Documentation
DocumentationDeveloperAcademyCommunitySupportLogin
Start typing to search…

How To Guide for Access Groups Plugin

How To Configure Integration with Exchange On-Prem

The Moveworks Group Access plugin integrates directly with Active Directory, however groups created through the plugin may not automatically be Exchanged mail-enabled, based on your individual organization's setup.

In order to make Moveworks-created groups Exchange mail-enabled, the following sample script can be used.

High-Level Overview

  1. Moveworks creates group in a temporary OU in Active Directory.
  2. Powershell script is set to run nightly, and queries all groups in this temporary OU. (You can use AD Task Scheduler on AD Server to execute this script.)
  3. Script then adds attribute to make each group mail-enabled.
  4. Script moves groups into final OU

Sample Script

#  1.  Connect to local exchange environment
#  2.  Query groups in the Temp OU.
#  3.  Store all groups in an array
#  4.  Run "Enable-DistributionGroup -Identity groupname" on each group in the array
#  5.  Move groups to OU=User Created Distribution Lists,DC=org,DC=com when done
#  6.  Schedule this to run every night.

# Load AD Module
Import-Module ActiveDirectory

# Load Exchange Snapin
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://sv2wnexmb01.global.company.com/PowerShell/ -Authentication Kerberos
Import-PSSession $Session

# Get list of Groups not Mail Enabled from the Temp OU
$groupsToProcess = Get-ADGroup -SearchBase "OU=Temp,OU=Distribution Lists,DC=company,DC=com" -Filter *

ForEach ($ADGroup in $groupsToProcess) {
    $grpDistName = $ADGroup.DistinguishedName

    # Enable email for each group
    Enable-DistributionGroup -Identity $ADGroup.DistinguishedName

    # Delivery management
    Set-DistributionGroup -Identity $ADGroup.DistinguishedName -RequireSenderAuthenticationEnabled $false

    # move group to final OU
    Move-ADObject -Identity $grpDistName -TargetPath "OU=Distribution Lists,DC=company,DC=com"
}

Considerations

  • When creating the DL in-bot, group additions can happen immediately and this gets carried over when the group is picked up by the nightly job.
  • Be sure to replace the placeholder values with actual values. This script may require additional modifications based on your company’s setup.

How to enforce naming conventions when creating a group

  1. Navigate to Group Access > Plugin Settings
  2. Scroll down to the DL validation JSON bender configuration.
  3. Here you can write a configuration like the one below to enforce naming conventions e.g:
{
  "email": {
    "CONDITIONAL()": {
      "context": {
        "val": {
          "EVAL()": {
            "expression": "$REPLACE(val OR \"\", \"[\\\\~#%&*,{}$\\/:<>?|\\\"]\", \"\") OR NULL",
            "args": {
              "val": {
                "CONDITIONAL()": {
                  "context": {
                    "val": "$SPLIT(email OR \"\", \"@\")[0] OR NULL"
                  },
                  "condition": "val",
                  "on_pass": "val.$REPLACE(\"\\.pdl\", \"\").$REPLACE(\"_\", \"-\")"
                }
              }
            }
          }
        }
      },
      "condition": "val",
      "on_pass": "$CONCAT([val, \"[email protected]\"])"
    }
  }
}

This Moveworks DSL configuration transforms an email address by extracting and cleaning the username portion, then reconstructing it with a standardized company domain. The process works by first splitting the input email on "@" to get the username, then conditionally cleaning it by removing special characters (like backslashes, tildes, hashes, etc.) and replacing underscores with hyphens while also stripping any existing ".pdl" suffix. If the cleaned username exists after this sanitization, it concatenates the result with "[email protected]" to create a standardized email format, otherwise it returns null - essentially converting various email formats into a consistent company email structure with ".pdl" as a prefix to the company domain.

How do I enable the create DL skill/ Add user to DL skill/ Remove user from DL skill ?

Plugin controls can be used to enable or disable a skill.

  1. Navigate to the AI Assistant Plugin Management config and go through the available plugin controls.
  2. Enable the plugin for the respective skill using the plugin control.

How do I select the approval model for the create DL skill/ Add user to DL skill/ Remove user from DL skill ?

  1. Navigate to the sub-section for the each skill.
  2. Select the approval model that skill will follow.

Updated 2 days ago