• State Verified Answer
  • Replies 15 replies
  • Subscribers 62 subscribers
  • Views 1447 views
  • Users 0 members are here
Options
Related

Create AD account specific OU

craig mcfarlane
6 months ago

Hi, 

Under customization / Organisation Unit i have created a new form for a creating new users. This form is specifically for Service Accounts. 

I have also created some Policies for setting samaccountname , First Name , Last Name etc that i have assigned to the OU where the accounts would in the end up living. 

My question is. Is it possible that when i open this new form no matter what OU i am in that it knows to create the account in the OU that i want it to end up in and also apply the policies assigned? Right now in order to have the policies applied i have to start the new user creation process in that OU. 

I did think about a managed unit but i guess that also needs the account to have been created first 

Thanks in advance 

Parents
  • +1 6 months ago

    The way I have handled this in the past is to assign my custom form an identifier of some kind which you can configure into the advanced properties.  That identifier is passed with the $Request payload as a Control which you can read back from a policy script (OnPreCreateHandler) via $Request.GetInControl.  If the $Request is seen to be coming from your special form, your policy script can re-direct the object creation by assigning a new parent container by way of $Request.ChangeParentDN($MyNewContainer)

  • 0 6 months ago in reply to JohnnyQuest

    Thanks Johnny. I like the sound of this but i may need a bit more info in how to archive this. Are there any examples?

    Am i looking in the right place under Extended Controls? If so can the control name be anything i like? What would a suitable control value be for this?

  • 0 6 months ago in reply to craig mcfarlane 

    function OnPreCreate ($Request)
{

If ($Request.class -ne 'User'){Return}

# 'SVCACCTFORM' is a sample identifier set on the advanced properties of the form
# as the contents of the USERFORMTYPE control

Try
{

# USERFORMTYPE is an arbitrary name for the control - name can be pretty much anything as long
# as it doesn't conflict with an existing built-in Control

$CreationForm = $Request.GetInControl("USERFORMTYPE") # USERFORMTYPE is an arbitrary name for the control
}
Catch
{} # Need this in case there is no control - code aborts when you try to fetch an empty Control

# Quit if we didn't receive a control

If (!$CreationForm){return}

$MyNewContainer = "OU=Service_Accounts,DC=MyDomain,DC=Com"

# Redirect the request to where we want the service account created

$Request.ChangeParentDN($MyNewContainer)


}

  • 0 6 months ago in reply to JohnnyQuest

    Thanks Johnny. Going to go over this now. really appreciate your help

  • 0 6 months ago in reply to craig mcfarlane

    Hi. Just trying to understand this. 

    Is  USERFORMTYPE the Extended Control Name? Am i missing something in the above script for grabbing the Value?

    Just as an example my Control name is ServiceAccount and the Control Value is NewServiceAccount

Reply Children