Script repository
The script cancels the operation if another user with the same Full Name already exists in your Active Directory domain. To execute the script, create a business rule triggering Before creating a user or Before updating a user. The script returns different error texts for users located in the specified OU and other users.
To use the script, install the Adaxes PowerShell module on the computer where the service runs.
Parameters
$errorText- the text for the error message that is displayed if a user with the same Full Name is found outside the OU containing deprovisioned users.$userDeprovisionedErrorText- the text for the error message that is displayed if a user with the same Full Name is found in the OU containing deprovisioned users.$deprovisionedOuDN- the distinguished name (DN) of the Organizational Unit storing deprovisioned users. For information on how to get the DN of a directory object, see Get the DN of a directory object.
$errorTextTemplate = "User with full name {0} already exists! Specify a different full name." # TODO: modify me
$userDeprovisionedErrorTextTempalte = "User with full name {0} already exists and was deprovisioned. Enable the deprovisioned user account or specify a different full name." # TODO: modify me
$deprovisionedOuDN = "OU=Decommissioned Accounts,DC=example,DC=com" # TODO: modify me
# Get user Full Name.
$fullName = $Context.GetModifiedPropertyValue("cn")
$user = Get-AdmUser -Filter 'Name -eq $fullName'
if ($NULL -ne $user)
{
$deprovisionedOu = New-Object "Softerra.Adaxes.LDAP.DN" $deprovisionedOuDN
$userDN = New-Object "Softerra.Adaxes.LDAP.DN" $user.DistinguishedName
if ($userDN.IsDescendantOf($deprovisionedOuDN))
{
userDeprovisionedErrorText = [System.String]::Format($userDeprovisionedErrorTextTempalte, $fullName)
$Context.Cancel($userDeprovisionedErrorText)
return
}
else
{
$errorText = [System.String]::Format($errorTextTemplate, $fullName)
$Context.Cancel($errorText)
return
}
}
Comments 0
You must be signed in to comment.