Defining actions and conditions

This article describes how to add actions and conditions to business rules, custom commands, and scheduled tasks.

Actions and conditions are grouped into action sets. The conditions of each set are evaluated separately from other sets. If the conditions of a particular set are satisfied, Adaxes will execute the actions within that set.

Creating action sets

The following code sample creates an empty action set for a scheduled task named My Task.

PowerShell
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service.
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the scheduled task.
$container = $service.Backend.GetConfigurationContainerPath("ScheduledTasks")
$tasksPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" $container
$taskPath = $tasksPathObj.CreateChildPath("CN=My Task")
$task = $service.OpenObject($taskPath.ToString(), $null, $null, 0)

# Create a new set action set.
$actionSet = $task.ConditionedActions.Create()
$actionSet.ConditionsLogicalOperation = "ADM_LOGICALOPERATION_AND"
$actionSet.SetInfo()

# TODO: add actions and conditions to the set.

# Add the set to the scheduled task.
$task.ConditionedActions.Add($actionSet)
C#
using Softerra.Adaxes.Adsi;
using Softerra.Adaxes.Interop.Adsi.BusinessRules;
using Softerra.Adaxes.Interop.Adsi.PersistentObjects;
using Softerra.Adaxes.Interop.Adsi.ScheduledTasks;

class Program
{
    static void Main(string[] args)
    {
        // Connect to the Adaxes service.
        AdmNamespace ns = new AdmNamespace();
        IAdmService service = ns.GetServiceDirectly("localhost");

        // Bind to the scheduled task.
        string container = service.Backend.GetConfigurationContainerPath("ScheduledTasks");
        AdsPath tasksPathObj = new AdsPath(container);
        AdsPath taskPath = tasksPathObj.CreateChildPath("CN=My Task");
        IAdmScheduledTask task =
            (IAdmScheduledTask)service.OpenObject(taskPath.ToString(), null, null, 0);

        // Create a new action set.
        IAdmBusinessRuleConditionedActions actionSet =
            (IAdmBusinessRuleConditionedActions)task.ConditionedActions.Create();
        actionSet.ConditionsLogicalOperation = ADM_LOGICALOPERATION_ENUM.ADM_LOGICALOPERATION_AND;
        actionSet.SetInfo();

        // TODO: add actions and conditions to the set.

        // Add the set to the scheduled task.
        task.ConditionedActions.Add(actionSet);
    }
}

Details

First, you need to bind to the directory object representing the business rule, custom command, or scheduled task.

After binding to the object, you will be able to access its actions and conditions using the ConditionedActions property of the IAdmBusinessRule. The object referenced by ConditionedActions is a collection of action sets that implements the IAdmCollection interface.

To create a new action set, call IAdmCollection::Create. The object returned by Create implements the IAdmBusinessRuleConditionedActions and IAdmBusinessRuleConditionedActions2 interfaces. Use the properties of these interfaces to configure the action set.

Action set properties

  • ConditionsLogicalOperation – the logical operator between the conditions of the set. If conditions are combined with the AND operator, actions will be executed when all conditions are met. If conditions are combined with the OR operator, actions will be executed when at least one condition is met. The ADM_LOGICALOPERATION_ENUM enumeration specifies the values you need to use to set this property.

    This property is mandatory. You must set it and save the action set by calling IADs::SetInfo before adding actions, conditions, and Else if blocks.

  • Conditions – a collection of conditions that implements the IAdmCollection interface. For details on how to add conditions to a set, see the Adding conditions section below.

  • Actions – a collection of actions that implements the IAdmCollection interface. For details on how to add actions to a set, see the Adding actions section below.

  • ElseIfConditionedActions – a collection of Else if blocks that implements the IAdmCollection interface. Each Else if block of an action set is technically another nested action set. However, Else if blocks implement only the IAdmBusinessRuleConditionedActions interface, which means you cannot add Else if blocks within other Else if blocks. For details on how to add Else if blocks see the Adding Else If and Else blocks section below.

  • ElseActions – a collection of actions within the Else block that implements the IAdmCollection interface. For details on how to add actions to the Else block, see the Adding Else If and Else blocks section below.

Examples are at the end of this article.

Once you have added all the necessary actions and conditions to the action set, add the set to your task, rule, or command by calling IAdmCollection::Add and passing object representing the action set as a parameter.

Adding conditions

The following code sample adds an If operation succeeded condition to an action set.

PowerShell
# The $actionSet variable refers to an action set.

# Create an If operation succeeded condition.
$condition = $actionSet.Conditions.CreateEx("adm-OperationResultCondition")

# Get the condition parameters and configure them.
$conditionParams = $condition.GetCondition()
$conditionParams.OperationResult = "ADM_OPERATIONRESULT_SUCCEEDED"

# Save the condition and add it to the set.
$condition.SetCondition($conditionParams)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)
C#
// The actionSet variable refers to an action set.

// Create an If operation succeeded condition.
IAdmBusinessRuleCondition condition = 
    (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-OperationResultCondition");

// Get the condition parameters and configure them.
IAdmOperationResultCondition conditionParams = (IAdmOperationResultCondition)condition.GetCondition();
conditionParams.OperationResult = ADM_OPERATIONRESULT_ENUM.ADM_OPERATIONRESULT_SUCCEEDED;

// Save the condition and add it to the set.
condition.SetCondition(conditionParams);
condition.SetInfo();
actionSet.Conditions.Add(condition);

1. Create a condition

The conditions of an action set can be accessed using the Conditions property of the IAdmBusinessRuleConditionedActions interface. The object referenced by Conditions represents a collection of conditions and implements the IAdmCollection interface.

To create a new condition, call IAdmCollection::CreateEx and pass the type of the desired condition as a parameter. For a list of possible condition types, see Possible condition types and interfaces below.

The object returned by CreateEx implements the IAdmBusinessRuleCondition interface.

2. Set the condition parameters

To get the condtion parameters, call IAdmBusinessRuleCondition::GetCondition. The object returned by GetCondition will implement a specific interface based on the condition type. Use its methods and properties to set the condition parameters.

 Possible condition types and interfaces {id=interfacesSupportedByConditionTypes}

All interfaces that represent condition parameters inherit from the IAdmCondition interface.

3. Save the condition

After configuring the condition parameters, apply them to the condition by calling IAdmBusinessRuleCondition::SetCondition and passing the object that represents the condition parameters to this method.

Then, save the condition by calling IAdmBusinessRuleCondition::SetInfo.

Finally, add the condition to the action set by calling IAdmCollection::Add and passing the condition object as a parameter.

Adding actions

The following code sample adds a Send SMS action with a custom description to an action set.

PowerShell
# The $actionSet variable refers to an action set.

# Create a Send SMS action.
$smsAction = $actionSet.Actions.CreateEx("adm-SendSmsAction")
$smsAction.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"

# Get the action parameters and configure them.
$actionParams = $smsAction.GetAction()
$actionParams.MobileNumbers = "1-234-567-8900"
$actionParams.SmsText = "New member %member% was added to group %name%"
$actionParams.CustomDescription = "Notify group owner"

# Save the action and add it to the set.
$smsAction.SetAction($actionParams)
$smsAction.SetInfo()
$actionSet.Actions.Add($smsAction)
C#
// The actionSet variable refers to an action set.

// Create a Send SMS action.
IAdmBusinessRuleAction smsAction =
    (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-SendSmsAction");
smsAction.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;

// Get the action parameters and configure them.
IAdmSendSmsAction actionParams = (IAdmSendSmsAction)smsAction.GetAction();
actionParams.MobileNumbers = "1-234-567-8900";
actionParams.SmsText = "New member %member% was added to group %name%";
IAdmAction2 actionParams2 = actionParams as IAdmAction2;
actionParams2.CustomDescription = "Notify group owner";

// Save the action and add it to the set.
smsAction.SetAction(actionParams);
smsAction.SetInfo();
actionSet.Actions.Add(smsAction);

1. Create an action

The actions of an action set can be accessed using the Actions property of the IAdmBusinessRuleConditionedActions interface. The object referenced by Actions represents a collection of actions and implements the IAdmCollection interface.

To create a new action, call IAdmCollection::CreateEx and pass the type of the desired action as a parameter. For a list of possible action types, see Possible action types and interfaces below.

The object returned by CreateEx implements the IAdmBusinessRuleAction interface. Use its methods and properties to configure execution options, and whether the action will require approval.

Configure execution options

Use the IAdmBusinessRuleAction::ExecutionOptions property to specify whether the action must be executed synchronously or asynchronously. The ADM_ACTIONEXECUTIONOPTIONS_ENUM enumeration specifies the values you need to use when setting this property.

If an action is executed asynchronously, the main operation will not wait for this action to complete. The business rule, custom command, or scheduled task will immediately jump to the next action in the set or the next action set if this was the last action.

The following actions must be synchronous:

  • Cancel the operation
  • Send this operation for approval

Configure approval for the action

Optionally, you can configure the action to be sent for approval. If a synchronous action is sent for approval, all further actions, including actions in other sets, will not be executed until approval for this action is granted. If an asynchronous action is sent for approval, all further actions will be executed as normal.

An action will be sent for approval as long as there is at least one approver specified.

 How to add approvers to an action

The following code sample adds the manager of the initiator and the user named John Smith to the list of approvers.

PowerShell
# The $action variable represent an action.

# Get information about approvers.
$approvers = $action.GetApproversInfo()

# Bind to the user John Smith.
$userDN = "CN=John Smith,CN=Users,DC=company,DC=com"
$user = $service.OpenObject("Adaxes://$userDN", $null, $null, 0) 

# Add the user to the list of approvers.
if (-not($approvers.ApproverTrustees.IsApprover($user)))
{
    $approvers.ApproverTrustees.Add($user)
}
    
# Add the manager of the initator to the list of approvers.
$approvers.ManagerOfTrusteeIsApprover = $true
    
# Save the changes.
$action.SetApproversInfo($approvers)
C#
// The action variable represent an action.

// Get information about approvers.
IAdmRequestApproversInfo approvers = action.GetApproversInfo();

// Bind to the user John Smith.
const string userDN = "CN=John Smith,CN=Users,DC=company,DC=com";
IAdmTop user = (IAdmTop)service.OpenObject($"Adaxes://{userDN}", null, null, 0);           

// Add the user to the list of approvers.
if (!approvers.ApproverTrustees.IsApprover(user))
{
    approvers.ApproverTrustees.Add(user);
}

// Add the manager of the initator to the list of approvers.
approvers.ManagerOfTrusteeIsApprover = true;

// Save the changes.
action.SetApproversInfo(approvers);

To get the information about the action approvers, call IAdmBusinessRuleAction::GetApproversInfo. The object returned by GetApproversInfo implements the IAdmRequestApproversInfo and IAdmRequestApproversInfo2 interfaces that you can use to specify the approvers.

