Adaxes

Different Report Execution

0 votes

Hello,

i'm german so sorry for my bad english. :D
I'm using the Bultin Report "Member of Groups:

# Get parameter values
$groupTypes = $Context.GetParameterValue("param-GroupTypes")
$memberTypes = $Context.GetParameterValue("param-MemberTypes")
$membersPropertyName = $Context.GetParameterValue("param-IndirectMembers")

# Custom column identifiers
$groupColumnID = "{b3292b44-9d91-4c84-a411-179dc0bf19d3}"

# IDs of primary groups to exclude from the report
$primaryGroupIDs = @{ 513="Domain Users"; 515="Domain Computers"; 516="Domain Controllers"; 521="RODCs" }

# Search filter
$filter = "(|" + $groupTypes + ")"
$Context.DirectorySearcher.AppendFilter($filter)
$filterMembers = "(|" + $memberTypes + ")"

# Add properties necessary to generate the report
$propertiesForMembers = $Context.DirectorySearcher.GetPropertiesToLoad()
$propertiesForGroups = @("objectClass", "objectGuid", "distinguishedName", "primaryGroupToken")
$Context.DirectorySearcher.SetPropertiesToLoad($propertiesForGroups)

# Create a hash table to map member GUIDs to search results
$guidComparer = $Context.CreatePropertyValueComparer("objectGuid")
$memberGuidToSearchResult = New-Object System.Collections.Hashtable @($guidComparer)

# Generate report
try
{
    $searchIterator = $Context.DirectorySearcher.ExecuteSearch()
    while ($Context.MoveNext($searchIterator))
    {
        $searchResult = $searchIterator.Current

        # Exclude well-known primary groups
        $primaryGroupID = $searchResult.GetPropertyByName("primaryGroupToken").Values[0]
        if ($primaryGroupIDs.Contains($primaryGroupID))
        {
            continue
        }

        $groupDN = $searchResult.GetPropertyByName("distinguishedName").Values[0]

        # Get GUIDs of the group members
        $group = $Context.BindToObjectBySearchResult($searchResult)
        try
        {
            $memberGuids = $group.GetEx($membersPropertyName)
        }
        catch  [System.Runtime.InteropServices.COMException]
        {
            if ($_.Exception.ErrorCode -eq 0x8000500D) # E_ADS_PROPERTY_NOT_FOUND
            {
                # The group doesn't have any members
                $columnValues = @{ $groupColumnID = $groupDN; }
                if ($styleNoMembers -eq $NULL)
                {
                    $styleNoMembers = $Context.Items.CreateItemStyle("#3d3d3d", $NULL,
                        "ADM_LISTITEMFONTSTYLE_REGULAR")
                }
                $Context.Items.Add(-1, "<Keine Mitglieder>", "Information", $columnValues, $styleNoMembers)
                continue
            }
            else
            {
                throw $_.Exception
            }
        }

        # Add group members to the report

        $guidsToSearch = $NULL
        # Add already found objects
        foreach ($memberGuid in $memberGuids)
        {
            if (-not $memberGuidToSearchResult.Contains($memberGuid))
            {
                if ($guidsToSearch -eq $NULL)
                {
                    $guidsToSearch = New-Object System.Collections.ArrayList
                }
                $guidsToSearch.Add($memberGuid)
            }
            else
            {
                $memberSearchResult = $memberGuidToSearchResult[@(,$memberGuid)][0]
                $clonedSearchResult = $memberSearchResult.Clone($False)
                $columnValues = @{ $groupColumnID = $groupDN; }
                $Context.Items.Add($clonedSearchResult, $columnValues, $NULL)
            }
        }

        if ($guidsToSearch -eq $NULL)
        {
            continue
        }

        # Search for members
        $memberSearcher = $Context.CreateGuidBasedSearcher($guidsToSearch)
        $memberSearcher.SetPropertiesToLoad($propertiesForMembers)
        $memberSearcher.AppendFilter($filterMembers)
        try
        {
            $memberSearchIterator = $memberSearcher.ExecuteSearch()
            while ($Context.MoveNext($memberSearchIterator))
            {
                $memberSearchResult = $memberSearchIterator.Current

                # Remember the search result
                $memberGuid = $memberSearchResult.GetPropertyByName("objectGuid").Values[0]
                $memberGuidToSearchResult[$memberGuid] = $memberSearchResult.Clone($False)

                # Add the object to the report
                $columnValues = @{ $groupColumnID = $groupDN; }
                $Context.Items.Add($memberSearchResult, $columnValues, $NULL)
            }
        }
        finally
        {
            if ($memberSearchIterator) { $memberSearchIterator.Dispose() }
        }
    }
}
finally
{
    if ($searchIterator) { $searchIterator.Dispose() }
}

The Result of this Report is exactly the same when executed in Adaxes Management Console and in the Web-Portal.
I modified the script so that not the Property "distinguishedName" but the Property "cn" or "name" is used.

The Result when executed inside the Management Console is as expected.
When executed inside the Web Portal than there is only one group "unspecified" with alle the users inside.

What am i doing wrong here?

by (100 points)
0

Hello,

I modified the script so that not the Property "distinguishedName" but the Property "cn" or "name" is used.

Could you, please, clarify what exactly was changed? Screenshots would be very helpful. You can post them here or send to our support email: support[at]adaxes.com.

