0 votes

Hello,

we create reports for every group in every OU. But what i need is, that the Description is also shown from the group, a user is in.

For example:

image.png

This is how my report looks like. This is great, so every User will be shown. but what i need is the description of the group.

image.png

Is this possible?

Thank you in advance

by (1.3k points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

You can update the built-in Members of groups report to meet your needs. To do so:

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, expand your service node.
  3. Navigate to Reports\All Reports\Groups\Membership and right-click the Members of groups report.
  4. In the context menu, click Edit. image.png
  5. Activate the Script tab.
  6. Replace the script with the script below:
# Get parameter values
$groupTypes = $Context.GetParameterValue("param-GroupTypes")
$memberTypes = $Context.GetParameterValue("param-MemberTypes")
$membersPropertyName = $Context.GetParameterValue("param-IndirectMembers")

# Custom column identifiers
$groupColumnID = "{ab44065d-0eef-4825-bc39-29807f416826}" # TODO: modify me

# IDs of primary groups to exclude from the report
$primaryGroupIDs = @{ 513="Domain Users"; 515="Domain Computers"; 516="Domain Controllers"; 521="RODCs" }

# Search filter
$filter = "(|" + $groupTypes + ")"
$Context.DirectorySearcher.AppendFilter($filter)
$filterMembers = "(|" + $memberTypes + ")"

# Add properties necessary to generate the report
$propertiesForMembers = $Context.DirectorySearcher.GetPropertiesToLoad()
$propertiesForGroups = @("objectClass", "objectGuid", "distinguishedName", "description", "primaryGroupToken")
$Context.DirectorySearcher.SetPropertiesToLoad($propertiesForGroups)

# Create a hash table to map member GUIDs to search results
$guidComparer = $Context.CreatePropertyValueComparer("objectGuid")
$memberGuidToSearchResult = New-Object System.Collections.Hashtable @($guidComparer)

# Generate report
try
{
    $searchIterator = $Context.DirectorySearcher.ExecuteSearch()
    $Context.DirectorySearcher.SetPropertiesToLoad($propertiesForMembers)
    while ($Context.MoveNext($searchIterator))
    {
        $searchResult = $searchIterator.Current

        # Exclude well-known primary groups
        $primaryGroupID = $searchResult.GetPropertyByName("primaryGroupToken").Values[0]
        if ($primaryGroupIDs.Contains($primaryGroupID))
        {
            continue
        }

        $groupDisplayName = $Context.GetDisplayNameFromAdsPath($searchResult.AdsPath)
        $groupDescription = $searchResult.GetPropertyByName("description").Values[0]
        $groupIdentity = "$groupDisplayName $groupDescription"

        # Get GUIDs of the group members
        $group = $Context.BindToObjectBySearchResult($searchResult)
        try
        {
            $memberGuids = $group.GetEx($membersPropertyName)
        }
        catch  [System.Runtime.InteropServices.COMException]
        {
            if ($_.Exception.ErrorCode -eq 0x8000500D) # E_ADS_PROPERTY_NOT_FOUND
            {
                # The group doesn't have any members
                $columnValues = @{ $groupColumnID = $groupIdentity; }
                if ($styleNoMembers -eq $NULL)
                {
                    $styleNoMembers = $Context.Items.CreateItemStyle("#3d3d3d", $NULL,
                        "ADM_LISTITEMFONTSTYLE_REGULAR")
                }
                $Context.Items.Add(-1, "<No members>", "Information", $columnValues, $styleNoMembers)
                continue
            }
            else
            {
                throw $_.Exception
            }
        }

        # Add group members to the report

        $guidsToSearch = $NULL
        # Add already found objects
        foreach ($memberGuid in $memberGuids)
        {
            if (-not $memberGuidToSearchResult.Contains($memberGuid))
            {
                if ($guidsToSearch -eq $NULL)
                {
                    $guidsToSearch = New-Object System.Collections.ArrayList
                }
                $guidsToSearch.Add($memberGuid)
            }
            else
            {
                $memberSearchResult = $memberGuidToSearchResult[@(,$memberGuid)][0]
                $clonedSearchResult = $memberSearchResult.Clone($False)
                $columnValues = @{ $groupColumnID = $groupIdentity; }
                $Context.Items.Add($clonedSearchResult, $columnValues, $NULL)
            }
        }

        if ($guidsToSearch -eq $NULL)
        {
            continue
        }

        # Search for members
        $memberSearcher = $Context.CreateGuidBasedSearcher($guidsToSearch)
        $memberSearcher.SetPropertiesToLoad($propertiesForMembers)
        $memberSearcher.AppendFilter($filterMembers)
        try
        {
            $memberSearchIterator = $memberSearcher.ExecuteSearch()
            while ($Context.MoveNext($memberSearchIterator))
            {
                $memberSearchResult = $memberSearchIterator.Current

                # Remember the search result
                $memberGuid = $memberSearchResult.GetPropertyByName("objectGuid").Values[0]
                $memberGuidToSearchResult[$memberGuid] = $memberSearchResult.Clone($False)

                # Add the object to the report
                $columnValues = @{ $groupColumnID = $groupIdentity; }
                $Context.Items.Add($memberSearchResult, $columnValues, $NULL)
            }
        }
        finally
        {
            if ($memberSearchIterator) { $memberSearchIterator.Dispose() }
        }
    }
}
finally
{
    if ($searchIterator) { $searchIterator.Dispose() }
}

image.png 10. In the script, the $groupColumnID variable specifies the identifier of the custom column used to group members. To get the column ID:

  • Activate the Columns tab.
  • In the Report-specific columns list, right-click the Group column.
  • In the context menu, navigate to Copy and click Column ID.
  • The column identifier will be copied to the clipboard. image.png
  1. Activate the Columns tab.
  2. Select Group and then click Edit. image.png
  3. Select Text data type. image.png
  4. Click OK twice.
0

perfect as always! never seen such a fast and pro like support as yours! thank you very much!

0

Hello,

Thank you for your good words, it is much appreciated! We are doing our best for our customers. Should you have any questions or need clarifications, do not hesitate to contact Adaxes Support Team.

Related questions

0 votes
1 answer

If I have 2 Active Directory Security groups in my domain - Group A Group B Is it possible to create a report that shows only users who have membership in both groups? For ... Jane Doe is in Group A AND Group B she would be included in the resulting report.

asked May 11 by sirslimjim (1.7k points)
0 votes
1 answer

I'd like to create a a custom report to show any approval requests (Approved, Pending, and Rejected) for membership in certain AD groups within our domain. These groups grant users ... " (Just In Time) in the name of the group. Is something like this possible?

asked Mar 30 by sirslimjim (1.7k points)
0 votes
1 answer

Our Help Desk currently 'mirrors' the group membership of a new user based on another existing user in our AD. I'd like to be able to automate this so that the initiator ... and 'paste' it on the new user being created. Any help on this would be appreciated!

asked Apr 21 by RayBilyk (690 points)
0 votes
1 answer

hello! need some help asap! i need to show a report of a group with its members, which has multiple nested groups and its group. How can i get this info?

asked Jan 13, 2017 by MeliOnTheJob (10.6k points)
0 votes
1 answer

Hi, is there a way through the Adaxes SDK to check all users against a specific group and determine wether or not they are part of it (must include direct and indirect ... Forrest root domain which holds the group, members of the group can be in every domain

asked Jun 30, 2014 by ijacob (6.1k points)
2,330 questions
2,085 answers
5,671 comments
92,813 users