Users and groups allowed to approve an action can be accessed using the ApproverTrustees and ApproverGroups properties of the IAdmRequestApproversInfo interface. The objects referenced by these properties implement the IAdmApproverTrustees and IAdmApproverGroups interfaces respectively.

Both, IAdmApproverTrustees and IAdmApproverGroups expose similarly named methods for adding and removing approvers:

  • Add – adds the user or group specified as a parameter to the list of approvers.

  • Remove – removes the user or group specified as a parameter from the list of approvers.

  • Clear – removes all users or all groups from the list of approvers.

You can also enable dynamic approval options. For example, allow the manager of the initiator to approve the action. If the initiator's manager changes, the new manager will automatically obtain the rights to approve the action and the previous manager will lose those rights.

To do this, use the following properties:

  • ManagerOfTrusteeIsApprover – set to true to allow the manager of the initiator to approve the action.

    This property is exposed by the IAdmRequestApproversInfo interface.

  • ManagerOfTargetObjectIsApprover – set to true to allow the manager/owners of the target object to approve the action.

    This property is exposed by the IAdmRequestApproversInfo2 interface.

  • OwnerOfRequestorOUIsApprover – set to true to allow the owners of the initiator's OU to approve the action.

    This property is exposed by the IAdmRequestApproversInfo2 interface.

  • OwnerOfTargetObjectOUIsApprover – set to true to allow the owners of the target object's OU to approve the action.

    This property is exposed by the IAdmRequestApproversInfo2 interface.

To apply the approver information to the action, call IAdmBusinessRuleAction::SetApproversInfo and pass the object that represents the information about approvers as a parameter.

The following actions cannot be sent for approval:

  • Cancel the operation
  • Send this operation for approval
  • Send email notification
  • Send SMS
  • Archive the home directory

2. Set the action parameters

To get the action parameters, call IAdmBusinessRuleAction::GetAction. The object returned by GetAction will implement a specific interface based on the action type. Use its methods and properties to set the action parameters.

 Possible action types and interfaces {id=supportedOperationTypes}

All interfaces that represent action parameters inherit from the IAdmAction and IAdmAction2 interfaces.

Optionally, set a custom description for the action using the IAdmAction2::CustomDescription property.

3. Save the action

After configuring the action parameters, apply them to the action by calling IAdmBusinessRuleAction::SetAction and passing the object that represents the action parameters to this method.

Then, save the action by calling IAdmBusinessRuleAction::SetInfo.

Finally, add the action to the set by calling IAdmCollection::Add and passing the action object as a parameter.

Adding Else If and Else blocks

The following code sample adds an Else if block with an If initiator is an owner of the object condition to an action set.

PowerShell
# The $actionSet variable represents an action set.

# Create an Else if block.
$elseIfBlock = $actionSet.ElseIfConditionedActions.Create()
$elseIfBlock.ConditionsLogicalOperation = "ADM_LOGICALOPERATION_AND"
$elseIfBlock.SetInfo()

# Create a condition and add it to the block.
$condition = $elseIfBlock.Conditions.CreateEx("adm-TrusteeOwnerCondition")
$conditionParams = $condition.GetCondition()
$condition.SetCondition($conditionParams)
$condition.SetInfo()
$elseIfBlock.Conditions.Add($condition)

# Add the block to the action set.
$actionSet.ElseIfConditionedActions.Add($elseIfBlock)  
C#
// The actionSet variable represents an action set.
IAdmBusinessRuleConditionedActions2 actionSet2 = actionSet as IAdmBusinessRuleConditionedActions2;

// Create an Else if block.
IAdmBusinessRuleConditionedActions elseIfBlock =
    (IAdmBusinessRuleConditionedActions)actionSet2.ElseIfConditionedActions.Create();
elseIfBlock.ConditionsLogicalOperation = ADM_LOGICALOPERATION_ENUM.ADM_LOGICALOPERATION_OR;
elseIfBlock.SetInfo(); 

// Create a condition and add it to the block.
IAdmBusinessRuleCondition condition = 
    (IAdmBusinessRuleCondition)elseIfBlock.Conditions.CreateEx("adm-TrusteeOwnerCondition");
IAdmTrusteeOwnerCondition conditionParams = (IAdmTrusteeOwnerCondition)condition.GetCondition();
condition.SetCondition(conditionParams);
condition.SetInfo();
elseIfBlock.Conditions.Add(condition);

// Add the block to the action set.
actionSet2.ElseIfConditionedActions.Add(elseIfBlock);

Else If blocks

The Else if blocks of an action set can be accessed using the ElseIfConditionedActions property of the IAdmBusinessRuleConditionedActions2 interface. The object referenced by ElseIfConditionedActions represents a collection of Else if blocks and implements the IAdmCollection interface.

To create a new Else if block, call IAdmCollection::Create. The object returned by Create implements the IAdmBusinessRuleConditionedActions interface. Use its properties to add actions and conditions to the Else if block just like you would do it for an action set.

Else If block properties

  • ConditionsLogicalOperation – the logical operator between the conditions of the block. If conditions are combined with the AND operator, actions will be executed when all conditions are met. If conditions are combined with the OR operator, actions will be executed when at least one condition is met. The ADM_LOGICALOPERATION_ENUM enumeration specifies the values you need to use to set this property.

    This property is mandatory. You must set it and save the Else if block by calling IADs::SetInfo before adding actions or conditions to the block.

  • Conditions – a collection of conditions that implements the IAdmCollection interface. For details on how to add conditions, see the Adding conditions section above.

  • Actions – a collection of actions that implements the IAdmCollection interface. For details on how to add actions, see the Adding actions section above.

Once you have added all the necessary actions and conditions to the Else if block, add the block to the action set by calling IAdmCollection::Add and passing the object representing the block as a parameter.

Else blocks

The following code sample add a Delete the object action to the Else block of an action set.

PowerShell
# The $actionSet variable represents an action set.

# Create and configure the action.
$action = $actionSet.ElseActions.CreateEx("adm-DeleteObjectAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$actionParams = $action.GetAction()
$actionParams.DeleteSubtree = $true
$action.SetAction($actionParams)
$action.SetInfo()

# Add the action to the Else block
$actionSet.ElseActions.Add($action)
C#
// The actionSet variable represents an action set.
IAdmBusinessRuleConditionedActions2 actionSet2 = actionSet as IAdmBusinessRuleConditionedActions2;

//  Create and configure the action.
IAdmBusinessRuleAction action = 
    (IAdmBusinessRuleAction)actionSet2.ElseActions.CreateEx("adm-DeleteObjectAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmDeleteObjectAction actionParams = (IAdmDeleteObjectAction)action.GetAction();
actionParams.DeleteSubtree = true;
action.SetAction(deleteAction);
action.SetInfo();

// Add the action to the Else block
actionSet2.ElseActions.Add(action);

The Else block of an action set can be accessed using the ElseActions property of the IAdmBusinessRuleConditionedActions2 interface. The object referenced by ElseActions represents a collection of actions and implements the IAdmCollection interface.

The Else block cannot have conditions. It will always be executed if the conditions of the action set or the conditions of at least one Else if block were not met.

To add an action to the Else block, call IAdmCollection::Add and pass the action object as a parameter. For details on how to create actions, see the Adding actions section above.

Examples

The code samples below demonstrate how to define actions and conditions displayed on the screenshot accompanying each example.

Example 1

Example 1

 View sample code
PowerShell
# The $rule variable refers to a business rule

# Create a new action set.
$actionSet = $rule.ConditionedActions.Create()
$actionSet.ConditionsLogicalOperation = "ADM_LOGICALOPERATION_AND"
$actionSet.SetInfo()

# If the operation succeeded.
$condition = $actionSet.Conditions.CreateEx("adm-OperationResultCondition")
$operationResultCondition = $condition.GetCondition()
$operationResultCondition.OperationResult = "ADM_OPERATIONRESULT_SUCCEEDED"
$condition.SetCondition($operationResultCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# If City equals Washington.
$condition = $actionSet.Conditions.CreateEx("adm-AttributeOperatorValueCondition")
$cityCondition = $condition.GetCondition()
$cityCondition.AttributeName = "l" # City
$cityCondition.ComparisonOperator = "ADM_COMPARISONOPERATOR_EQUAL"
$cityValue = New-Object "Softerra.Adaxes.Adsi.AdsPropertyValue"
$cityValue.PutObjectProperty("ADSTYPE_UNKNOWN", "Washington")
$cityCondition.Value = $cityValue
$cityCondition.CaseSensitive = $false
$condition.SetCondition($cityCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# Create Exchange mailbox.
$action = $actionSet.Actions.CreateEx("adm-ExchangeTaskAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$createMailboxAction = $action.GetAction()
$createMailboxAction.TaskType = "ADM_EXCHANGETASKTYPE_CREATEMAILBOX"

# Set the alias.
$createMailboxAction.MailAlias = "%username%"

# Set the mailbox database.
$mailboxStorageDN =
    "CN=Washington,CN=Databases,CN=Exchange Administrative Group," +
    "CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange," +
    "CN=Services,CN=Configuration,DC=domain,DC=com"
$mailboxStore = $service.OpenObject("Adaxes://$mailboxStorageDN", $null, $null, 0)
$createMailboxAction.MailboxStorageDatabase = $mailboxStore

# Set the mailbox selection type.
$createMailboxAction.MailboxStorageSelectionType = "ADM_MAILBOXSTORAGESELECTIONTYPE_NONE"
$action.SetAction($createMailboxAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

# Create home folder.
$action = $actionSet.Actions.CreateEx("adm-CreateHomeDirectoryAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$createHomeDirAction = $action.GetAction()
$createHomeDirAction.HomeDirectory = "\\SERVER\SHARE\%username%"
$createHomeDirAction.HomeDrive = "Z:"
$createHomeDirAction.SetUserAsOwner = $false
$createHomeDirAction.UserAccessPermissions = "ADM_USERACCESSPERMISSION_FULL"
$createHomeDirAction.InheritParentPermissions = $true
$action.SetAction($createHomeDirAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

# Add the user to the Washington group.
$action = $actionSet.Actions.CreateEx("adm-ChangeGroupMembershipAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$addToGroupAction = $action.GetAction()
$addToGroupAction.ActionType = "ADM_CHANGEGROUPMEMBERSHIPACTION_ADD"
$groupDN = "CN=Washington,OU=Groups,DC=domain,DC=com"
$group = $service.OpenObject("Adaxes://$groupDN", $null, $null, 0)
$addToGroupAction.Group = $group
$action.SetAction($addToGroupAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

# Move the user to the Washington OU.
$action = $actionSet.Actions.CreateEx("adm-CopyMoveAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$moveAction = $action.GetAction()
$moveAction.Move = $true
$ouDN = "OU=Washington,OU=Offices,DC=domain,DC=com"
$targetOU = $service.OpenObject("Adaxes://$ouDN", $null, $null, 0)
$moveAction.TargetContainer = $targetOU
$action.SetAction($moveAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

# Add the set to the business rule.
$rule.ConditionedActions.Add($actionSet)
C#
// The rule variable refers to a business rule.

