• State Not Answered
  • Replies 3 replies
  • Subscribers 62 subscribers
  • Views 1644 views
  • Users 0 members are here
Options
Related

New workflow add user to group , trigger script, get user and group

nick.thompson_750
over 1 year ago

Hi Guys

Firstly let me start by saying im pretty new to Active Roles.

I have a workflow which starts based on a member(s) being added to an AD group.

I want to use a event handler script to get both the user and group properties. Currently if I use a "onPostModify($request)" , all I can see to get is the group from Active Directory.

Any help would be greatly appreciated.

Thanks

Nick

  • 0 over 1 year ago

    Hi Nick

    The Active Roles SDK is a really good source of information, the below attached script is based on the entry on "IADsPropertyList". Note that this script is for reference, not for production use.

    function PostModify($Request)
{
    $str += [System.Environment]::NewLine + "Property values modified in the directory object" + [System.Environment]::NewLine
    $str += "Object DN: " + $Request.Name + [System.Environment]::NewLine
    $str += "Object type: " + $Request.Class + [System.Environment]::NewLine + [System.Environment]::NewLine
    
    # ---- Retrieve properties from in-process data -----
    for($i = 0; $i -lt $Request.PropertyCount; $i++)
    {
        $item = $Request.Item($i)
        
        $str += "Property name: $($item.Name)`n"

        if($Item.name -eq "member")
        {
            $Operation = $item.ControlCode
        
            if(($Operation -eq $Constants.ADS_PROPERTY_DELETE) -or ($Operation -eq $Constants.ADS_PROPERTY_CLEAR))
            {
                $Op = "Remove"
            }
            else
            {
                $Op = "Add"
            }
            
            $str += "`tAction name: $($Op)`n"
        }
        
        
               
        $str += "`tProperty value(s): `n"
        
        # ----- Retrieve Property values -----
        foreach($value in $item.Values)
        {
            switch($value.Type)
            {
                $Constants.DSTYPE_DN_STRING {$str += "`t`t" + [string]$value + "`n"}
                $Constants.ADSTYPE_CASE_EXACT_STRING {$str += "`t`t" + [string]$value + "`n"}
                $Constants.ADSTYPE_CASE_IGNORE_STRING {$str += "`t`t" + [string]$value + "`n"}
                $Constants.ADSTYPE_PRINTABLE_STRING {$str += "`t`t" + [string]$value + "`n"}
                $Constants.ADSTYPE_NUMERIC_STRING {$str += "`t`t" + [string]$value + "`n"}
                $Constants.ADSTYPE_BOOLEAN {$str += "`t`t" + [string]$value + "`n"}
                $Constants.ADSTYPE_INTEGER {$str += "`t`t" + [string]$value + "`n"}
            }
        }
        
        $str += [System.Environment]::NewLine
    }

    # ----- Write output into log file ----
    [System.IO.File]::AppendAllText("c:\EDMLog.txt", $str)
 
}

    With the above script if I add a user to a group, it will output a file (in this case c:\EDMLog.txt) which will detail the actions that are occurring in the "Request"

    or if I remove a group member

    Or for an add and a remove in the same "Operation"

    Or adding or removing multiple objects in a single request

    The main part that needs to be understood here is when scripting their are two objects $Request and $DirObj, with the quick summary being:

    $Request is the current in process object, it contains only the properties being changed

    $DirObj is the directory object, which is generally the object before the operation occurs

    If you have a specific use case, let use know.

  • 0 over 1 year ago

    I can't recall if this is still part of the SDK but this library of functions makes it much easier to deconstruct a $Request.