamePart)
         $group = $Context.TargetObject.Create("group","CN=$groupName")
         $group.Put("groupType", [Int32]$groupType)
         try
         {
             $group.SetInfo()
         }
         catch
         {
             $group = $NULL
             $Context.LogMessage($_.Exception.Message, "Warning")
         }
     }
    
     # Create User
    
     $user = $Context.TargetObject.Create("user", "CN=$userName")
     # User Logon Name (pre-Windows 2000)
     $user.Put("sAMAccountName", "$userName")
     # User Logon Name
     $domainName = $Context.GetObjectDomain("%distinguishedName%")
     $user.Put("userPrincipalName", "$userName@$domainName")
     # Password
     $user.Put("unicodePwd", $userPassword)
     # Must change password at first logon
     $user.Put("pwdLastSet", 0)
     # Enable the user account
     $user.AccountDisabled = $False
    
     try
     {
         # Save the user account to the directory
         $user.SetInfo()
     }
     catch
     {
         $user = $NULL
         $Context.LogMessage($_.Exception.Message, "Warning")
     }
    
     # Add user to group
     if (($user) -and ($group))
     {
         $group.Add($user.AdsPath)
     }
    
  4. In the script, modify the following to meet your requirements:

    • $groupNameProperty - specifies the Adaxes custom property that will be appended to the group name;
    • $groupNameTemplate - specifies a template for the group name. In the template, {0} will be replaced with the value of $groupNameProperty;
    • $groupType - specifies the group type. For a list of possible values, see ADS_GROUP_TYPE_ENUM;
    • $userName - specifies a template for the user name;
    • $userPassword - specifies the initial password of the user.
  5. Enter a short description for the script and click OK.

  6. Finish creation of the Business Rule.

Related questions

0 votes
0 answers

I am trying to find a way to create Groups based off an OU and a list of options (check boxes) within the portal For example: Select the Target OU to add groups ... 3 - Remote Administrators Option 3 - Remote Developers Option 4 - Readers Option 4 - Writers

asked Sep 11, 2020 by dknapp (100 points)
0 votes
1 answer

Is it possible to create a business unit and have it auto populate with group owners in a specific OU. I've tried a few scripts to get propertie adm-managedbylist but none have worked so far.

asked 4 days ago by C27 (20 points)
0 votes
1 answer

Hello, When a user account is created, we would like for that user to be added to a group whose name is based on a certain naming convention. If the group doesn't yet exist ... If that group doesn't exist, it will first create the group and then add the user.

asked Mar 11 by sjjb2024 (60 points)
0 votes
1 answer

I need a group created based on %ipPhone% when ever a new user is provisioned. The group name has to match %ipPhone% and have email enabled and to be hidden from the address list. We are on Version 3.8.314823.0

asked Nov 6, 2018 by hgletifer (1.3k points)
0 votes
1 answer

When a new user account is created by copying an existing one, is it possible to prevent the new account from becoming a member of security groups in a specific OU (when the ... same way as the account being added to the group, which I need for audit purposes.

asked Sep 28, 2020 by markcox (70 points)
3,547 questions
3,238 answers
8,232 comments
547,809 users