// Create a new action set.
IAdmBusinessRuleConditionedActions actionSet = 
    (IAdmBusinessRuleConditionedActions)rule.ConditionedActions.Create();
actionSet.ConditionsLogicalOperation = ADM_LOGICALOPERATION_ENUM.ADM_LOGICALOPERATION_AND;
actionSet.SetInfo();
            
// If the operation succeeded.
IAdmBusinessRuleCondition condition = 
    (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-OperationResultCondition");
IAdmOperationResultCondition operationResultCondition = 
    (IAdmOperationResultCondition)condition.GetCondition();
operationResultCondition.OperationResult = ADM_OPERATIONRESULT_ENUM.ADM_OPERATIONRESULT_SUCCEEDED;
condition.SetCondition(operationResultCondition);
condition.SetInfo();
actionSet.Conditions.Add(condition);
            
// If City equals Washington.
condition = 
    (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-AttributeOperatorValueCondition");
IAdmAttrOperatorValueCondition cityCondition = 
    (IAdmAttrOperatorValueCondition)condition.GetCondition();
cityCondition.AttributeName = "l"; // City
cityCondition.ComparisonOperator = ADM_COMPARISONOPERATOR_ENUM.ADM_COMPARISONOPERATOR_EQUAL;
AdsPropertyValue cityValue = new AdsPropertyValue();
cityValue.PutObjectProperty(ADSTYPEENUM.ADSTYPE_UNKNOWN, "Washington");
cityCondition.Value = cityValue;
cityCondition.CaseSensitive = false;
condition.SetCondition(cityCondition);
condition.SetInfo();
actionSet.Conditions.Add(condition);
            
// Create Exchange mailbox.
IAdmBusinessRuleAction action =
    (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-ExchangeTaskAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmExchangeMailboxAction createMailboxAction = (IAdmExchangeMailboxAction)action.GetAction();
createMailboxAction.TaskType = ADM_EXCHANGETASKTYPE_ENUM.ADM_EXCHANGETASKTYPE_CREATEMAILBOX;

// Set the alias.
createMailboxAction.MailAlias = "%username%";

// Set the mailbox database.
const string mailboxStorageDN =
    "CN=Washington,CN=Databases,CN=Exchange Administrative Group," +
    "CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange," +
    "CN=Services,CN=Configuration,DC=domain,DC=com";
IADs mailboxStore = (IADs)service.OpenObject($"Adaxes://{mailboxStorageDN}", null, null, 0);
createMailboxAction.MailboxStorageDatabase = mailboxStore;

// Set the mailbox selection type.
createMailboxAction.MailboxStorageSelectionType =
    ADM_MAILBOXSTORAGESELECTIONTYPE_ENUM.ADM_MAILBOXSTORAGESELECTIONTYPE_NONE;
action.SetAction(createMailboxAction);
action.SetInfo();
actionSet.Actions.Add(action);
            
// Create home folder.
action = (IAdmBusinessRuleAction)actionSet.Actions.CreateEx(
    "adm-CreateHomeDirectoryAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmCreateHomeDirectoryAction createHomeDirAction = (IAdmCreateHomeDirectoryAction)action.GetAction();
createHomeDirAction.HomeDirectory = "\\\\SERVER\\SHARE\\%username%";
createHomeDirAction.HomeDrive = "Z:";
createHomeDirAction.SetUserAsOwner = false;
createHomeDirAction.UserAccessPermissions = 
    ADM_USERACCESSPERMISSION_ENUM.ADM_USERACCESSPERMISSION_FULL;
createHomeDirAction.InheritParentPermissions = true;
action.SetAction(createHomeDirAction);
action.SetInfo();
actionSet.Actions.Add(action);

// Add the user to the Washington group.
action = (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-ChangeGroupMembershipAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmChangeGroupMembershipAction addToGroupAction = 
    (IAdmChangeGroupMembershipAction)action.GetAction();
addToGroupAction.ActionType = 
    ADM_CHANGEGROUPMEMBERSHIPACTION_ENUM.ADM_CHANGEGROUPMEMBERSHIPACTION_ADD;
const string groupDN = "CN=Washington,OU=Groups,DC=domain,DC=com";
IADsGroup group = (IADsGroup)service.OpenObject($"Adaxes://{groupDN}", null, null, 0);
addToGroupAction.Group = group;
action.SetAction(addToGroupAction);
action.SetInfo();
actionSet.Actions.Add(action);

// Move the user to the Washington OU.
action = (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-CopyMoveAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmCopyMoveAction moveAction = (IAdmCopyMoveAction)action.GetAction();
moveAction.Move = true;
const string ouDN = "OU=Washington,OU=Offices,DC=domain,DC=com";
IADsContainer targetOU = (IADsContainer)service.OpenObject($"Adaxes://{ouDN}", null, null, 0);
moveAction.TargetContainer = targetOU;
action.SetAction(moveAction);
action.SetInfo();
actionSet.Actions.Add(action);

// Add the set to the business rule.
rule.ConditionedActions.Add(actionSet);

For details on how to get the DN of a mailbox database, see Get the DN of a mailbox database.

Example 2

Example 2

 View sample code
PowerShell
# The $obj variable refers to a business rule, custom command, or scheduled task.

# Create a new action set.
$actionSet = $obj.ConditionedActions.Create()
$actionSet.ConditionsLogicalOperation = "ADM_LOGICALOPERATION_AND"
$actionSet.SetInfo()

# If Office equals My Office 1.
$condition = $actionSet.Conditions.CreateEx("adm-AttributeOperatorValueCondition")
$officeCondition = $condition.GetCondition()
$officeCondition.AttributeName = "physicalDeliveryOfficeName"
$officeCondition.ComparisonOperator = "ADM_COMPARISONOPERATOR_EQUAL"
$officeValue = New-Object "Softerra.Adaxes.Adsi.AdsPropertyValue"
$officeValue.PutObjectProperty("ADSTYPE_UNKNOWN", "My Office 1")
$officeCondition.Value = $officeValue
$officeCondition.CaseSensitive = $false
$condition.SetCondition($officeCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# Update City and ZIP/Postal code.
$action = $actionSet.Actions.CreateEx("adm-SetPropertiesAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$updateAction = $action.GetAction()

# City
$cityValue = New-Object "Softerra.Adaxes.Adsi.AdsPropertyValue"
$cityValue.PutObjectProperty("ADSTYPE_UNKNOWN", "My City")
$propertyEntry = New-Object "Softerra.Adaxes.Adsi.AdsPropertyEntry"
$propertyEntry.Name = "l" # City
$propertyEntry.ADsType = "ADSTYPE_CASE_IGNORE_STRING"
$propertyEntry.ControlCode = "ADS_PROPERTY_UPDATE"
$propertyEntry.Values = @([Softerra.Adaxes.Interop.Adsi.Cache.IADsPropertyValue]$cityValue)
$updateAction.PropertyList.PutPropertyItem($propertyEntry)

# ZIP/Postal code
$postalCodeValue = New-Object "Softerra.Adaxes.Adsi.AdsPropertyValue"
$postalCodeValue.PutObjectProperty("ADSTYPE_UNKNOWN", "12345")
$propertyEntry = New-Object "Softerra.Adaxes.Adsi.AdsPropertyEntry"
$propertyEntry.Name = "postalCode"
$propertyEntry.ADsType = "ADSTYPE_CASE_IGNORE_STRING"
$propertyEntry.ControlCode = "ADS_PROPERTY_UPDATE"
$propertyEntry.Values = @([Softerra.Adaxes.Interop.Adsi.Cache.IADsPropertyValue]$postalCodeValue)
$updateAction.PropertyList.PutPropertyItem($propertyEntry)

$action.SetAction($updateAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

# Add the set to the business rule, custom command, or scheduled task.
$obj.ConditionedActions.Add($actionSet)
C#
// The obj variable refers to a business rule, custom command, or scheduled task.

// Create a new action set.
IAdmBusinessRuleConditionedActions actionSet = 
    (IAdmBusinessRuleConditionedActions)obj.ConditionedActions.Create();
actionSet.ConditionsLogicalOperation = ADM_LOGICALOPERATION_ENUM.ADM_LOGICALOPERATION_AND;
actionSet.SetInfo();

// If Office equals My Office 1.
IAdmBusinessRuleCondition condition =
    (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-AttributeOperatorValueCondition");
IAdmAttrOperatorValueCondition officeCondition =
    (IAdmAttrOperatorValueCondition)condition.GetCondition();
officeCondition.AttributeName = "physicalDeliveryOfficeName";
officeCondition.ComparisonOperator = ADM_COMPARISONOPERATOR_ENUM.ADM_COMPARISONOPERATOR_EQUAL;
AdsPropertyValue officeValue = new AdsPropertyValue();
officeValue.PutObjectProperty(ADSTYPEENUM.ADSTYPE_UNKNOWN, "My Office 1");
officeCondition.Value = officeValue;
officeCondition.CaseSensitive = false;
condition.SetCondition(officeCondition);
condition.SetInfo();
actionSet.Conditions.Add(condition);

// Update City and ZIP/Postal code.
IAdmBusinessRuleAction action =
    (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-SetPropertiesAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmSetPropertiesAction updateAction = (IAdmSetPropertiesAction)action.GetAction();

// City
AdsPropertyValue cityValue = new AdsPropertyValue();
cityValue.PutObjectProperty(ADSTYPEENUM.ADSTYPE_UNKNOWN, "My City");
AdsPropertyEntry propertyEntry = new AdsPropertyEntry();
propertyEntry.Name = "l"; // City
propertyEntry.ADsType = ADSTYPEENUM.ADSTYPE_CASE_IGNORE_STRING;
propertyEntry.ControlCode = ADS_PROPERTY_OPERATION_ENUM.ADS_PROPERTY_UPDATE;
propertyEntry.Values = new object[] { cityValue };
updateAction.PropertyList.PutPropertyItem(propertyEntry);

// ZIP/Postal code
AdsPropertyValue postalCodeValue = new AdsPropertyValue();
postalCodeValue.PutObjectProperty(ADSTYPEENUM.ADSTYPE_UNKNOWN, "12345");
propertyEntry = new AdsPropertyEntry();
propertyEntry.Name = "postalCode";
propertyEntry.ADsType = ADSTYPEENUM.ADSTYPE_CASE_IGNORE_STRING;
propertyEntry.ControlCode = ADS_PROPERTY_OPERATION_ENUM.ADS_PROPERTY_UPDATE;
propertyEntry.Values = new object[] { postalCodeValue };
updateAction.PropertyList.PutPropertyItem(propertyEntry);

action.SetAction(updateAction);
action.SetInfo();
actionSet.Actions.Add(action);

// Add the set to the business rule, custom command or scheduled task.
obj.ConditionedActions.Add(actionSet);

Example 3

Example 3

 View sample code
PowerShell
# The $rule variable refers to a business rule executed after updating a group.

