New workflow add user to group , trigger script, get user and group

Hi Guys

Firstly let me start by saying im pretty new to Active Roles.

I have a workflow which starts based on a member(s) being added to an AD group.

I want to use a event handler script to get both the user and group properties. Currently if I use a "onPostModify($request)" , all I can see to get is the group from Active Directory.

Any help would be greatly appreciated.



  • Hi Nick

    The Active Roles SDK is a really good source of information, the below attached script is based on the entry on "IADsPropertyList". Note that this script is for reference, not for production use.

    function PostModify($Request)
        $str += [System.Environment]::NewLine + "Property values modified in the directory object" + [System.Environment]::NewLine
        $str += "Object DN: " + $Request.Name + [System.Environment]::NewLine
        $str += "Object type: " + $Request.Class + [System.Environment]::NewLine + [System.Environment]::NewLine
        # ---- Retrieve properties from in-process data -----
        for($i = 0; $i -lt $Request.PropertyCount; $i++)
            $item = $Request.Item($i)
            $str += "Property name: $($item.Name)`n"
            if($ -eq "member")
                $Operation = $item.ControlCode
                if(($Operation -eq $Constants.ADS_PROPERTY_DELETE) -or ($Operation -eq $Constants.ADS_PROPERTY_CLEAR))
                    $Op = "Remove"
                    $Op = "Add"
                $str += "`tAction name: $($Op)`n"
            $str += "`tProperty value(s): `n"
            # ----- Retrieve Property values -----
            foreach($value in $item.Values)
                    $Constants.DSTYPE_DN_STRING {$str += "`t`t" + [string]$value + "`n"}
                    $Constants.ADSTYPE_CASE_EXACT_STRING {$str += "`t`t" + [string]$value + "`n"}
                    $Constants.ADSTYPE_CASE_IGNORE_STRING {$str += "`t`t" + [string]$value + "`n"}
                    $Constants.ADSTYPE_PRINTABLE_STRING {$str += "`t`t" + [string]$value + "`n"}
                    $Constants.ADSTYPE_NUMERIC_STRING {$str += "`t`t" + [string]$value + "`n"}
                    $Constants.ADSTYPE_BOOLEAN {$str += "`t`t" + [string]$value + "`n"}
                    $Constants.ADSTYPE_INTEGER {$str += "`t`t" + [string]$value + "`n"}
            $str += [System.Environment]::NewLine
        # ----- Write output into log file ----
        [System.IO.File]::AppendAllText("c:\EDMLog.txt", $str)

    With the above script if I add a user to a group, it will output a file (in this case c:\EDMLog.txt) which will detail the actions that are occurring in the "Request"

    or if I remove a group member

    Or for an add and a remove in the same "Operation"

    Or adding or removing multiple objects in a single request

    The main part that needs to be understood here is when scripting their are two objects $Request and $DirObj, with the quick summary being:

    $Request is the current in process object, it contains only the properties being changed

    $DirObj is the directory object, which is generally the object before the operation occurs

    If you have a specific use case, let use know.

  • I can't recall if this is still part of the SDK but this library of functions makes it much easier to deconstruct a $Request.