• Products
    • View all products
    • Free trials
  • Solutions
    • All Solutions
    • All Integrations
  • Resources
    • All Resources
    • Learning Hub
  • Trials
  • Support
    • Support Home
    • By Product
      • All Products
      • Active Roles
      • Authentication Services
      • Cloud Access Manager
      • Defender
      • Identity Manager
      • Password Manager
      • Safeguard
      • Starling Identity Analytics & Risk Intelligence
      • Starling Two-Factor Authentication
      • TPAM Appliance
    • Contact Support
      • Overview
      • Customer Service
      • Licensing Assistance
      • Renewal Assistance
      • Technical Support
    • Download Software
    • Knowledge Base
    • My Account
      • My Products
      • My Service Requests
      • My Licenses
      • My Groups
      • My Profile
    • Policies & Procedures
    • Professional Services
    • Technical Documentation
    • One Identity University
    • User Forums
    • Video Tutorials
  • Partners
    • Overview
    • Partner Circle Log In
    • Become a Partner
    • Find a Partner
    • Partner Community
  • Communities
    • Home
    • Blogs
      • Blogs A to Z
      • One Identity Community
      • AD Account Lifecycle Management
      • Cloud
      • Identity Governance & Administration
      • Privileged Access Management
      • syslog-ng Community
    • Forums
      • All Product Forums
      • Active Roles
      • Identity Manager
      • Password Manager
      • Safeguard
      • Unix Access Management
    • Social Networks
      • Facebook
      • LinkedIn
      • Twitter
      • YouTube
One Identity Community
One Identity Community
  • Site
  • User
  • Site
  • Search
  • User
Active Roles Community
Active Roles Community
Wiki Notify member upon expiration of his membership in group
  • Forum
  • Ideas
  • Wiki
  • More
  • Cancel
  • New
  • -Active Roles Script Center
    • +Active Roles Script Policy Best Practices
    • Active Roles SDK
    • +C#
    • +JavaScript
    • +PowerShell
    • -VBScript
      • VBScript Library source code
      • -VBScript samples
        • A Managed Unit with users which have not logged on for last 90 days
        • Adjust the case of usernames to title case (first letter of each part of the name)
        • Advanced group creation/provision
        • Advanced shared folder creation
        • Bulk policy incompliance fixing
        • Check unique value of an attribute
        • +Computer management
        • +Exchange management
        • Function that converts regular date into integer8 format
        • Get effective policy info list
        • -Group management
          • Convert a normal group to a dynamic group - Option 1
          • Convert a normal group to a dynamic group - Option 2
          • Create Group Membership AutoProvisioning policy
          • How to convert Query-based Distribution Group to Active Roles Dynamic Group
          • Notify member upon expiration of his membership in group
          • Script Policy to check group members when they are added to or removed from a group
          • Set Group Ownership upon any Modification
        • How to find a request source in script policy
        • How to send emails based on scripts policy parameters and Virtual Attribute values
        • +Permissions Management
        • Policy incompliance reporting & fixing for specified policy
        • Populate values from a SQL database to an AD Attribute
        • Prevent copying an attribute on user copy
        • Prohibite a permission propagation to AD
        • Prohibite an AD native security editing
        • Read large integer date attributes and display them in date and time readable format
        • Read XML Node text or attribute value
        • Read XML Node with Children into DictionaryObject
        • Standalone script that requests built-in password generation policy
        • +User management
        • Validate moving operations
        • +VBScript: Approval

You are currently reviewing an older revision of this page.

  • History View current version

Notify member upon expiration of his membership in group

Back to Group management

DESCRIPTION

This script policy demonstrates how to notify a temporal member of a group about his membership expiration and removal from a group. This script policy is intended to be used with temporal group membership feature introduced in ARS 6.1.


Note This code may use functions from the ARS Script Policy Best Practices. Please, follow the link to obtain instructions and code for those functions.


SCRIPT

'*********************************************************************************

' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,

' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED

' WARRANTIES OF MERCHANTBILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.

'

' IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,

' PLEASE CONTACT QUEST PROFESSIONAL SERVICES.

'*********************************************************************************

'

' This code is published on the ActiveRoles Script Center:

' http://communities.quest.com/docs/DOC-9991

'

' This code may use functions from the ARS Script Policy Best Practices:

' http://communities.quest.com/docs/DOC-10016

'

' Please, follow the link to obtain instructions and code for those functions.