# Create a new action set.
$actionSet = $rule.ConditionedActions.Create()
$actionSet.ConditionsLogicalOperation = "ADM_LOGICALOPERATION_AND"
$actionSet.SetInfo()

# If the operation succeeded.
$condition = $actionSet.Conditions.CreateEx("adm-OperationResultCondition")
$operationResultCondition = $condition.GetCondition()
$operationResultCondition.OperationResult = "ADM_OPERATIONRESULT_SUCCEEDED"
$condition.SetCondition($operationResultCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# If the Member property has changed.
$condition = $actionSet.Conditions.CreateEx("adm-AttributeChangedCondition")
$propChangedCondition = $condition.GetCondition()
$propChangedCondition.IsOperator = "ADM_ISOPERATOR_IS"
$propChangedCondition.AttributeName = "member"
$condition.SetCondition($propChangedCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# If initiator is NOT a member of the BUILTIN\Administrators group.
$condition = $actionSet.Conditions.CreateEx("adm-TrusteeMembershipCondition")
$initiatorCondition = $condition.GetCondition()
$initiatorCondition.IsOperator = "ADM_ISOPERATOR_ISNOT"
$groupDN = "CN=Administrators,CN=Builtin,DC=domain,DC=com"
$group = $service.OpenObject("Adaxes://$groupDN", $null, $null, 0)
$initiatorCondition.Group = $group
$condition.SetCondition($initiatorCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# Send SMS.
$action = $actionSet.Actions.CreateEx("adm-SendSmsAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$smsAction = $action.GetAction()
$smsAction.MobileNumbers = "1-234-567-8900"
$smsAction.SmsText = "New member %member% was added to group %name%"
$action.SetAction($smsAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

# Add the set to the business rule, custom command or scheduled task.
$rule.ConditionedActions.Add($actionSet)
C#
// The rule variable refers to a business rule executed after updating groups.

// Create a new action set.
IAdmBusinessRuleConditionedActions actionSet = 
    (IAdmBusinessRuleConditionedActions)rule.ConditionedActions.Create();
actionSet.ConditionsLogicalOperation = ADM_LOGICALOPERATION_ENUM.ADM_LOGICALOPERATION_AND;
actionSet.SetInfo();

// If the operation succeeded.
IAdmBusinessRuleCondition condition =
    (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-OperationResultCondition");
IAdmOperationResultCondition operationResultCondition = 
    (IAdmOperationResultCondition)condition.GetCondition();
operationResultCondition.OperationResult = ADM_OPERATIONRESULT_ENUM.ADM_OPERATIONRESULT_SUCCEEDED;
condition.SetCondition(operationResultCondition);
condition.SetInfo();
actionSet.Conditions.Add(condition);

// If the Member property has changed.
condition =
    (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-AttributeChangedCondition");
IAdmAttributeChangedCondition propChangedCondition =
    (IAdmAttributeChangedCondition)condition.GetCondition();
propChangedCondition.IsOperator = ADM_ISOPERATOR_ENUM.ADM_ISOPERATOR_IS;
propChangedCondition.AttributeName = "member";
condition.SetCondition(propChangedCondition);
condition.SetInfo();
actionSet.Conditions.Add(condition);

// If initiator is NOT a member of the BUILTIN\Administrators group.
condition =
    (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-TrusteeMembershipCondition");
IAdmTrusteeMembershipCondition initiatorCondition =
    (IAdmTrusteeMembershipCondition)condition.GetCondition();
initiatorCondition.IsOperator = ADM_ISOPERATOR_ENUM.ADM_ISOPERATOR_ISNOT;
const string groupDN = "CN=Administrators,CN=Builtin,DC=domain,DC=com";
IADsGroup group = (IADsGroup)service.OpenObject($"Adaxes://{groupDN}", null, null, 0);
initiatorCondition.Group = group;
condition.SetCondition(initiatorCondition);
condition.SetInfo();
actionSet.Conditions.Add(condition);

// Send SMS.
IAdmBusinessRuleAction action =
    (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-SendSmsAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmSendSmsAction smsAction = (IAdmSendSmsAction)action.GetAction();
smsAction.MobileNumbers = "1-234-567-8900";
smsAction.SmsText = "New member %member% was added to group %name%";
action.SetAction(smsAction);
action.SetInfo();
actionSet.Actions.Add(action);

// Add the set to the business rule, custom command, or scheduled task.
rule.ConditionedActions.Add(actionSet);

Example 4

Example 4

 View sample code
PowerShell
# The $obj variable refers to a business rule, custom command, or scheduled task.

# Create a new action set.
$actionSet = $obj.ConditionedActions.Create()
$actionSet.ConditionsLogicalOperation = "ADM_LOGICALOPERATION_AND"
$actionSet.SetInfo()

# If the user is a member of the Help Desk group.
$condition = $actionSet.Conditions.CreateEx("adm-GroupMembershipCondition")
$membershipCondition = $condition.GetCondition()
$membershipCondition.IsOperator = "ADM_ISOPERATOR_IS"
$groupDN = "CN=Help Desk,OU=Groups,DC=domain,DC=com"
$group = $service.OpenObject("Adaxes://$groupDN", $null, $null, 0)
$membershipCondition.Group = $group
$condition.SetCondition($membershipCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# If Smart card is required for logon.
$condition = $actionSet.Conditions.CreateEx("adm-AccountOptionsCondition")
$accountOptionsCondition = $condition.GetCondition()
$ADS_UF_SMARTCARD_REQUIRED = 0x40000
$accountOptionsCondition.AccountOptionsValue = $ADS_UF_SMARTCARD_REQUIRED
$accountOptionsCondition.AccountOptionsMask = $ADS_UF_SMARTCARD_REQUIRED
$condition.SetCondition($accountOptionsCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# Reset the Smart Card Required for Logon flag.
$action = $actionSet.Actions.CreateEx("adm-SetAccountOptionsAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$updateAction = $action.GetAction()

$accountOptionsValue = New-Object "Softerra.Adaxes.Adsi.AdsPropertyValue"
$accountOptionsValue.PutObjectProperty("ADSTYPE_INTEGER", 0)
$propertyEntry = New-Object "Softerra.Adaxes.Adsi.AdsPropertyEntry"
$propertyEntry.Name = "userAccountControl"
$propertyEntry.ADsType = "ADSTYPE_INTEGER"
$propertyEntry.ControlCode = "ADS_PROPERTY_UPDATE"
$propertyEntry.Values = 
    @([Softerra.Adaxes.Interop.Adsi.Cache.IADsPropertyValue]$accountOptionsValue)
$updateAction.PropertyList.PutPropertyItem($propertyEntry)
$updateAction.PropertyList.PutPropertyItemMask("userAccountControl",
    [int]$ADS_UF_SMARTCARD_REQUIRED)

$action.SetAction($updateAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

# Add the set to the business rule, custom command, or scheduled task.
$obj.ConditionedActions.Add($actionSet)
C#
// The obj variable refers to a business rule, custom command, or scheduled task.

// Create a new action set.
IAdmBusinessRuleConditionedActions actionSet = 
    (IAdmBusinessRuleConditionedActions)obj.ConditionedActions.Create();
actionSet.ConditionsLogicalOperation = ADM_LOGICALOPERATION_ENUM.ADM_LOGICALOPERATION_AND;
actionSet.SetInfo();

// If the user is a member of the Help Desk group.
IAdmBusinessRuleCondition condition =
    (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-GroupMembershipCondition");
IAdmGroupMembershipCondition membershipCondition =
    (IAdmGroupMembershipCondition)condition.GetCondition();
membershipCondition.IsOperator = ADM_ISOPERATOR_ENUM.ADM_ISOPERATOR_IS;
const string groupDN = "CN=Help Desk,OU=Groups,DC=domain,DC=com";
IADsGroup group = (IADsGroup)service.OpenObject($"Adaxes://{groupDN}", null, null, 0);
membershipCondition.Group = group;
condition.SetCondition(membershipCondition);
condition.SetInfo();
actionSet.Conditions.Add(condition);

// If Smart card is required for logon.
IAdmBusinessRuleCondition condition =
    (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-AccountOptionsCondition");
IAdmAccountOptionsCondition accountOptionsCondition =
    (IAdmAccountOptionsCondition)condition.GetCondition();
accountOptionsCondition.AccountOptionsValue = (int)ADS_USER_FLAG_ENUM.ADS_UF_SMARTCARD_REQUIRED;
accountOptionsCondition.AccountOptionsMask = (int)ADS_USER_FLAG_ENUM.ADS_UF_SMARTCARD_REQUIRED;
condition.SetCondition(accountOptionsCondition);
condition.SetInfo();
actionSet.Conditions.Add(condition);

// Reset the Smart Card Required for Logon flag.
IAdmBusinessRuleAction action =
    (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-SetAccountOptionsAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmSetPropertiesAction updateAction = (IAdmSetPropertiesAction)action.GetAction();
AdsPropertyValue accountOptionsValue = new AdsPropertyValue();
accountOptionsValue.PutObjectProperty(ADSTYPEENUM.ADSTYPE_INTEGER, 0);
AdsPropertyEntry propertyEntry = new AdsPropertyEntry();
propertyEntry.Name = "userAccountControl";
propertyEntry.ADsType = ADSTYPEENUM.ADSTYPE_INTEGER;
propertyEntry.ControlCode = ADS_PROPERTY_OPERATION_ENUM.ADS_PROPERTY_UPDATE;
propertyEntry.Values = new object[] { accountOptionsValue };
updateAction.PropertyList.PutPropertyItem(propertyEntry);
updateAction.PropertyList.PutPropertyItemMask("userAccountControl",
    (int)ADS_USER_FLAG_ENUM.ADS_UF_SMARTCARD_REQUIRED);

action.SetAction(updateAction);
action.SetInfo();
actionSet.Actions.Add(action);

// Add the set to the business rule, custom command or scheduled task.
obj.ConditionedActions.Add(actionSet);

Example 5

Example 5

 View sample code
PowerShell
# The $obj variable refers to a business rule, custom command or scheduled task.

