• State Verified Answer
  • Replies 2 replies
  • Subscribers 94 subscribers
  • Views 471 views
  • Users 0 members are here
Options
Related

Assign Full Control of Computer to Active Directory user Account to make a rejoin.

Enrico Baffa
over 1 year ago

Hi,

I have a request from customer about the possibility to give Full Control Permissions over an Active Directory Computer through One Identity Manager 8.1.5, maybe through request on ITSHOP.


The reason is about having the permissions to make a rejoin of a Computer to the Domain. To make a rejoin, full Control permission over the computer is necessary. So they want to let the user request the full control permission with a request.

Is this possible with One Identity Manager. 8.1.5 with some standard functionality?

One possible custom solution i was thinking about is using poweshell script run by a One Identity Manager process, that gives the user account permissions over the computer object. Process would be triggered by the approval workflow of a request related to this specific operation. 

Hope you can give any advice. 

Thank You,

Enrico. 

  • +1 over 1 year ago

    New process on PWO with a powershell would work.

    Only problem is selecting a Computer. That could be selected in a request property an this also gives You option to do some filtering on which Computers will be displayed in dropdown.

  • 0 over 1 year ago in reply to Denis.Mekinda

    Hi Denis, 

    thank you for your advice. 

    I was thinking about the same solution. We have all AD computer objects synchronized in One IM for other purposes, so we can create a foreign Key on Personwantsorg and use it as a Request property of a let's say 'Get Rejoin Permissions' Service Item on SHOP. We would, then,  trigger a custom event to generate a custom process running a poweshell Script with specific parameters. 

     Enrico.