• State Not Answered
  • Replies 1 reply
  • Subscribers 62 subscribers
  • Views 1238 views
  • Users 0 members are here
Options
Related

Is it possible to make an attribute(s) required based on choices made during object creation?

Nap
over 4 years ago

Here's the scenario:  Group Creation.

During the creation of a group, check if the group type is a distribution group.  If yes, then require the entry of an email address and Display Name.  If it's a security group, then continue to follow the standard creation process without the requirement for the entry of those attributes.

Implementing this via an administration policy to require entry of the those attributes would work and apply to both security and distribution groups, however, I only want to require entry only if they select the distribution group radio button.  Not sure how to go about this or if it's even possible to force the entry of an attribute based on what happens in a previous step of the creation process.

Any input is appreciated.

  • 0 over 4 years ago

    You could probably be solved with some scripting and web customizations, if the web interface is used in your environment.

    If you aren't familiar with Active Roles scripting, here is a sample script to help get you going working with the Display Name. Please refer to the SDK folder where Active Roles is installed for additional information on the scripting capabilities of Active Roles. You can also refer to the Active Roles Web Interface Administrators guide for information on adding entries to the WI, specifically the section titled "Adding an entry to a form". This would be needed to add the Display Name and Email address attributes to the WI, since they are not displayed by default.

    Create a new Script Module in Active Roles using the sample code below and then add a Script Execution entry to a Provisioning Policy that is linked to the OU(s) where the groups are being provisioned to. The script checks if a Distribution Group is selected and if so, then checks if a value has been entered into the Display Name field and if not, it displays an error back to the user that is trying to create the Distribution Group. If the Group Type is not a Distribution Group, then it will proceed as normal and not require the Display Name to be populated, although it can be populated if desired, it just won't be required.

    function onGetEffectivePolicy($Request)
{
    # Only run this script for group objects
    if ($Request.Class -ne 'group') {return}
    
    $InterestingRequestType = [string]($Request.Parameter('InterestingRequestType'))

    # Check if group is being provisioned
    if ($InterestingRequestType -ne $Constants.EDST_REQ_CREATE) {return}    

    # Set the displayName to be a required attribute, this will display the attribute in the MMC
    $Request.SetEffectivePolicyInfo("displayName", $Constants.EDS_EPI_UI_VALUE_REQURIED, 1)
}

function onCheckPropertyValues($Request)
{
    # Only run this script for group objects
    if ($Request.Class -ne 'group') {return}
    
    $InterestingRequestType = [string]($Request.Parameter('InterestingRequestType'))

    # Check if group is being provisioned
    if ($InterestingRequestType -ne $Constants.EDST_REQ_CREATE) {return}
    
    # Get the selected value for GroupType from the Request object
    $numGroupType = $Request.Get('groupType')

    # Get the value entered for displayName
    $dispname = $Request.Get('displayName')
    
    # Check the group type, distribution groups have values of 2, 4, 8 depending on group scope
    if ($numGroupType -gt 0)
    {
        # Get value entered for displayname
        if ($dispname -eq $null)
        {
            # If distribution group selected and no value entered for displayName, display an error
            $Request.SetPolicyComplianceInfo("displayName", $Constants.EDS_POLICY_COMPLIANCE_ERROR, "A Display Name value must be specified for Distribution Groups.")
        }
    }
}