# Create a new action set.
$actionSet = $obj.ConditionedActions.Create()
$actionSet.ConditionsLogicalOperation = "ADM_LOGICALOPERATION_AND"
$actionSet.SetInfo()

# If script My Script returns true.
$condition = $actionSet.Conditions.CreateEx("adm-ScriptCondition")
$scriptCondition = $condition.GetCondition()
$scriptCondition.ScriptDescription = "My Script"
$scriptCondition.Script = @'
$Context.ConditionIsMet = $Context.TargetObject.IsAccountLocked
'@
$condition.SetCondition($scriptCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# Send operation for approval.
$action = $actionSet.Actions.CreateEx("adm-ApprovalRequestInfoAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$approvalAction = $action.GetAction()
$approverGroupDN = "CN=Administrators,CN=Builtin,DC=domain,DC=com"
$approverGroup = $service.OpenObject("Adaxes://$approverGroupDN", $null, $null, 0)
$approvalAction.ApproversInfo.ApproverGroups.Add($approverGroup)
$approverUserDN = "CN=John Smith,CN=Users,DC=domain,DC=com"
$approverUser = $service.OpenObject("Adaxes://$approverUserDN", $null, $null, 0)
$approvalAction.ApproversInfo.ApproverTrustees.Add($approverUser)
$approvalAction.ApproversInfo.ManagerOfTrusteeIsApprover = $true
$approvalAction.ApproversInfo.OwnerOfRequestorOUIsApprover = $false
$approvalAction.ApproversInfo.ManagerOfTargetObjectIsApprover = $true
$approvalAction.ApproversInfo.OwnerOfTargetObjectOUIsApprover = $true
$action.SetAction($approvalAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

# Add the set to the business rule, custom command or scheduled task.
$obj.ConditionedActions.Add($actionSet)
C#
// The obj variable refers to a business rule, custom command or scheduled task.

// Create a new action set.
IAdmBusinessRuleConditionedActions actionSet = 
    (IAdmBusinessRuleConditionedActions)obj.ConditionedActions.Create();
actionSet.ConditionsLogicalOperation = ADM_LOGICALOPERATION_ENUM.ADM_LOGICALOPERATION_AND;
actionSet.SetInfo();

// If script My Script returns true.
IAdmBusinessRuleCondition condition =
    (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-ScriptCondition");
IAdmScriptCondition scriptCondition = (IAdmScriptCondition)condition.GetCondition();
scriptCondition.ScriptDescription = "My Script";
scriptCondition.Script = "$Context.ConditionIsMet = $Context.TargetObject.IsAccountLocked";
condition.SetCondition(scriptCondition);
condition.SetInfo();
actionSet.Conditions.Add(condition);

// Send operation for approval.
IAdmBusinessRuleAction action =
    (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-ApprovalRequestInfoAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmApprovalRequestInfoAction approvalAction = (IAdmApprovalRequestInfoAction)action.GetAction();
const string approverGroupDN = "CN=Administrators,CN=Builtin,DC=domain,DC=com";
IAdmGroup approverGroup = 
    (IAdmGroup)service.OpenObject($"Adaxes://{approverGroupDN}", null, null, 0);
approvalAction.ApproversInfo.ApproverGroups.Add(approverGroup);
const string approverUserDN = "CN=John Smith,CN=Users,DC=domain,DC=com";
IAdmTop approverUser = 
    (IAdmTop)service.OpenObject($"Adaxes://{approverUserDN}", $null, $null, 0);
approvalAction.ApproversInfo.ApproverTrustees.Add(approverUser);
approvalAction.ApproversInfo.ManagerOfTrusteeIsApprover = true;
IAdmRequestApproversInfo2 approversInfo2 = (IAdmRequestApproversInfo2)approvalAction.ApproversInfo;
approversInfo2.OwnerOfRequestorOUIsApprover = false;
approversInfo2.ManagerOfTargetObjectIsApprover = true;
approversInfo2.OwnerOfTargetObjectOUIsApprover = true;
action.SetAction(approvalAction);
action.SetInfo();
actionSet.Actions.Add(action);

// Add the set to the business rule, custom command or scheduled task.
obj.ConditionedActions.Add(actionSet);

Example 6

Example 6

 View sample code
PowerShell
# The $obj variable refers to a business rule, custom command or scheduled task.

# Create a new action set.
$actionSet = $obj.ConditionedActions.Create()
$actionSet.ConditionsLogicalOperation = "ADM_LOGICALOPERATION_AND"
$actionSet.SetInfo()

# If password has expired.
$condition = $actionSet.Conditions.CreateEx("adm-AccountPasswordExpirationCondition")
$passwordCondition = $condition.GetCondition()
$passwordCondition.ExpirationType = "ADM_EXPIRATIONTYPE_PASSWORD"
$passwordCondition.ExpirationOperator = "ADM_EXPIRATIONOPERATOR_HASEXPIRED"
$condition.SetCondition($passwordCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# Reset Password.
$action = $actionSet.Actions.CreateEx("adm-ResetPasswordAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$resetPasswordAction = $action.GetAction()
$resetPasswordAction.Password = "%adm-ManagerUserName%"
$action.SetAction($resetPasswordAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

# Send email notification.
$action = $actionSet.Actions.CreateEx("adm-SendMailNotificationAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$sendMailAction = $action.GetAction()
$sendMailAction.RecipientAddresses = "%adm-ManagerEmail%"
$sendMailAction.Subject = "Password Expired: %username%"
$sendMailAction.Text = @'
The password of user %name% has expired. The new password was generated.
New password: %adm-ManagerUserName%
'@
$sendMailAction.FormatAsHtml = $false
$action.SetAction($sendMailAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

# Add the set to the business rule, custom command or scheduled task.
$obj.ConditionedActions.Add($actionSet)
C#
// The obj variable refers to a business rule, custom command or scheduled task

// Create a new action set.
IAdmBusinessRuleConditionedActions actionSet = 
    (IAdmBusinessRuleConditionedActions)obj.ConditionedActions.Create();
actionSet.ConditionsLogicalOperation = ADM_LOGICALOPERATION_ENUM.ADM_LOGICALOPERATION_AND;
actionSet.SetInfo();

// If password has expired.
IAdmBusinessRuleCondition condition =
    (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-AccountPasswordExpirationCondition");
IAdmAccountPasswordExpirationCondition passwordCondition =
    (IAdmAccountPasswordExpirationCondition)condition.GetCondition();
passwordCondition.ExpirationType = ADM_EXPIRATIONTYPE_ENUM.ADM_EXPIRATIONTYPE_PASSWORD;
passwordCondition.ExpirationOperator = ADM_EXPIRATIONOPERATOR_ENUM.ADM_EXPIRATIONOPERATOR_HASEXPIRED;
condition.SetCondition(passwordCondition);
condition.SetInfo();
actionSet.Conditions.Add(condition);

// Reset Password.
IAdmBusinessRuleAction action =
    (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-ResetPasswordAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmResetPasswordAction resetPasswordAction = (IAdmResetPasswordAction)action.GetAction();
resetPasswordAction.Password = "%adm-ManagerUserName%";
action.SetAction(resetPasswordAction);
action.SetInfo();
actionSet.Actions.Add(action);

// Send email notification.
action =
    (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-SendMailNotificationAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmSendMailNotificationAction sendMailAction = 
    (IAdmSendMailNotificationAction)action.GetAction();
sendMailAction.RecipientAddresses = "%adm-ManagerEmail%";
sendMailAction.Subject = "Password Expired: %username%";
sendMailAction.Text =
    "The password of user %name% has expired. The new password was generated.\n" +
    "New password: %adm-ManagerUserName%";
IAdmSendMailNotificationAction2 sendMailAction2 = (IAdmSendMailNotificationAction2)sendMailAction;
sendMailAction2.FormatAsHtml = false;
action.SetAction(sendMailAction);
action.SetInfo();
actionSet.Actions.Add(action);

// Add the set to the business rule, custom command or scheduled task.
obj.ConditionedActions.Add(actionSet);

Example 7

Example 7

 View sample code
PowerShell
# The $obj variable refers to a business rule, custom command or scheduled task.

# Create a new action set.
$actionSet = $obj.ConditionedActions.Create()
$actionSet.ConditionsLogicalOperation = "ADM_LOGICALOPERATION_AND"
$actionSet.SetInfo()

# If the user doesn't have an Exchange mailbox.
$condition = $actionSet.Conditions.CreateEx("adm-MailboxEnabledCondition")
$mailboxCondition = $condition.GetCondition()
$mailboxCondition.IsOperator = "ADM_ISOPERATOR_ISNOT"
$condition.SetCondition($mailboxCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# Cancel the operation.
$action = $actionSet.Actions.CreateEx("adm-CancelOperationAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$cancelAction = $action.GetAction()
$cancelAction.ReasonMessage = "My Reason"
$action.SetAction($cancelAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

# Add the set to the business rule, custom command or scheduled task.
$obj.ConditionedActions.Add($actionSet)
C#
// The obj variable refers to a business rule, custom command or scheduled task.

