Hello,
We have policy on a group that whenever a user is added to the group, it is set with temporal membership settings to remove it after 7 days. This works fine when a user is added manually directly to the group. However we have an OU with a group autoprovisioning policy that says if the user dept is xxx then add it to the group with the temporal membership policy on it. When it's added via the autoprovisioning policy, it does not apply the temporal membership settings.
To Recap
GroupTemporal has script policy applied to set temporal membership (script is shown below)
The script works fine if I go to the group and add the user, without manually setting temporal membership. The remove date is set successfully via the script.
New user is created in DeptOU which has a group auto provisioning policy to add the new user to GroupTemporal.
User is added to the group but temporal membership remove date is not set. Th
I'm sure it has something to do with the function but I haven't been able to figure it out. Anybody have any ideas? Thanks In advance
function onPreModify($Request)
{
Add-Content E:\QuickConnect\logs\TempGroup.txt -value "========onPreModify============="
# Optimization: check that group object is being updated
if($Request.Class -ne "group"){return}
$member = $request.getex("member")
Add-Content E:\QuickConnect\logs\TempGroup.txt -value "member: $member"
# Optimization: check that attribute member is being updated for a group object
$isCancel = $false
for($i = 0; $i -lt $Request.PropertyCount; $i++)
{
$item = $Request.Item($i)
Add-Content E:\QuickConnect\logs\TempGroup.txt -value $item.name
# ----- Retrieve Property values -----
foreach($value in $item.Values)
{
switch($value.Type)
{
$Constants.DSTYPE_DN_STRING {$str += [string]$value + "// "}
$Constants.ADSTYPE_CASE_EXACT_STRING {$str += [string]$value + "// "}
$Constants.ADSTYPE_CASE_IGNORE_STRING {$str += [string]$value + "// "}
$Constants.ADSTYPE_PRINTABLE_STRING {$str += [string]$value + "// "}
$Constants.ADSTYPE_NUMERIC_STRING {$str += [string]$value + "// "}
$Constants.ADSTYPE_BOOLEAN {$str += [string]$value + "// "}
$Constants.ADSTYPE_INTEGER {$str += [string]$value + "// "} }
}
$str += [System.Environment]::NewLine
Add-Content E:\QuickConnect\logs\TempGroup.txt -value $str
if($item.Name -eq "member")
{
$Operation = $item.ControlCode
Add-Content E:\QuickConnect\logs\TempGroup.txt -value "Operation: $Operation"
if($Operation -eq $Constants.EDS_PROPERTY_DELETE)
{
$isCancel = $true
}
}
}
#if($isCancel -eq $false){return}
}
function onPostModify($Request)
{
Add-Content E:\QuickConnect\logs\TempGroup.txt -value "============onPostModify========"
# Optimization: check that group object is being updated
if($Request.Class -ne "group"){return}
# Optimization: check that attribute member is being updated for a group object
$isAddMember = $false
for($i = 0; $i -lt $Request.PropertyCount; $i++)
{
$item = $Request.Item($i)
if($item.Name -eq "member")
{
$Operation = $item.ControlCode
Add-Content E:\QuickConnect\logs\TempGroup.txt -value "Operation: $Operation"
if($Operation -eq $Constants.ADS_PROPERTY_APPEND)
{
$isAddMember = $true
}
}
}
if($isAddMember -eq $false){return}
$group = $request.GUID
Add-Content E:\QuickConnect\logs\TempGroup.txt -value "group.GUID: $group"
$member = $request.getex("member")
Add-Content E:\QuickConnect\logs\TempGroup.txt -value "group.member: $member"
$OneWeek = (Get-Date).adddays(7)
Add-Content E:\QuickConnect\logs\TempGroup.txt -value "OneWeekr: $OneWeek"
$DefGroupDate = $OneWeek.ToString("u") -Replace "-|:|\s"
$DefGroupDate = $DefGroupDate -Replace "Z", ".0Z"
Add-Content E:\QuickConnect\logs\TempGroup.txt -value "DefGroupDate: $DefGroupDate"
trap {
Add-Content E:\QuickConnect\logs\TempGroup.txt -value "Error in set temporal member"
continue
}
Remove-QADGroupMember -identity $Group -Proxy -Member $member -Control @{'ScheduledOperation-SetTime' = $DefGroupDate}
}