The Result when executed inside the Management Console is as expected.
When executed inside the Web Portal than there is only one group "unspecified" with alle the users inside.

Did you use the same user account to generate the report in Adaxes Administration Console and in Web Interface? For information on how to check\change the credentials used to logon to Adaxes service in Adaxes Administration Console, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.Man ... count.html.

How exactly do you generate the report in Adaxes Web Interface? Do you just select the report from the reports list or you added the report to the home page?

by (272k points)
moved by
0

Hello,

Hello,

I modified the script so that not the Property "distinguishedName" but the Property "cn" or "name" is used.

Could you, please, clarify what exactly was changed? Screenshots would be very helpful. You can post them here or send to our support email: support[at]adaxes.com.

in the given script i changed the following lines: 

Line 19: 
#original   $propertiesForGroups = @("objectClass", "objectGuid", "distinguishedName", "primaryGroupToken")
#modified   $propertiesForGroups = @("objectClass", "objectGuid", "cn", "primaryGroupToken") 

Line 41: 
#original   $groupDN = $searchResult.GetPropertyByName("distinguishedName").Values[0]
#modified   $groupDN = $searchResult.GetPropertyByName("cn").Values[0]

The Result when executed inside the Management Console is as expected.
When executed inside the Web Portal than there is only one group "unspecified" with alle the users inside.

Did you use the same user account to generate the report in Adaxes Administration Console and in Web Interface? For information on how to check\change the credentials used to logon to Adaxes service in Adaxes Administration Console, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.Man ... count.html.

How exactly do you generate the report in Adaxes Web Interface? Do you just select the report from the reports list or you added the report to the home page?

i tried both for both cases, using the adaxes service account, and my personal account.
The Results are the same.

Original Report: Working in Adaxes Administration Console and in the Web Interface (remaining unchanged after copy)

Modified Report: Working in Adaxes Administration Console but not in the Web Interface (modified lines seeing above)
There is another mismatch in the web interface: The group description column is for users empty.

Result inside Admin Console:

Result inside Web Interface:

by (100 points)
moved by

1 Answer

0 votes
by (272k points)
selected by
Best answer

Hello,

Thank you for the provided details.

This behavior occurs because the custom column Group is of Active Directory object type. To remedy the issue, you need to change the column type to Text. To do so:

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, expand the service node.
  3. Navigate to Reports\All reports\Groups\Membership.
  4. Right-click the Members of groups report and then click Edit in the context menu.
  5. In the dialog box that opens, activate the Columns tab.
  6. In the Report-specific columns section, select Group and click Edit.
  7. On the General tab, select Text and click OK twice.
0

Hello,

thanks for the reply. This worked like a charm for the grouping of the users.

The user description column unfortunately is still empty inside the web interface.
I tried to create a report-specific description column with column type text (like group is now) and in the valuation tab i used the template %description% but no success in the web interface (Admin Console works).

Do you have any idea for this too?

by (100 points)
moved by
0

Hello,

As per our check, the report works just fine with the modification you made to the script and the Group custom column type set to Text. The Description column should not be affected. It looks like the behavior occurs because the account whose credentials were used to sign in to Adaxes Web Interface does not have the permissions to see the value of the Description property for the users. To check that, please, try to generate the report in Adaxes Web Interface when signed in with the credentials of the Adaxes service account (specified during Adaxes installation).

If the issue still persists could we, please, review your Adaxes configuration? Please, make a backup of your configuration and email it (support[at]adaxes.com) to us: https://www.adaxes.com/help/?HowDoI.Man ... ation.html.
To not include credentials, please, do not select the Back up credentials checkbox on step 2 of the wizard.

by (272k points)
moved by

Related questions

0 votes
1 answer
Is there a report that will show users recently moved (in the last 7 days) to one of four different OUs in AD?

We have four OUs in Active Directory (Pending Deletion, Disabled with Mail Delegates, Disabled with HR Extensions and Disabled_Temp_Leave) that users are moved to prior to their eventual ... past 7 days have been moved to one of 4 of these OUs. Thanks!

asked Jun 3, 2021 by RayBilyk (230 points)
0 votes
1 answer
Dont wait for execution on web form

Hi, if a user creates a new user via web form and backend scripts are executed, is there a way to skip this waiting page? I not sure if I found some setting in the ... asynchronously" would do the trick, no? But I want all task are excuted one after one.

asked Jan 24 by wintec01 (1.1k points)
0 votes
1 answer
Business rules execution logic

Hi, might be a stupid question, but how are actions executed within a business like these here: Is every action only executed if the previous action succeeded or each time a ... .o I thought they will be executed in order and depends each on the previous one

asked Jun 5, 2023 by wintec01 (1.1k points)
0 votes
1 answer
What are the cons of increasing the script execution timeouts on the adaxes service?

Other than potentially infinite loops and scripts querying large number or resources, what are the downsides? We have a custom command that boots up a vm during execution, ... want to make sure there is nother else to consider before increasing the timeout.

asked Mar 10, 2022 by ThompsonAlex (40 points)
+1 vote
1 answer
Disable or hide execution log for a specific business rule

Hi Adaxes Team I have created a business rule which sends a mail to our helpdesk staff after a user sets a new pw with the self password reset function. The user should ... . If this is not possible yet, please forward it as a suggestion :) regards pudong

asked Feb 4, 2022 by pudong (670 points)
3,351 questions
3,052 answers
7,791 comments
545,079 users