• Powershell code to add a user temporarily to an AD group

    Hi all

    I'm working on a workflow to add a user to an AD Group with an End date. In my case 24 hours later.

    I have found the powershell code how to do it but it is not functioning as I expected.

    If I add the user to the group and then add a removal…

  • Delete Email

    Hello All, I have a need to user Active Roles cmdlets to script the mailbox disablement of DL's and Users. I have the user one but not sure what to use for Groups.

    User Mailbox disablement: (This works)

    Set-QADUser -Identity $userObj -Proxy -ObjectAttributes…

  • Error: Could not load 'System.IdentityModel.Tokens.JwtSecurityToken' when Connecting to MsOnline Session in Active Roles

    Hello Everyone,

    I am encountering an issue when trying to connect to an MsOnline session using the Connect-MsolService cmdlet within Active Roles.
    If I run the following command separately in a standard PowerShell session, it works as expected:

    Connect…

  • Updating user attribute from workflow using script lookup

    Hi

    I'm trying to get a workflow to run which will update extensionAttribute7 of a user object when it's been added to a group based on the job title.

    e.g. Joe Bloggs gets added to the group, his titlle is IT, EA7 needs to be set to "03452"…

  • Help Needed: Exporting List of All Managed Units

    Hi everyone,

    I'm looking for some assistance with exporting a list of all managed units in One Identity Active Roles. Specifically, I'm hoping to export a detailed list that includes the Path, Name, Filters, and Descriptions for each managed unit…

  • Hiding function names in the "Function To Run" dropdown in an Automation Workflow

    I found something interesting that I wanted to share.

    I was writing a script module and, using good coding practices, I broke it out into several functions.

    This worked, and was fine, but when I went to configure it in an Active Roles Automation Workflow…

  • Restricting the type of object being added to a group

    I'm trying to write a onPreModify script that restricts the type of objects being added to certain groups. I don't want contact entries in certain groups.

    I've used the functions available here:  PowerShell Library Source Code

    I test is the…

  • How do I set the edsvaProtectFromDeletion attribute to true using PowerShell

    How do I set the edsvaProtectFromDeletion attribute to true using PowerShell?

    For example, setting "OU=TEST,OU=Servers,DC=domain,DC=local", I have tried: 

    1. Set-QadObject -Identity "OU=TEST,OU=Servers,DC=domain,DC=local" -ObjectAttributes…

  • Pass OperationReason control to a workflow when triggered from a PS script?

    Hello, we are triggering an on-demand workflow from a Powershell script using Set-QADObject but we need to record the request reference number as the OperationReason in the workflows activity operation so if someone checks the users change history the…

  • Help in creating dynamic group using powershell using Include group members

    Does anyone have an example of a PowerShell script of creating a dynamic group based upon the "Include by group membership" & "Include Explicit" rules? I'm able to setup groups using the Include by query rule.

    FYI, I tried…

  • Query regarding script to recheck attribute using a workflow

    Hi everyone

    I'm hoping for some assistance with a script I'm working on.  I have a script that checks for a user having an Office licence which then sets a custom attribute edsvaRemoteMailboxCreation to true, which triggers another workflow to…

  • onPostModify Is there a way to retrieve a list of all attributes that were NOT modified?

    When I modify a user object, I want my script to do certain validations.. to set my AD account category (virtual attribute). Account categorization is set according to certain attribute values (let's say Givenname, title and department).

    On PreModify…

  • How do I query for AD groups which were created or updated yesterday?

    Hi,

    I'm trying to work out how I can query/filter AD groups which were created or updated yesterday? The below works as intended for created groups but I can't find anything that allows me to query for updated date? The below is part of a larger script…

  • How to check if an account is licenced after backsync following update to 8.1.3

    Hi,

    I've recently updated to 8.1.3 and I'm having trouble with one of the custom scripts since it uses a newer version of powershell.  We have a hybrid setup and when we create users we aren't creating a mailbox.  Instead Exchange online is…

  • Howto: Prefill an attribute value based on another attribute (prior to clicking on [Apply])

    When creating/editing a user object in Active Roles, I would like to be able to generate (let's say) the PhysicalDeliveryOfficeName attribute according to the value entered in the Description attribute. I don't want this to occur AFTER I click on [Apply…

  • Can't Access Saved Object Properties from Script / Counter Returns Empty

    Hi,

    We're trying to create a workflow that counts every time a user enables or disables another user every day (workflow trigger is the modifivation of edsaAccountIsDisabled). (the counter resets every day.) If the counter reaches 20, the action requires…

  • Use workflow script to modify Azure attribute of removed member (disabling)

    Good morning

    I am a beginner in ARS Workflows....

    I have a use case where an account which is synched from AD on-Premise to Azure is disabled on premise and must be immediately disabled on Azure without waiting for next the AAD synch run.

    i know how to…

  • Can Active Roles take advantage of PowerShell version 7?

    I was writing some code and it worked fine on my desktop. However, when I imported it into active roles, there were portions not functioning appropriately.

    Turns out I was testing my code in PowerShell 7. As far as I can tell, Active Roles uses version…

  • Can Active Roles perform WMI queries

    Hi,

    I'm working on a way to filter devices based on their type (laptop, tablet, desktop) to move them into a corresponding OU.  I've done this before using the parent OU or name but in my new situation all devices will be in one big OU to start so…

  • Group Owner lookup tool

    I have form that I am using with an attribute that is a DN syntax for Group Owner lookup. The user can go into the search tool for DN syntax attributes and search for objects.

    The form type is a new object with class of Group. So far it's the only way…

  • Remove a list users from a list of groups

    Hey everyone, 
    I am new to the community and new to Active Roles. 
    I have been able to create a couple of scripts for bulk add/remove users and groups, but am having issues with creating a script to launch that will remove a list of users (CSV) from a list…

  • Synchronization service powershell write to datetime attribute error

    Hello,

    I have been trying to script getting a datetime from MS Graph and output this to a virtual attribute (configured as general time) in Active Roles, but every time I receive the same error, no matter what I do:

    "The string was not recognized as…

  • Get Users of Dynamic Groups

    I have a dynamic group called F_AllManagers. It is made up of multiple dynamic groups. I need to get a list of the actual users from the multiple dynamic groups that make up the F_AllManagers. How can this be done in Quest Powershell?

  • workflow trigger not an Active Roles operation

    Hi,

    I'm using Active Roles 7.5 and I'm looking for assistance on creating a workflow (on demand or automated) where the trigger isn't initiated within an Active Roles operation.  We have our computers sorted into Operating system and type…

  • Exchange Online Management module not loading in Active Roles

    I'm unable to connect to Exchange Online Management module from the Active roles.

    I've used 'O365 script execution configuration' in the Active Roles Workflow.

    Do let me know if you need more information around this.

    Thanks,