The script can be used to request approval of an owner of the OU where an object is located before adding it to a group. To run the script, create a business rule triggering Before adding a member to a group.
PowerShell
# Bind to the OU where the new member is located
$member = $Context.BindToObject("Adaxes://%member%")
$parent = $Context.BindToObject($member.Parent)
try
{
# Get the owner's DN
$approverDN = $parent.Get("managedBy")
}
catch
{
$Context.Cancel("Cannot add the object to the group because the Organizational Unit where he is located doesn't have an owner") # TODO: modify me
return
}
# Submit for approval
$Context.SubmitForApproval(@($approverDN), $False, $False, $False, $False)