Run PowerShell script after creating a user
With the help of Adaxes, it is possible to automatically execute a script before or after an operation is performed in your directory. In this tutorial, you will learn how to run a PowerShell script after a new user account is created.
To automatically perform actions when a certain event takes place, you need to use business rules. Adaxes provides a built-in business rule named After user creation, which is triggered after a new user is created. Let's modify this rule so it also executes a PowerShell script.
-
Launch Adaxes Administration console.
How {id=collapse1}
-
On the computer where Adaxes Administration console is installed, open Windows Start menu.
-
Click Adaxes Administration Console.
-
-
Expand Adaxes service \ Configuration \ Business Rules \ Builtin and select After user creation.
For details on how to configure and activate the business rule, see Automate user provisioning.
Alternatively, you can create a separate business rule that will execute a script upon user account creation.
How {id=how_to_create_business_rule}
-
In Adaxes Administration console, right-click your Adaxes service, point to New and click Business Rule.
-
Enter a name for the new business rule and click Next.
-
On the Triggering Operation step, select User.
-
Select After and then select creating a user.
-
Click Next and follow instructions of the wizard.
-
-
To add a Run a program or PowerShell script action to the business rule:
-
Click Add new action set.
-
Right-click Do nothing and then click Add Action in the context menu.
-
In the Add Action dialog, select the Run a program or PowerShell script action.
-
Click the Edit button to open the script editor.
For information on how to write scripts for business rules, see Server-side scripting.
-
By default, the credentials of the Adaxes service account are used to run the script. Optionally, specify alternative credentials in the Run as section.
The Run as credentials are used for outbound network connections only. For example, the credentials are used when you connect to a network share or MS SQL database, or when you create a remote PowerShell session using the New-PSSession cmdlet. For non-network operations and operations on directory objects, the credentials of the Adaxes service account are always used.
You can get the credentials in your script using the $Context.RunAs property:
$username = $Context.RunAs.UserName $password = ConvertTo-SecureString $Context.RunAs.Password -AsPlainText -Force
-
If the script takes a long time to run, it is recommended to execute it asynchronously. To do it, select the Execute asynchronously checkbox.
If the option is selected, the business rule will not wait until the script is finished, and as a result, users will not wait long until the operation completes. Take into account that if an error occurs during asynchronous execution of a script, it will not be displayed in the Execution Log of the operation.
-
Click the button to provide a custom description for the action.
-
When done, click OK.
-
-
Optionally, you may want the business rule to run the script only if certain conditions are met. To assign a condition, right-click the action and then click Add Condition in the context menu.
In the following example, the script is executed on the condition that the Employee Type property of the new user account equals Subcontractor.
-
Click Save changes.
Business rules trigger only for operations performed via Adaxes. To handle changes made outside of Adaxes, you can use scheduled tasks.