// Create a new action set.
IAdmBusinessRuleConditionedActions actionSet = 
    (IAdmBusinessRuleConditionedActions)obj.ConditionedActions.Create();
actionSet.ConditionsLogicalOperation = ADM_LOGICALOPERATION_ENUM.ADM_LOGICALOPERATION_AND;
actionSet.SetInfo();

// If the user doesn't have an Exchange mailbox.
IAdmBusinessRuleCondition condition =
    (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-MailboxEnabledCondition");
IAdmMailboxEnabledCondition mailboxCondition = 
    (IAdmMailboxEnabledCondition)condition.GetCondition();
mailboxCondition.IsOperator = ADM_ISOPERATOR_ENUM.ADM_ISOPERATOR_ISNOT;
condition.SetCondition(mailboxCondition);
condition.SetInfo();
actionSet.Conditions.Add(condition);

// Cancel the operation.
IAdmBusinessRuleAction action =
    (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-CancelOperationAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmCancelOperationAction cancelAction = (IAdmCancelOperationAction)action.GetAction();
cancelAction.ReasonMessage = "My Reason";
action.SetAction(cancelAction);
action.SetInfo();
actionSet.Actions.Add(action);

// Add the set to the business rule, custom command or scheduled task.
obj.ConditionedActions.Add(actionSet);

Example 8

Example 8

 View sample code
PowerShell
# The $obj variable refers to a business rule, custom command or scheduled task.

# Create a new action set.
$actionSet = $obj.ConditionedActions.Create()
$actionSet.ConditionsLogicalOperation = "ADM_LOGICALOPERATION_AND"
$actionSet.SetInfo()

# If located under the Washington OU.
$condition = $actionSet.Conditions.CreateEx("adm-LocationCondition")
$locationCondition = $condition.GetCondition()
$locationCondition.IsOperator = "ADM_ISOPERATOR_IS"
$locationCondition.Scope = "ADS_SCOPE_SUBTREE"
$ouDN = "OU=Washington,DC=company,DC=com"
$ou = $service.OpenObject("Adaxes://$ouDN", $null, $null, 0)
$locationCondition.Container = $ou
$condition.SetCondition($locationCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# Execute custom command Deprovision.
$action = $actionSet.Actions.CreateEx("adm-CustomCommandAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$customCommandAction = $action.GetAction()
$customCommandAction.CustomCommandId = "{9DB88EC3-1241-4AB1-9612-C7C982BAA49F}"
$action.SetAction($customCommandAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

# Run PowerShell script.
$scriptToExecute = {
$Context.LogMessage("The script has been executed for %name%", "Information")
}

$action = $actionSet.Actions.CreateEx("adm-RunScriptAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$scriptAction = $action.GetAction()
$scriptAction.ScriptType = "ADM_SCRIPTTYPE_POWERSHELL"
$scriptAction.ScriptDescription = "My Script"
$scriptAction.Script = $scriptToExecute.ToString()
$action.SetAction($scriptAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

# Add the set to the business rule, custom command or scheduled task.
$obj.ConditionedActions.Add($actionSet)
C#
// The obj variable refers to a business rule, custom command or scheduled task

// Create a new action set.
IAdmBusinessRuleConditionedActions actionSet = 
    (IAdmBusinessRuleConditionedActions)obj.ConditionedActions.Create();
actionSet.ConditionsLogicalOperation = ADM_LOGICALOPERATION_ENUM.ADM_LOGICALOPERATION_AND;
actionSet.SetInfo();

// If located under the Washington OU.
IAdmBusinessRuleCondition condition =
    (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-LocationCondition");
IAdmLocationCondition locationCondition = (IAdmLocationCondition)condition.GetCondition();
locationCondition.IsOperator = ADM_ISOPERATOR_ENUM.ADM_ISOPERATOR_IS;
locationCondition.Scope = ADS_SCOPEENUM.ADS_SCOPE_SUBTREE;
const string ouDN = "OU=Washington,DC=company,DC=com";
IADsContainer ou = (IADsContainer)service.OpenObject($"Adaxes://{ouDN}", null, null, 0);
locationCondition.Container = ou;
condition.SetCondition(locationCondition);
condition.SetInfo();
actionSet.Conditions.Add(condition);

// Execute custom command Deprovision.
IAdmBusinessRuleAction action =
    (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-CustomCommandAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmCustomCommandAction customCommandAction = (IAdmCustomCommandAction)action.GetAction();
customCommandAction.CustomCommandId = "{9DB88EC3-1241-4AB1-9612-C7C982BAA49F}";
action.SetAction(customCommandAction);
action.SetInfo();
actionSet.Actions.Add(action);

// Run PowerShell script.
action =
    (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-RunScriptAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmRunScriptAction scriptAction = (IAdmRunScriptAction)action.GetAction();
scriptAction.ScriptType = ADM_SCRIPTTYPE_ENUM.ADM_SCRIPTTYPE_POWERSHELL;
scriptAction.ScriptDescription = "My Script";
scriptAction.Script =
    "$Context.LogMessage(\"The script has been executed for %name%\",\n" +
    "    \"Information\")";
action.SetAction(scriptAction);
action.SetInfo();
actionSet.Actions.Add(action);

// Add the set to the business rule, custom command or scheduled task.
obj.ConditionedActions.Add(actionSet);

For information on how to get the identifier of a custom command, see Get custom command identifier.

Example 9

Example 9

 View sample code
PowerShell
# The $obj variable refers to a business rule, custom command or scheduled task.

# Create a new action set.
$actionSet = $obj.ConditionedActions.Create()
$actionSet.ConditionsLogicalOperation = "ADM_LOGICALOPERATION_AND"
$actionSet.SetInfo()

# If account expired more that 30 days ago.
$condition = $actionSet.Conditions.CreateEx("adm-AccountPasswordExpirationCondition")
$expirationCondition = $condition.GetCondition()
$expirationCondition.ExpirationType = "ADM_EXPIRATIONTYPE_ACCOUNT"
$expirationCondition.ExpirationOperator =
    "ADM_EXPIRATIONOPERATOR_EXPIRED"
$expirationCondition.PeriodOperator =
    "ADM_EXPIRATIONCOMPARISONOPERATOR_MORETHAN"
$expirationCondition.PeriodValue = 30
$condition.SetCondition($expirationCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# Delete the object.
$action = $actionSet.Actions.CreateEx("adm-DeleteObjectAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$deleteAction = $action.GetAction()
$deleteAction.DeleteSubtree = $true
$action.SetAction($deleteAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

# Add the set to the business rule, custom command or scheduled task.
$obj.ConditionedActions.Add($actionSet)
C#
// The obj variable refers to a business rule, custom command or scheduled task.

// Create a new action set.
IAdmBusinessRuleConditionedActions actionSet = 
    (IAdmBusinessRuleConditionedActions)obj.ConditionedActions.Create();
actionSet.ConditionsLogicalOperation = ADM_LOGICALOPERATION_ENUM.ADM_LOGICALOPERATION_AND;
actionSet.SetInfo();

// If account expired more that 30 days ago.
IAdmBusinessRuleCondition condition =
    (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-AccountPasswordExpirationCondition");
IAdmAccountPasswordExpirationCondition expirationCondition = 
    (IAdmAccountPasswordExpirationCondition)condition.GetCondition();
expirationCondition.ExpirationType = ADM_EXPIRATIONTYPE_ENUM.ADM_EXPIRATIONTYPE_ACCOUNT;
expirationCondition.ExpirationOperator = 
    ADM_EXPIRATIONOPERATOR_ENUM.ADM_EXPIRATIONOPERATOR_EXPIRED;
expirationCondition.PeriodOperator = 
    ADM_PERIODCOMPARISONOPERATOR_ENUM.ADM_EXPIRATIONCOMPARISONOPERATOR_MORETHAN;
expirationCondition.PeriodValue = 30;
condition.SetCondition(expirationCondition);
condition.SetInfo();
actionSet.Conditions.Add(condition);

// Delete the object.
IAdmBusinessRuleAction action =
    (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-DeleteObjectAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmDeleteObjectAction deleteAction = (IAdmDeleteObjectAction)action.GetAction();
deleteAction.DeleteSubtree = true;
action.SetAction(deleteAction);
action.SetInfo();
actionSet.Actions.Add(action);

// Add the set to the business rule, custom command or scheduled task.
obj.ConditionedActions.Add(actionSet);

Example 10

Example 10

 View sample code
PowerShell
# The $rule variable refers to a business rule.

# Create a new action set.
$actionSet = $rule.ConditionedActions.Create()
$actionSet.ConditionsLogicalOperation = "ADM_LOGICALOPERATION_AND"
$actionSet.SetInfo()

# If the operation succeeded.
$condition = $actionSet.Conditions.CreateEx("adm-OperationResultCondition")
$operationResultCondition = $condition.GetCondition()
$operationResultCondition.OperationResult = "ADM_OPERATIONRESULT_SUCCEEDED"
$condition.SetCondition($operationResultCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# If account is enabled.
$condition = $actionSet.Conditions.CreateEx("adm-AccountStatusCondition")
$enabledCondition = $condition.GetCondition()
$enabledCondition.AccountStatus = "ADM_ACCOUNTSTATUS_ENABLED"
$condition.SetCondition($enabledCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# Enable the user for Skype for Business (Lync).
$action = $actionSet.Actions.CreateEx("adm-LyncEnableDisableAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$lyncAction = $action.GetAction()
$lyncAction.Enable = $true
$lyncAction.Pool = "lyncserverA.example.com"
$lyncAction.SipAddress = "sip:%mail%"
$action.SetAction($lyncAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

# Add the set to the business rule.
$rule.ConditionedActions.Add($actionSet)
C#
// The rule variable refers to a business rule.

// Create a new action set.
IAdmBusinessRuleConditionedActions actionSet = 
    (IAdmBusinessRuleConditionedActions)rule.ConditionedActions.Create();
actionSet.ConditionsLogicalOperation = ADM_LOGICALOPERATION_ENUM.ADM_LOGICALOPERATION_AND;
actionSet.SetInfo();

// If the operation succeeded.
IAdmBusinessRuleCondition condition = 
    (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-OperationResultCondition");
IAdmOperationResultCondition operationResultCondition = 
    (IAdmOperationResultCondition)condition.GetCondition();
operationResultCondition.OperationResult = ADM_OPERATIONRESULT_ENUM.ADM_OPERATIONRESULT_SUCCEEDED;
condition.SetCondition(operationResultCondition);
condition.SetInfo();
actionSet.Conditions.Add(condition);

// If account is enabled.
condition = 
    (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-AccountStatusCondition");
IAdmAccountStatusCondition enabledCondition =
    (IAdmAccountStatusCondition)condition.GetCondition();
enabledCondition.AccountStatus = ADM_ACCOUNTSTATUS_ENUM.ADM_ACCOUNTSTATUS_ENABLED;
condition.SetCondition(enabledCondition);
condition.SetInfo();
actionSet.Conditions.Add(condition);

// Enable the user for Skype for Business (Lync).
IAdmBusinessRuleAction action =
    (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-LyncEnableDisableAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmLyncEnableDisableAction lyncAction = (IAdmLyncEnableDisableAction)action.GetAction();
lyncAction.Enable = true;
lyncAction.Pool = "lyncserverA.example.com";
lyncAction.SipAddress = "sip:%mail%";

action.SetAction(lyncAction);
action.SetInfo();
actionSet.Actions.Add(action);

// Add the set to the business rule.
rule.ConditionedActions.Add(actionSet);

Example 11

Example 11

 View sample code
PowerShell
# The $obj variable refers to a business rule, custom command, or scheduled task.

