0 votes

Hello,

we create reports for every group in every OU. But what i need is, that the Description is also shown from the group, a user is in.

For example:

image.png

This is how my report looks like. This is great, so every User will be shown. but what i need is the description of the group.

image.png

Is this possible?

Thank you in advance

by (200 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

You can update the built-in Members of groups report to meet your needs. To do so:

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, expand your service node.
  3. Navigate to Reports\All Reports\Groups\Membership and right-click the Members of groups report.
  4. In the context menu, click Edit. image.png
  5. Activate the Script tab.
  6. Replace the script with the script below:
# Get parameter values
$groupTypes = $Context.GetParameterValue("param-GroupTypes")
$memberTypes = $Context.GetParameterValue("param-MemberTypes")
$membersPropertyName = $Context.GetParameterValue("param-IndirectMembers")

# Custom column identifiers
$groupColumnID = "{ab44065d-0eef-4825-bc39-29807f416826}" # TODO: modify me

# IDs of primary groups to exclude from the report
$primaryGroupIDs = @{ 513="Domain Users"; 515="Domain Computers"; 516="Domain Controllers"; 521="RODCs" }

# Search filter
$filter = "(|" + $groupTypes + ")"
$Context.DirectorySearcher.AppendFilter($filter)
$filterMembers = "(|" + $memberTypes + ")"

# Add properties necessary to generate the report
$propertiesForMembers = $Context.DirectorySearcher.GetPropertiesToLoad()
$propertiesForGroups = @("objectClass", "objectGuid", "distinguishedName", "description", "primaryGroupToken")
$Context.DirectorySearcher.SetPropertiesToLoad($propertiesForGroups)

# Create a hash table to map member GUIDs to search results
$guidComparer = $Context.CreatePropertyValueComparer("objectGuid")
$memberGuidToSearchResult = New-Object System.Collections.Hashtable @($guidComparer)

# Generate report
try
{
    $searchIterator = $Context.DirectorySearcher.ExecuteSearch()
    $Context.DirectorySearcher.SetPropertiesToLoad($propertiesForMembers)
    while ($Context.MoveNext($searchIterator))
    {
        $searchResult = $searchIterator.Current

        # Exclude well-known primary groups
        $primaryGroupID = $searchResult.GetPropertyByName("primaryGroupToken").Values[0]
        if ($primaryGroupIDs.Contains($primaryGroupID))
        {
            continue
        }

        $groupDisplayName = $Context.GetDisplayNameFromAdsPath($searchResult.AdsPath)
        $groupDescription = $searchResult.GetPropertyByName("description").Values[0]
        $groupIdentity = "$groupDisplayName $groupDescription"

        # Get GUIDs of the group members
        $group = $Context.BindToObjectBySearchResult($searchResult)
        try
        {
            $memberGuids = $group.GetEx($membersPropertyName)
        }
        catch  [System.Runtime.InteropServices.COMException]
        {
            if ($_.Exception.ErrorCode -eq 0x8000500D) # E_ADS_PROPERTY_NOT_FOUND
            {
                # The group doesn't have any members
                $columnValues = @{ $groupColumnID = $groupIdentity; }
                if ($styleNoMembers -eq $NULL)
                {
                    $styleNoMembers = $Context.Items.CreateItemStyle("#3d3d3d", $NULL,
                        "ADM_LISTITEMFONTSTYLE_REGULAR")
                }
                $Context.Items.Add(-1, "<No members>", "Information", $columnValues, $styleNoMembers)
                continue
            }
            else
            {
                throw $_.Exception
            }
        }

        # Add group members to the report

        $guidsToSearch = $NULL
        # Add already found objects
        foreach ($memberGuid in $memberGuids)
        {
            if (-not $memberGuidToSearchResult.Contains($memberGuid))
            {
                if ($guidsToSearch -eq $NULL)
                {
                    $guidsToSearch = New-Object System.Collections.ArrayList
                }
                $guidsToSearch.Add($memberGuid)
            }
            else
            {
                $memberSearchResult = $memberGuidToSearchResult[@(,$memberGuid)][0]
                $clonedSearchResult = $memberSearchResult.Clone($False)
                $columnValues = @{ $groupColumnID = $groupIdentity; }
                $Context.Items.Add($clonedSearchResult, $columnValues, $NULL)
            }
        }

        if ($guidsToSearch -eq $NULL)
        {
            continue
        }

        # Search for members
        $memberSearcher = $Context.CreateGuidBasedSearcher($guidsToSearch)
        $memberSearcher.SetPropertiesToLoad($propertiesForMembers)
        $memberSearcher.AppendFilter($filterMembers)
        try
        {
            $memberSearchIterator = $memberSearcher.ExecuteSearch()
            while ($Context.MoveNext($memberSearchIterator))
            {
                $memberSearchResult = $memberSearchIterator.Current

                # Remember the search result
                $memberGuid = $memberSearchResult.GetPropertyByName("objectGuid").Values[0]
                $memberGuidToSearchResult[$memberGuid] = $memberSearchResult.Clone($False)

                # Add the object to the report
                $columnValues = @{ $groupColumnID = $groupIdentity; }
                $Context.Items.Add($memberSearchResult, $columnValues, $NULL)
            }
        }
        finally
        {
            if ($memberSearchIterator) { $memberSearchIterator.Dispose() }
        }
    }
}
finally
{
    if ($searchIterator) { $searchIterator.Dispose() }
}

image.png 10. In the script, the $groupColumnID variable specifies the identifier of the custom column used to group members. To get the column ID:

  • Activate the Columns tab.
  • In the Report-specific columns list, right-click the Group column.
  • In the context menu, navigate to Copy and click Column ID.
  • The column identifier will be copied to the clipboard. image.png
  1. Activate the Columns tab.
  2. Select Group and then click Edit. image.png
  3. Select Text data type. image.png
  4. Click OK twice.
0

perfect as always! never seen such a fast and pro like support as yours! thank you very much!

0

Hello,

Thank you for your good words, it is much appreciated! We are doing our best for our customers. Should you have any questions or need clarifications, do not hesitate to contact Adaxes Support Team.

Related questions

0 votes
1 answer

If I have 2 Active Directory Security groups in my domain - Group A Group B Is it possible to create a report that shows only users who have membership in both groups? For ... Jane Doe is in Group A AND Group B she would be included in the resulting report.

asked May 11, 2020 by sirslimjim (480 points)
0 votes
1 answer

I'd like to create a a custom report to show any approval requests (Approved, Pending, and Rejected) for membership in certain AD groups within our domain. These groups grant users ... " (Just In Time) in the name of the group. Is something like this possible?

asked Mar 30, 2020 by sirslimjim (480 points)
0 votes
1 answer

I am trying to make a custom report that is basically the "Members of Groups" default report but instead of selecting Directory Objects, I want to select groups. The Members of ... will not work in Adaxes 2023 and later. I am running 2023.2 -- Suggestions?

asked Aug 13 by AvenuesRecovery (20 points)
0 votes
1 answer

I need to create a report of all enabled users in selected group or multiple groups. I am aware of the report named "Members of selected groups", but I don't know how to filter only enabled users. Is there a way to achieve this?

asked May 28 by gsoc.ssm (90 points)
0 votes
1 answer

Our Help Desk currently 'mirrors' the group membership of a new user based on another existing user in our AD. I'd like to be able to automate this so that the initiator ... and 'paste' it on the new user being created. Any help on this would be appreciated!

asked Apr 21, 2020 by RayBilyk (230 points)
3,474 questions
3,166 answers
8,061 comments
547,041 users