We have an afterCreate rule and script used to create Mailbox. In this script we do not need to use anything other than memberOf and the nativeIdentity.
Moreover, some attribute have cause problems by ending string and so on causing the rule to not call the script.
i.e. An address with some quotes in the value.
As such, I would like to remove all but two attributes from the xml/string we have in the afterCreate rule.
But I do not how to interact with the xml object and functions we have in the rule.
part of the rule:
Do you have any advice on this topic, or/and a way to modify the values sent to the script?
I would prefere to not use a beforeCreate rule as not all attribute are sync, and so I want to make sure the AD account is still created with attribute filled.
Try below script line to get two attributesâ values of native identity and memberof values
$nativeIdentity = $requestObject.NativeIdentity
if($requestObject.Operation -eq 'Modify')
{
foreach ($attribute in $requestObject.AttributeRequests)
{
LogToFile(" Entered the ForEach loop of the attribute Requests and Attribute Name is : ")
LogToFile($attribute.Name)
if(($attribute.Name -eq "memberOf"))
{
$memberOf = $attribute.Value
LogToFile("Attibute value is :")
LogToFile($memberOf)
}
}
}#end of if condition
remove this lines from your script
$requestAsString = $env:Request
$command = -join ($command, " -requestString â$requestAsStringâ")
Invoke-Expression $command
I see, through this for loop, we can get both values I am looking for.
But after that I still need to send these values to another script (the one that create the mailbox, or modify it) on the IQserver.
By removing the lines with the invoke command, I would no longer be able to send the attributes values (nativeIdentity and memberOf)
I still need to rebuild the xml and format it into a string before sending it I think.
I will still look into the code you wrote.
Thanks.
Also, as per the documentation, it is not advisable to add a lot of customer logic in the rule script. It needs to be handled in the powerShell script within the IQServer.
You can also consider using a beforeCreate script that allows you to modify the provisioning plan. This is documented under Entra, but you can follow the same process for AD:
It worked fine for me.
That is what I was searching for, thank you for your help.
The reason I could not use the logic in a before rule or in the script, is because in a before Rule it would have change the plan for the creation a AD account (if the attribute is not sync I would have needed either a workflow or a beforeProvisioning to later add a value), and in the script it would still not have been called because of the error in the rule.
Thus modifying the rule was the only feasible solution in my opinion.
Thanks everyone.