'*********************************************************************************

Option Explicit

' To distinguish between member removal performed manually, and automatic reval upon

' expiration the script checks for request initiator name. Thus, the script needs

' to know the ARS Service account name, in form <DOMAIN>\<Logon name>

Const c_strARSServiceAccount = "QUEST\SRV.Quest.ARS"

'===========================================================================

' Execute Request

'===========================================================================

Sub onPreModify(Request)

'Optimization: check that group object is being updated

If Not IsObjectClassRequested ("group", Request) Then Exit Sub

'Optimization: check that attribute member is being updated for a group object

If Not IsAttributeModified ("member", Request) Then Exit Sub

'Validate the originator of even

If Not( LCase(Security.Sessions.Current.UserName) = LCase(c_strARSServiceAccount)) Then Exit Sub

'Retrieve the GroupName

Dim strGroupName

strGroupName = GetAttribute ("name", DirObj)

'Configure message and send options

strCmdMailCC = "GG-ARSAdmins@quest.demo"

strCmdMailFrom = "ActiveRolesServer@quest.demo"

constSmtpPort = 25

constSmtpServer = "quest-apl1.quest.demo"

strCmdSubject = "End of temporal Group Membership in group: " & strGroupName

'Go through properties being updated Until member attribute found

For i=0 To Request.PropertyCount-1

Set item = Request.Item(i)

If item.Name = "member" Then

If item.ControlCode = ADS_PROPERTY_DELETE Then

For Each v In item.Values

strDN = v.DNString

' strDN is a DN of a member being removed from a group

' Send an email to the removed user

Set objUser = GetObject("EDMS://" & strDN)

objUser.GetInfo

strRecipient = objUser.Get("mail")

' set remaining mail data and call mail subroutine

strCmdMsgText = "According to the configuration, your account will be removed from the group " & strGroupName & "." & vbCRLF

strCmdMsgText = strCmdMsgText & "Please contact the Help Desk if this action is in error." & vbCRLF & vbCRLF

strCmdMailTo = strRecipient

ITT_SendMail strCmdMsgText, strCmdSubject, strCmdMailTo, strCmdMailCC, strCmdMailFrom, constSmtpServer, constSmtpPort

Next

End If

End If

Next

End Sub

Sub ITT_SendMail(ByVal strCmdMsgText, ByVal strCmdSubject, ByVal strCmdMailTo, ByVal strCmdMailCC, ByVal strCmdMailFrom, constSmtpServer, constSmtpPort)

' Specify that the message will be sent using the network

' (SMTP over the network).

Const CdoSendUsingPort = 2

Set iMsg = CreateObject("CDO.Message")

With iMsg

.From = strCmdMailFrom

.To = strCmdMailTo

.CC = strCmdMailCC

.Subject = strCmdSubject

End With

Set iBp = iMsg.BodyPart

iBp.ContentMediaType = "text/plain"

Set iBp2 = iBp.AddBodyPart

With iBp2

.ContentMediaType = "text/plain"

.ContentTransferEncoding = "7bit"

Set Stm = .GetDecodedContentStream

Stm.WriteText strCmdMsgText

Stm.Flush

End With

' Configure message

Set iConf = CreateObject("CDO.Configuration")

Set Flds = iConf.Fields

Flds("http://schemas.microsoft.com/cdo/configuration/sendusing") = CdoSendUsingPort

Flds("http://schemas.microsoft.com/cdo/configuration/smtpserver") = constSmtpServer

Flds("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = constSmtpPort

Flds.Update

Set iMsg.Configuration = iConf

' Send message

iMsg.Send

End Sub

'***** END OF CODE ***************************************************************

COMPATIBILITY

Script compatible with the following version(s): <Not specified>

Back to Group management

  • Company
    • About Us
    • Buy
    • Careers
    • Contact Us
    • News
  • Resources
    • Blogs
    • Customer Stories
    • Documents
    • Events
    • Videos
  • Support
    • Professional Services
    • Renew Support
    • Technical Support
    • One Identity University
    • Support Service
  • Social Networks
    • Facebook
    • Instagram
    • LinkedIn
    • Twitter
    • YouTube
  • © 2025 One Identity LLC. ALL RIGHTS RESERVED.
  • Legal
  • Terms of Use
  • Privacy
  • Community Feedback & Support
  • Cookie Preference Center