0 votes

HI,

is it possible to compare a actual Value and the Value after modify from a CustomAttributeTextMultiValue and send the difference via mail?

Thx,

by (700 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

Yes, it's possible. For this purpose, you'll need to create 2 Business Rules. One of the Business Rules will be triggered before updating the property, and the other one will be triggered after updating it.

The Business Rule triggered before the update will back up the values for the property you want to track to another multivalued property. For example, if you want to track changes in CustomAttributeTextMultiValue1, the Business Rule will back up the values of the property in CustomAttributeTextMultiValue10.

The Business Rule triggered after the update will compare the current values of the property (after the update) to the old values stored in the backup property, and will send the difference via mail.

To implement the above solution:

I. Business Rule for Current State Back Up

To create a Business Rule that backs up the current state of the property before the update:

  1. Create a new Business Rule.

  2. On the 2nd step of the Create Business Rule wizard, select User and Before Updating a User.

  3. On the 3rd step, add the Run a program or PowerShell script action and paste the following script in the Script field:

     $propertyToCheck = "adm-CustomAttributeTextMultiValue1" # TODO: modify me
     $backupProperty = "adm-CustomAttributeTextMultiValue10" # TODO: modify me
    
     if ($Context.IsPropertyModified($propertyToCheck))
     {
         # Get the current values
         try
         {
             $values = $Context.TargetObject.GetEx($propertyToCheck)
         }
         catch
         {
             return # The property is empty
         }
    
         # Update the backup property with the current values
         $Context.TargetObject.PutEx("ADS_PROPERTY_UPDATE", $backupProperty, $values)
    
         # Save changes
         $Context.TargetObject.SetInfo()
     }
    
  4. In the script, modify the following to match your requirements:

    • $propertyToCheck - specifies the LDAP name of the property, changes in which you want to track,
    • $backupProperty - specifies the LDAP name of the property that will be used for backing up the state of $propertyToCheck before the update.
  5. Enter a short description for the script and click OK.

  6. Now, you need to configure the Business Rule to be triggered only when $propertyToCheck is updated. For this purpose, you need to add a condition. Double-click Always.

  7. Select the If <property> changed condition type.

  8. Specify If CustomAttributeTextMultiValue1 has changed, where CustomAttributeTextMultiValue1 is the name of the property, changes in which you want to track.

  9. Click OK and finish creation of the Business Rule.

II. Business Rule for Reporting

To create a Business Rule that reports changes in the property after the update:

  1. Create a new Business Rule.

  2. On the 2nd step of the Create Business Rule wizard, select User and After Updating a User.

  3. On the 3rd step, add the Run a program or PowerShell script action and paste the following script in the Script field:

     $propertyToCheck = "adm-CustomAttributeTextMultiValue1" # TODO: modify me
     $backupProperty = "adm-CustomAttributeTextMultiValue10" # TODO: modify me
     $to = "recipient@domain.com" # TODO: modify me
     $subject = "Changes in property '$propertyToCheck' for '%fullname%'" # TODO: modify me
     $htmlReportHeader = "<h2><b>Changes in property '$propertyToCheck' for '%fullname%':</b></h2><br/>" # TODO: modify me
     $htmlReportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me
    
     if (!($Context.IsPropertyModified($propertyToCheck)))
     {
         return
     }
    
     # Get the current values
     try
     {
         $currentValues = $Context.TargetObject.GetEx($propertyToCheck)
     }
     catch
     {
         $currentValues = @()
     }
    
     $values = New-Object "System.Collections.Generic.HashSet[System.String]"
     foreach ($value in $currentValues)
     {
         $values.Add($value) | Out-Null
     }
    
     # Get saved values
     try
     {
         $savedValues = $Context.TargetObject.GetEx($backupProperty)
     }
     catch
     {
         if ($values.Count -eq 0)
         {
             return # No current or saved values
         }
    
         $savedValues = @() # The property was empty before the update
     }
    
     $removedValues = @()
     foreach ($savedValue in $savedValues)
     {
         if ($values.Remove($savedValue))
         {
             continue
         }
    
         $removedValues += $savedValue
     }
    
     if (($values.Count -eq 0) -and ($removedValues.Length -eq 0))
     {
         return # No new or removed values
     }
    
     # Include the values that were added into the report
     $addedValuesList = "<b>The following values have been added:</b><br /><ol>"
     foreach ($value in $values)
     {
         $addedValuesList += "<li>$value</li>"
     }
     $addedValuesList += "</ol>"
    
     # Include the values that were removed into the report
     $removedValuesList = "<b>The following values have been removed:</b><br /><ol>"
     foreach ($removedValue in $removedValues)
     {
         $removedValuesList += "<li>$removedValue</li>"
     }
     $removedValuesList += "</ol>"
    
     # Build the report
     $htmlReport = $htmlReportHeader + $addedValuesList + $removedValuesList + $htmlReportFooter
    
     # Send mail
     $Context.SendMail($to, $subject, $NULL, $htmlReport)
    
     # Clear backup property
     $Context.TargetObject.PutEx("ADS_PROPERTY_CLEAR", $backupProperty, $NULL)
     $Context.TargetObject.SetInfo()
    
  4. In the script, modify the following to match your requirements:

    • $propertyToCheck - specifies the LDAP name of the property, changes in which you want to track,
    • $backupProperty - specifies the LDAP name of the property that is used for backing up the state of $propertyToCheck before the update,
    • $to - specifies the recipient of the e-mail notifications,
    • $subject - specifies the subject of the e-mail notifications,
    • $htmlReportHeader - specifies the report header,
    • $htmlReportFooter - specifies the report footer.
  5. Enter a short description for the script and click OK.

  6. Now, you need to configure the Business Rule to be triggered only when $propertyToCheck is updated. For this purpose, you need to add a condition. Right-click the action that you've just added and click Add Condition.

  7. Select the If <property> changed condition type.

  8. Specify If CustomAttributeTextMultiValue1 has changed, where CustomAttributeTextMultiValue1 is the name of the property, changes in which you want to track.

  9. Click OK and finish creation of the Business Rule.

Related questions

0 votes
1 answer

Good afternoon, I am attempting to create a report to flag Users where the email address in AD does not match the email address in our Payroll system. I am able to use ... ) to grab User objects. Any help or input would be greatly appreciated. Thank you, Keith

asked Aug 12, 2021 by kfrench (20 points)
0 votes
1 answer

Hello Support Team We have a need to compare an Excel spreadsheet of employee master data to Adaxes (Active Directory) and get a report of what fields are different. We use ... from HR) but Adaxes (Active Directory) still has the old office for Bob as 0333.

asked May 8, 2017 by willy-wally (3.2k points)
0 votes
1 answer

We are trying to verify a unique attribute for all users. what we need it to do: 1. Compare "Employee ID" attribute against all users. (to find any duplicates) 2. Needs to ... 4. Email .csv or HTML report to a user. Is this possible with in Adaxes? Tony Babbe

asked Apr 23, 2014 by babbeaw (320 points)
0 votes
1 answer

I have multiple security groups that are linked to business units for application access (for this example lets say adobe and docusign). If a user has access to ... CustomAttributeTextMultiValue, does it only read the last entry, or multiple lines? thanks.

asked Aug 9, 2023 by thatcher (120 points)
0 votes
1 answer

I had a script that would copy the values from adm-CustomAttributeTextMultiValue1 and save them into extensionAttribute15 as a comma seperated list. The script somehow got deleted and I can't seem to find the tutorial I used to create it before.

asked Jul 1, 2022 by jordan (110 points)
3,326 questions
3,026 answers
7,727 comments
544,681 users