# Create a new action set.
$actionSet = $obj.ConditionedActions.Create()
$actionSet.ConditionsLogicalOperation = "ADM_LOGICALOPERATION_AND"
$actionSet.SetInfo()

# If City equals Miami.
$condition = $actionSet.Conditions.CreateEx("adm-AttributeOperatorValueCondition")
$cityCondition = $condition.GetCondition()
$cityCondition.AttributeName = "l" # City
$cityCondition.ComparisonOperator = "ADM_COMPARISONOPERATOR_EQUAL"
$cityValue = New-Object "Softerra.Adaxes.Adsi.AdsPropertyValue"
$cityValue.PutObjectProperty("ADSTYPE_UNKNOWN", "Miami")
$cityCondition.Value = $cityValue
$cityCondition.CaseSensitive = $false
$condition.SetCondition($cityCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# Mofify mailbox settings for the user: enable Archive.
$action = $actionSet.Actions.CreateEx("adm-SetExchangeMailParametersAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$exchangeAction = $action.GetAction()
$mailboxParams = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxParameters"

# Enable the Archive feature.
$archiveFeature = $mailboxParams.MailboxFeatures.Create("ADM_EXCHANGE_MAILBOXFEATURETYPE_ARCHIVE")
$archiveFeature.Enabled = $true
$mailboxParams.MailboxFeatures.Add($archiveFeature)
$exchangeAction.MailParameters = $mailboxParams
$action.SetAction($exchangeAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

# Move the Exchange mailbox of the user (Target database: Miami DB).
$action = $actionSet.Actions.CreateEx("adm-MoveExchangeMailboxAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$moveAction = $action.GetAction()
$moveAction.Mode = "ADM_MOVEMAILBOXACTION_MODE_CREATEREQUEST"
$targetDatabaseDN =
    "CN=Miami DB,CN=Databases,CN=Exchange Administrative Group," +
    "CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange," +
    "CN=Services,CN=Configuration,DC=domain,DC=com"
$targetDatabase = $service.OpenObject("Adaxes://$targetDatabaseDN", $null, $null, 0)
$moveAction.PrimaryMailboxTargetDatabase = $targetDatabase
$action.SetAction($moveAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

# Add the set to the business rule, custom command, or scheduled task.
$obj.ConditionedActions.Add($actionSet)
C#
// The obj variable refers to a business rule, custom command, or scheduled task.

// Create a new action set.
IAdmBusinessRuleConditionedActions actionSet = 
    (IAdmBusinessRuleConditionedActions)obj.ConditionedActions.Create();
actionSet.ConditionsLogicalOperation = ADM_LOGICALOPERATION_ENUM.ADM_LOGICALOPERATION_AND;
actionSet.SetInfo();

// If City equals Miami.
IAdmBusinessRuleCondition condition =
    (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-AttributeOperatorValueCondition");
IAdmAttrOperatorValueCondition cityCondition = 
    (IAdmAttrOperatorValueCondition)condition.GetCondition();
cityCondition.AttributeName = "l"; // City
cityCondition.ComparisonOperator = ADM_COMPARISONOPERATOR_ENUM.ADM_COMPARISONOPERATOR_EQUAL;
AdsPropertyValue cityValue = new AdsPropertyValue();
cityValue.PutObjectProperty(ADSTYPEENUM.ADSTYPE_UNKNOWN, "Miami");
cityCondition.Value = cityValue;
cityCondition.CaseSensitive = false;
condition.SetCondition(cityCondition);
condition.SetInfo();
actionSet.Conditions.Add(condition);

// Mofify mailbox settings for the user: enable Archive.

IAdmBusinessRuleAction action = 
    (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-SetExchangeMailParametersAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmSetExchangeMailParametersAction exchangeAction =
    (IAdmSetExchangeMailParametersAction)action.GetAction();
AdmExchangeMailboxParameters mailboxParams = new AdmExchangeMailboxParameters();

// Enable the Archive feature.
IAdmExchangeMailboxFeature archiveFeature = mailboxParams.MailboxFeatures.Create(
    ADM_EXCHANGE_MAILBOXFEATURETYPE_ENUM.ADM_EXCHANGE_MAILBOXFEATURETYPE_ARCHIVE);
archiveFeature.Enabled = true;
mailboxParams.MailboxFeatures.Add(archiveFeature);
exchangeAction.MailParameters = mailboxParams;
action.SetAction(exchangeAction);
action.SetInfo();
actionSet.Actions.Add(action);

//  Move the Exchange mailbox of the user (Target database: Miami DB).

action = (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-MoveExchangeMailboxAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmMoveExchangeMailboxAction moveAction = (IAdmMoveExchangeMailboxAction)action.GetAction();
moveAction.Mode = ADM_MOVEMAILBOXACTION_MODE_ENUM.ADM_MOVEMAILBOXACTION_MODE_CREATEREQUEST;
const string targetDatabaseDN =
    "CN=Miami DB,CN=Databases,CN=Exchange Administrative Group," +
    "CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange," +
    "CN=Services,CN=Configuration,DC=domain,DC=com";
IAdmExchangeStorageDatabase targetDatabase =
    (IAdmExchangeStorageDatabase)service.OpenObject($"Adaxes://{targetDatabaseDN}", null, null, 0);
moveAction.PrimaryMailboxTargetDatabase = targetDatabase;
action.SetAction(moveAction);
action.SetInfo();
actionSet.Actions.Add(action);

// Add the set to the business rule, custom command, or scheduled task.
obj.ConditionedActions.Add(actionSet);

For details on how to get the DN of a mailbox database, see Get the DN of a mailbox database.

For more examples, see Performing Exchange tasks.

Example 12

Example 12

 View sample code
PowerShell
# The $obj variable refers to a business rule, custom command or scheduled task.

# Create a new action set.
$actionSet = $obj.ConditionedActions.Create()
$actionSet.ConditionsLogicalOperation = "ADM_LOGICALOPERATION_AND"
$actionSet.SetInfo()

# If located under the Distribution Lists OU
$condition = $actionSet.Conditions.CreateEx("adm-LocationCondition")
$locationCondition = $condition.GetCondition()
$locationCondition.IsOperator = "ADM_ISOPERATOR_IS"
$locationCondition.Scope = "ADS_SCOPE_SUBTREE"
$ouDN = "OU=Distribution Lists,DC=domain,DC=com"
$ou = $service.OpenObject("Adaxes://$ouDN", $null, $null, 0)
$locationCondition.Container = $ou
$condition.SetCondition($locationCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# Establish e-mail address for the group (Alias: %samAccountName%).
$action = $actionSet.Actions.CreateEx("adm-ExchangeTaskAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$mailEnableAction = $action.GetAction()
$mailEnableAction.TaskType = "ADM_EXCHANGETASKTYPE_MAILENABLE"
$mailEnableAction.MailAlias = "%samAccountName%"
$action.SetAction($mailEnableAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

# Add the set to the business rule, custom command or scheduled task.
$obj.ConditionedActions.Add($actionSet)
C#
// The obj variable refers to a business rule, custom command or scheduled task.

// Create a new action set.
IAdmBusinessRuleConditionedActions actionSet = 
    (IAdmBusinessRuleConditionedActions)obj.ConditionedActions.Create();
actionSet.ConditionsLogicalOperation = ADM_LOGICALOPERATION_ENUM.ADM_LOGICALOPERATION_AND;
actionSet.SetInfo();

// If located under the Distribution Lists OU.
IAdmBusinessRuleCondition condition =
    (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-LocationCondition");
IAdmLocationCondition locationCondition = (IAdmLocationCondition)condition.GetCondition();
locationCondition.IsOperator = ADM_ISOPERATOR_ENUM.ADM_ISOPERATOR_IS;
locationCondition.Scope = ADS_SCOPEENUM.ADS_SCOPE_SUBTREE;
const string ouDN = "OU=Distribution Lists,DC=domain,DC=com";
IADsContainer ou = (IADsContainer)service.OpenObject($"Adaxes://{ouDN}", null, null, 0);
locationCondition.Container = ou;
condition.SetCondition(locationCondition);
condition.SetInfo();
actionSet.Conditions.Add(condition);

// Establish e-mail address for the group (Alias: %samAccountName%).
IAdmBusinessRuleAction action =
    (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-ExchangeTaskAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmExchangeTaskAction mailEnableAction = (IAdmExchangeTaskAction)action.GetAction();
mailEnableAction.TaskType = ADM_EXCHANGETASKTYPE_ENUM.ADM_EXCHANGETASKTYPE_MAILENABLE;
mailEnableAction.MailAlias = "%samAccountName%";
action.SetAction(mailEnableAction);
action.SetInfo();
actionSet.Actions.Add(action);

// Add the set to the business rule, custom command or scheduled task.
obj.ConditionedActions.Add(actionSet);

Example 13

Example 13

 View sample code
PowerShell
# The $obj variable refers to a business rule, custom command or scheduled task.

# Create a new action set.
$actionSet = $obj.ConditionedActions.Create()
$actionSet.ConditionsLogicalOperation = "ADM_LOGICALOPERATION_AND"
$actionSet.SetInfo()

# If the user is licensed for Microsoft 365.
$condition = $actionSet.Conditions.CreateEx("adm-O365LicenseCondition")
$microsoft365LicenseCondition = $condition.GetCondition()
$microsoft365LicenseCondition.ConditionType = "ADM_M365ACCOUNT_CONDITION_TYPE_ISLICENSED"
$condition.SetCondition($microsoft365LicenseCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# Deactivate Microsoft 365 account of the user: 
# set Sign-in status to Blocked, revoke all licenses.
$action = $actionSet.Actions.CreateEx("adm-ModifyO365AccountAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$deactivateO356AccountAction = $action.GetAction()
$deactivateO356AccountAction.Operation = "ADM_O365ACCOUNT_OPERATION_DEACTIVATE"

# Create an instance of the AdmM365AccountProperties class.
$microsoft365Properties = 
    New-Object "Softerra.Adaxes.Adsi.CloudServices.AdmM365AccountProperties"
    
# Revoke all licenses.
$microsoft365Properties.RevokeAllLicenses = $true

# Set Sign-in status to Blocked.
$microsoft365Properties.SignInBlocked = $true

$deactivateO356AccountAction.Properties = $microsoft365Properties
$action.SetAction($deactivateO356AccountAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

#Add the set to the business rule, custom command or scheduled task.
$obj.ConditionedActions.Add($actionSet)
C#
// The obj variable refers to a business rule, custom command or scheduled task.

