User template, adding ProxyAddresses attibute, whats the right format, can ARM do it?

I tried using the following json when creating a new user but no attribute was added. Is it a matter of formatting?

{
"Name": "ProxyAddresses",
"Definition": {
"Type": "MultiValueText",
"Label": "ProxyAddresses",
"Description": "",
"DefaultValue": null,
"IsRequired": false,
"IsEnabled": true,
"isHidden": false,
"isHiddenFromRequester": false,
"Constraints": {
"MaxLength": -1,
"ForbiddenChars": [],
"ValidationRule": "",
"ValidationInformation": "",
"UniquenessConstraint": "",
"CreationRule": "SMTP:{samaccountname}@contoso.com\nsmtp:{samaccountname}@contoso.onmicrosoft.com"
}
}
}

I tried \r\n too.

I also tried editing C:\ProgramData\protected-networks.com\8MAN\cfg\pnServer.config.xml with the following and restarting arm-service. No joy.

<changeConfiguration>
<activeDirectory>
<PropertiesToLoad type="System.String">proxyAddresses</PropertiesToLoad>
<PropertiesDetails>
<proxyAddresses>
<TypeInfo>System.String[]</TypeInfo>
<AttributeEditType>StringMultiValue</AttributeEditType>
<AliasDisplayName type="System.String">proxyAddresses</AliasDisplayName>
</proxyAddresses>
</PropertiesDetails>
</activeDirectory>
</changeConfiguration>
</config>

Using the url attribute gets me a little further at least. It creates a single value entry but not multi values:

{
"Name": "url",
"Definition": {
"Type": "MultiValueText",
"Label": "url",
"Description": "",
"DefaultValue": null,
"IsRequired": false,
"IsEnabled": true,
"isHidden": false,
"isHiddenFromRequester": false,
"Constraints": {
"MaxLength": -1,
"ForbiddenChars": [],
"ValidationRule": null,
"ValidationInformation": null,
"UniquenessConstraint": "",
"CreationRule": "SMTP:{samaccountname}@contoso.com\nsmtp:{samaccountname}@contoso.onmicrosoft.com"
}

}
}

This only got Apple into the Attribute:

{
"Name": "url",
"Definition": {
"Type": "MultiValueText",
"Label": "url",
"Description": "",
"DefaultValue": [ "Apple", "Banana", "Orange" ],
"IsRequired": false,
"IsEnabled": true,
"isHidden": false,
"isHiddenFromRequester": false,
"Constraints": {
"MaxLength": -1,
"ForbiddenChars": [],
"ValidationRule": null,
"ValidationInformation": null,
"UniquenessConstraint": "",
"CreationRule": ""
}
}
}

I finally found something in the event log:

[    615|ARMSERVER         |pnJob       |14684.1|  1|CONTOSO\ericn             |pn.activeDirectory.…ker.CreateUserWorker|210330|  :15:25.681|Warning    ]                     ActiveDirectoryModifierBase.HandleAdditionalProperties(ActiveDirectoryHandle me, Dictionary`2 properties, ICollection`1 serverMessages): The selected attribute "proxyAddresses" is not supported for set operation

Id like someone to explain that choice!

Looks like the template generator  is missing the ability to add newlines. 

It is even vaguely referenced here. See the example "Complex example for an email address validation" documentation.solarwinds.com/.../basic-structure-of-an-input-option.htm

Other things I have read:

https://documentation.solarwinds.com/en/Success_Center/ARM/Content/Load-additional-LDAP-attributes.htm

https://thwack.solarwinds.com/product-forums/access-rights-manager-arm/f/forum/11826/can-arm-manage-the-extended-schema-in-active-directory-for-unix/185098#185098

This powershell script will have to suffice for now, SolarWinds has not gotten back to me on my ticket and given their recent security issues I'm not holding my breath. Also, this product looks like its development is stalled and the forum isnt getting a whole lot of activity. Anyone else moving on to a different product?

param ($commonname, $samaccountname, $domainname, $userprincipalname)

#Import-Module ServerManager
#Add-WindowsFeature RSAT-AD-PowerShell

#will not work without rsat-ad-powershell installed, see above
import-module activedirectory

#these logs will clean up after 7 days or 100M
install-module PSFramework
$logFile = "$($PSCommandPath)-log-$(Get-date -f 'yyyyMMddHHmmss').log"
Set-PSFLoggingProvider -Name logfile -FilePath $logFile -Enabled $true

Write-PSFMessage -Level Output -Message "These are the passed in named parameters: $commonname $samaccountname $domainname $userprincipalname"

$ADServer = (Get-ADDomainController).name
$proxyAddresses = @("SMTP:$($userprincipalname)", "smtp:$($samaccountname)@contoso.mail.onmicrosoft.com", "smtp:$($samaccountname)@contoso.org")
Write-PSFMessage -Level Output -Message "These are the proxy addresses: $($proxyAddresses)"

$setADUser = Set-ADUser -Server $ADServer -Identity $samaccountname -Add @{proxyAddresses=$proxyAddresses} -PassThru -Verbose
Write-PSFMessage -Level Output -Message "Set-ADUser output: $setADUser"

Update: Good news! Support got back to me and they are looking into my issue and plan on supporting writing to proxyAddresses in my scenario. It is a mystery why can do this on his deployment.

  • The MultivalueText like you are using it works fine in the fat client but it seems that the control that is currently loaded in the webinterface isn´t working correctly. When i define multiple DefaultValues it actually works and puts in multiple addresses but obviously we can´t use variables in the DefaultValue.

    According to the docs the constraints (and with that creationrule) is applied to each item in the list but since you cant define DefaultValue and CreationRule at the same time there will always be 0 items in the list. Either this hasnt been thought through or there is a bug.

  • Id love to see the .json you used in the fat client so I can try it on the same attribute you used.


  • {
    "Name": "ProxyAddresses",
    "Definition": {
    "Type": "MultiValueText",
    "Label": "ProxyAddresses",
    "Description": "",
    "DefaultValue": null,
    "IsRequired": false,
    "IsEnabled": true,
    "isHidden": false,
    "isHiddenFromRequester": false,
    "Constraints": {
    "MaxLength": -1,
    "ForbiddenChars": [],
    "ValidationRule": "",
    "ValidationInformation": "",
    "UniquenessConstraint": "",
    "CreationRule":"smtp:{samaccountname}@contoso.com\nsmpt:22@contoso.com\nsmtp:23@test.de"
    }
    }
    },

    here you go

  • Thanks to , I had to add <IsChangeable type="System.String">true</IsChangeable> to my pnServer.config.xml ! It works now!


    <changeConfiguration>
    <activeDirectory>
    <PropertiesToLoad type="System.String">proxyAddresses</PropertiesToLoad>
    <PropertiesDetails>
    <proxyAddresses>
    <TypeInfo>System.String[]</TypeInfo>
    <AttributeEditType>StringMultiValue</AttributeEditType>
    <IsChangeable type="System.String">true</IsChangeable>
    <AliasDisplayName type="System.String">proxyAddresses</AliasDisplayName>
    </proxyAddresses>
    </PropertiesDetails>
    </activeDirectory>
    </changeConfiguration>
    </config>