-
Title
How-to: Automate population of virtual attribute based upon streetAddress for Group Family -
Description
This article demonstrates how to customize ActiveRoles Server with two PowerShell scripts that perform the following actions:
* One script runs every day or twice a day which scans the 'streetaddress' attribute of a user, strips out the illegal characters such as comma, forward & reverse slash and places the modified value into a virtual attribute named 'edsvastreetAddress'
* Larger script enforces the creation of users and ensures that when created, if the 'streetAddress' is populated, also removes the illegal characters and places it into a virtual attribute such as 'edsvastreetAddress'
* Group Family is created based upon the users 'edsvastreetAddress' attribute, which is virtual and stored in SQL. Because addresses can sometimes have illegal characters such as commas, forward & reverse slashes, it needs to be removed before the Group Family can successfully create group families.
-
Cause
This is by design. An enhancement request (TF00674156) has been created detailing the feature: As an administrator, include option in the Group Family’s settings to replace the illegal characters with underscore.The product team will evaluate the request and this feature may become available on a future release of the product.
-
Resolution
WORKAROUND
Please note: All scripts included in this solution were not run through any Quality Assurances. They are provided without warranty or support. Use with caution and implement in a test environment before moving to any production system. This solution was tested against ActiveRoles Server 7.0.3.
HOW TO IMPLEMENT:
Create the virtual attribute1. Create a virtual attribute in activeRoles Server. From the ARS MMC Console | Server Configuration | Virtual Attributes | New Virtual Attribute
2. For common name use: edsvastreetAddress
3. For LDAP display name use: edsvastreetAddress, click next
4. Syntax: directory string, then choose next.
5. Select User class, then next
6. Choose to store virtual attributes in ARS DB
7. Reconnect to the ARS MMC console to have this attribute visible on users.Create the Managed Unit* All users who have the 'streetAddress' attribute populated
* edsvastreetAddress Not present
* useraccountcontrol Is not 514 (disabled users)Create the script module1. ARS MMC Console | Configuration | Script Modules | New Script Module
2. Assign name 'Hourly edsvastreetAddress update' and click NEXT (script language should be 'Powershell')
3. Choose 'Scheduled task script', next, then finish
4. Edit the newly created script and paste this in:Get-QADUser -LDAPFilter '(streetAddress=*)' -SearchRoot 'CN=All users who do not have edsvastreetAddress set,CN=Managed Units,CN=Configuration' | %{Set-QADUser $_ -ObjectAttributes @{'edsvaStreetAddress'=$_.streetAddress.Replace('\','_').Replace('/','_').Replace(',','_')}}Important: You MUST change the SearchRoot path to match the distinguished name of the Managed Unit you created.5. Save the script.Create Hourly Scheduled Task1. Configuration | Server Configuration | Scheduled Tasks | New Scheduled Task
2. Give name such as 'Hourly streetaddress' and select HOURLY (or every 24 hours, depending on how often you want this updated).
3. Accept default start time, choose NEXT
4. Choose 'Stop task if runs more than: 1 hour'
5. Select the script module you just created, then NEXT and FINISH.Create second script policy1. Under 'Script Modules' choose 'New Script module'
2. Give name such as 'edsvastreetAddress Policy Script'
3. Do not choose any event handler functions, just click NEXT and then FINISH
4. Edit the script and paste this into it:function onPostCreate($Request)
{
if ($Request.Class -ine "user") {return}
if (!(IsAttributeModified "streetAddress" $Request)) {return}
$streetAddress = [string]$Request.Get("streetAddress")
$streetAddress = RemoveIllegalChars $streetAddress
$DirObj.Put("edsvaStreetAddress", $streetAddress)
$DirObj.SetInfo()
}function onPostModify($Request)
{
if ($Request.Class -ine "user") {exit}
if (!(IsAttributeModified "streetAddress" $Request)) {return}$streetAddress = [string]$Request.Get("streetAddress")
$streetAddress = RemoveIllegalChars $streetAddress
$DirObj.Put("edsvaStreetAddress", $streetAddress)
$DirObj.SetInfo()
}function IsAttributeModified ([string]$strAttributeName, $Request)
{
$objEntry = $Request.GetPropertyItem($strAttributeName, $Constants.ADSTYPE_CASE_IGNORE_STRING)
if ($objEntry -eq $null) { return $false}
$nControlCode = $objEntry.ControlCode
if ($nControlCode -eq 0) { return $false }
return $true
} #-- IsAttributeModifiedfunction RemoveIllegalChars ([string]$strStreetAddress)
{
$strStreetAddress.Replace('\','_').Replace('/','_').Replace(',','_')
} #-- RemoveIllegalCharsCreate a policy that calls this script1. Configuration | Policies | Administration | New Provisioning Policy
2. Assign name such as 'edsvastreetAddress Update'
3. Choose 'Script Execution' and then NEXT
4. Select the script module you just created
5. Link the policy to an OU where you want ARS to copy the streetaddress and place into edsvastreetAddressTest it1. Create a user via the ARS MMC console. During the creation step ensure you set the 'streetaddress' value to something that resembles your existing addresses
2. Run the scheduled task (right-click | execute)
3. Verify the users 'edsvastreetAddress' is set correctly.
4. Force run the group family - it will populate
5. Now create a new user outside of ARS, either using ADU&C or 3rd party tool
6. Ensure 'streetaddress' is populated
7. Repeat steps 2 through 4 above. -
Change Request
TF00674156 -
Additional Information
Please note that the attribute names are case-sensitive. Ensure you keep the same case within the script as to the virtual and real attribute names.