// Create a new action set.
IAdmBusinessRuleConditionedActions actionSet =
    (IAdmBusinessRuleConditionedActions)obj.ConditionedActions.Create();
actionSet.ConditionsLogicalOperation = ADM_LOGICALOPERATION_ENUM.ADM_LOGICALOPERATION_AND;
actionSet.SetInfo();

// If the user is licensed for Microsoft 365.
IAdmBusinessRuleCondition condition = 
    (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-O365LicenseCondition");
IAdmM365LicenseCondition microsoft365LicenseCondition =
    (IAdmM365LicenseCondition)condition.GetCondition();
microsoft365LicenseCondition.ConditionType = 
    ADM_M365ACCOUNT_CONDITION_TYPE_ENUM.ADM_M365ACCOUNT_CONDITION_TYPE_ISLICENSED;
condition.SetCondition(microsoft365LicenseCondition);
condition.SetInfo();
actionSet.Conditions.Add(condition);

// Deactivate Microsoft 365 account of the user: 
// set Sign-in status to Blocked, revoke all licenses.
IAdmBusinessRuleAction action =
    (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-ModifyO365AccountAction");
action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
IAdmModifyM365AccountAction deactivateO356AccountAction =
    (IAdmModifyM365AccountAction)action.GetAction();
deactivateO356AccountAction.Operation = 
    ADM_M365ACCOUNT_OPERATION_ENUM.ADM_M365ACCOUNT_OPERATION_DEACTIVATE;

// Create an instance of the AdmM365AccountProperties class.
IAdmM365AccountProperties microsoft365Properties = new AdmM365AccountProperties();

// Revoke all licenses.
microsoft365Properties.RevokeAllLicenses = true;

// Set Sign-in status to Blocked.
microsoft365Properties.SignInBlocked = true;

deactivateO356AccountAction.Properties = microsoft365Properties;
action.SetAction(deactivateO356AccountAction);
action.SetInfo();
actionSet.Actions.Add(action);

// Add the set to the business rule, custom command or scheduled task.
obj.ConditionedActions.Add(actionSet);

Example 14

Example 14

 View sample code
PowerShell
# The $rule variable refers to a business rule.

# Create a new action set.
$actionSet = $rule.ConditionedActions.Create()
$actionSet.ConditionsLogicalOperation = "ADM_LOGICALOPERATION_OR"
$actionSet.SetInfo()

# If Department of the member does not equal Sales
$condition = $actionSet.Conditions.CreateEx("adm-MemberAttributeOperatorValueCondition")
$departmentCondition = $condition.GetCondition()
$departmentCondition.AttributeName = "department"
$departmentCondition.ComparisonOperator = "ADM_COMPARISONOPERATOR_NOTEQUAL"
$departmentValue = New-Object "Softerra.Adaxes.Adsi.AdsPropertyValue"
$departmentValue.PutObjectProperty("ADSTYPE_UNKNOWN", "Sales")
$departmentCondition.Value = $departmentValue
$departmentCondition.CaseSensitive = $false
$condition.SetCondition($departmentCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# If the member belongs to a business unit named My unit.
$condition = $actionSet.Conditions.CreateEx("adm-MemberBusinessUnitMembershipCondition")
$businessUnitCondition = $condition.GetCondition()
$businessUnitDN = "CN=My unit,CN=business units,CN=Configuration Objects," + 
        "CN=Adaxes Configuration,CN=Adaxes"
$businessUnit = $service.OpenObject("Adaxes://$businessUnitDN", $null, $null, 0)
$businessUnitCondition.BusinessUnit = $businessUnit
$businessUnitCondition.IsOperator = "ADM_ISOPERATOR_IS"
$condition.SetCondition($businessUnitCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# If the member belongs to a group named My group.
$condition = $actionSet.Conditions.CreateEx("adm-MemberGroupMembershipCondition")
$membershipCondition = $condition.GetCondition()
$membershipCondition.IsOperator = "ADM_ISOPERATOR_IS"
$groupDN = "CN=Help Desk,OU=Groups,DC=domain,DC=com"
$group = $service.OpenObject("Adaxes://$groupDN", $null, $null, 0)
$membershipCondition.Group = $group
$condition.SetCondition($membershipCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# If the member is John Smith.
$condition = $actionSet.Conditions.CreateEx("adm-MemberSpecificObjectCondition")
$specificObjectCondition = $condition.GetCondition()
$objectReference = New-Object "Softerra.Adaxes.Adsi.AdmObjectReference"
$objectReference.ObjectDN = "CN=John Smith,CN=Users,DC=domain,DC=com"
$specificObjectCondition.IsOperator = "ADM_ISOPERATOR_IS"
$specificObjectCondition.ObjectToCompareWith = $objectReference
$condition.SetCondition($specificObjectCondition)
$condition.SetInfo()
$actionSet.Conditions.Add($condition)

# Cancel the operation.
$action = $actionSet.Actions.CreateEx("adm-CancelOperationAction")
$action.ExecutionOptions = "ADM_ACTIONEXECUTIONOPTIONS_SYNC"
$cancelAction = $action.GetAction()
$cancelAction.ReasonMessage = "My Reason"
$action.SetAction($cancelAction)
$action.SetInfo()
$actionSet.Actions.Add($action)

# Add the set to the business rule.
$rule.ConditionedActions.Add($actionSet)
C#
     // The rule variable refers to a business rule.

    // Create a new action set.
    IAdmBusinessRuleConditionedActions actionSet =
        (IAdmBusinessRuleConditionedActions)rule.ConditionedActions.Create();
    actionSet.ConditionsLogicalOperation = ADM_LOGICALOPERATION_ENUM.ADM_LOGICALOPERATION_AND;
    actionSet.SetInfo();

    // If Department of the member does not equal Sales
    IAdmBusinessRuleCondition condition =
        (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx(
            "adm-MemberAttributeOperatorValueCondition");
    IAdmAttrOperatorValueCondition departmentCondition =
        (IAdmAttrOperatorValueCondition)condition.GetCondition();
    departmentCondition.AttributeName = "department";
    departmentCondition.ComparisonOperator =
        ADM_COMPARISONOPERATOR_ENUM.ADM_COMPARISONOPERATOR_NOTEQUAL;
    AdsPropertyValue departmentValue = new AdsPropertyValue();
    departmentValue.PutObjectProperty(ADSTYPEENUM.ADSTYPE_UNKNOWN, "Sales");
    departmentCondition.Value = departmentValue;
    departmentCondition.CaseSensitive = false;
    condition.SetCondition(departmentCondition);
    condition.SetInfo();
    actionSet.Conditions.Add(condition);

    // If the member belongs to a business unit named My unit.
    IAdmBusinessRuleCondition condition =
        (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx(
            "adm-MemberBusinessUnitMembershipCondition");
    IAdmMemberBusinessUnitMembershipCondition businessUnitCondition =
        (IAdmMemberBusinessUnitMembershipCondition)condition.GetCondition();
    const string businessUnitDN = 
        "CN=My unit,CN=business units,CN=Configuration Objects,CN=Adaxes Configuration,CN=Adaxes";
    IAdmBusinessUnit businessUnit = 
        (IAdmBusinessUnit)service.OpenObject($"Adaxes://{businessUnitDN}", null, null, 0);
    businessUnitCondition.BusinessUnit = businessUnit;
    businessUnitCondition.IsOperator = ADM_ISOPERATOR_ENUM.ADM_ISOPERATOR_IS;
    condition.SetCondition(businessUnitCondition);
    condition.SetInfo();
    actionSet.Conditions.Add(condition);

    // If the member belongs to a group named My group.
    IAdmBusinessRuleCondition condition =
        (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-MemberGroupMembershipCondition");
    IAdmMemberGroupMembershipCondition membershipCondition=
        (IAdmMemberGroupMembershipCondition)condition.GetCondition();
    const string groupDN = "CN=Help Desk,OU=Groups,DC=domain,DC=com";
    IADsGroup group = (IADsGroup)service.OpenObject($"Adaxes://{groupDN}", null, null, 0);
    membershipCondition.Group = group;
    membershipCondition.IsOperator = ADM_ISOPERATOR_ENUM.ADM_ISOPERATOR_IS;
    condition.SetCondition(membershipCondition);
    condition.SetInfo();
    actionSet.Conditions.Add(condition);

    // If the member is John Smith.
    IAdmBusinessRuleCondition condition =
        (IAdmBusinessRuleCondition)actionSet.Conditions.CreateEx("adm-MemberSpecificObjectCondition");
    IAdmMemberSpecificObjectCondition specificObjectCondition =
        (IAdmMemberSpecificObjectCondition)condition.GetCondition();
    AdmObjectReference objReference = new AdmObjectReference();
    objReference.ObjectDN = "CN=John Smith,CN=Users,DC=domain,DC=com";
    specificObjectCondition.ObjectToCompareWith = objReference;
    specificObjectCondition.IsOperator = ADM_ISOPERATOR_ENUM.ADM_ISOPERATOR_IS;
    condition.SetCondition(specificObjectCondition);
    condition.SetInfo();
    actionSet.Conditions.Add(condition);

    // Cancel the operation.
    IAdmBusinessRuleAction action =
        (IAdmBusinessRuleAction)actionSet.Actions.CreateEx("adm-CancelOperationAction");
    action.ExecutionOptions = ADM_ACTIONEXECUTIONOPTIONS_ENUM.ADM_ACTIONEXECUTIONOPTIONS_SYNC;
    IAdmCancelOperationAction cancelAction = (IAdmCancelOperationAction)action.GetAction();
    cancelAction.ReasonMessage = "My Reason";
    action.SetAction(cancelAction);
    action.SetInfo();
    actionSet.Actions.Add(action);

    // Add the set to the business rule.
    rule.ConditionedActions.Add(actionSet);

See also