0 votes

Hello, we want to setup a scheduled report with all our teams (security groups) and their respective team-leader (specified in "managedBy" of security group).

I get the name of the team-leader in the report, but i also need the attribute "employeeNumber" of the team-leader. And this is my problem...

Can you help me with this problem?

by (100 points)
0

Hello,

For us to suggest a solution, please, specify how exactly the report is currently generated. If it is generated by a script, please, post the script here or send to us (support[at]adaxes.com).

0

I copied a default report "objects in OU", so i think it is generated by the following script

# Get parameter values
$objectTypes = $Context.GetParameterValue("param-ObjectTypes")
$scope = $Context.GetParameterValue("param-Scope")
$subtreeScope = $scope -eq "ADS_SCOPE_SUBTREE"

# Custom column identifiers
$ouColumnID = "{44db2afb-5559-4d2f-a1f7-e623e3a6c815}"

# Create a searcher for child objects
$childObjSearcher = New-Object Softerra.Adaxes.Adsi.Search.DirectorySearcher $NULL, $False
$childObjSearcher.SearchParameters.SearchScope = $scope
$childObjSearcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$childObjSearcher.SearchParameters.Filter = "(|" + $objectTypes + ")"
$childObjSearcher.SearchParameters.PageSize = 500
$childObjSearcher.SetPropertiesToLoad($Context.DirectorySearcher.GetPropertiesToLoad())

# Add properties necessary to generate the report
$propertiesForOUs = @("objectClass", "objectGuid", "distinguishedName")
$Context.DirectorySearcher.SetPropertiesToLoad($propertiesForOUs)

# Search filter
$filter = "(objectCategory=organizationalUnit)"
$Context.DirectorySearcher.AppendFilter($filter)

# Generate report
try
{
    $searchIterator = $Context.DirectorySearcher.ExecuteSearch()
    while ($Context.MoveNext($searchIterator))
    {
        $searchResult = $searchIterator.Current

        $ouDN = $searchResult.GetPropertyByName("distinguishedName").Values[0]
        $columnValues = @{ $ouColumnID = $ouDN; }

        # Search for child objects
        $hasChildObjects = $False
        $childObjSearcher.SearchParameters.BaseObjectPath = $searchResult.AdsPath
        try
        {
            $childObjSearchIterator = $childObjSearcher.ExecuteSearch()
            while ($Context.MoveNext($childObjSearchIterator))
            {
                $childObjSearchResult = $childObjSearchIterator.Current
                if ($subtreeScope -and ($childObjSearchResult.AdsPath -eq $searchResult.AdsPath))
                {
                    # Subtree scope includes the base object. We don't need the object in the report.
                    continue
                }

                $hasChildObjects = $True
                # Add the object to the report
                $Context.Items.Add($childObjSearchResult, $columnValues, $NULL)
            }
        }
        finally
        {
            if ($childObjSearchIterator) { $childObjSearchIterator.Dispose() }
        }

        if ($hasChildObjects -eq $False)
        {
            # The OU is empty
            if ($styleNoChildObjects -eq $NULL)
            {
                $styleNoChildObjects = $Context.Items.CreateItemStyle("#3d3d3d", $NULL,
                    "ADM_LISTITEMFONTSTYLE_REGULAR")
            }
            $Context.Items.Add(-1, "<Keine Objekte>", "Information", $columnValues, $styleNoChildObjects)
        }
    }
}
finally
{
    if ($searchIterator) { $searchIterator.Dispose() }
}
0

Hello,

Sorry for the confusion, but we are not sure what report exactly you need. Should it only include security groups located in the selected OU and the report columns should display group names, group owners (specified in the Managed By property) and Employee Numbers of the owners?

If that is not so, please, provide all the possible details regarding the desired report with live examples.

0

You are exactly right. Security Groups in selected OU and in the columns the name of the group, group owner and employeeNumber of the owner.

1 Answer

0 votes
by (223k points)

Hello,

Thank you for the confirmation. To create the desired report:

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, right-click your service node.
  3. In the context menu, navigate to New and click Report. image.png
  4. Enter a report name and click Next. image.png
  5. Click New.
  6. Click Next twice and then click Finish.
  7. Click Next twice.
  8. In the Report-specific columns section, click Add. image.png
  9. Enter a custom column name (e.g. Owner Employee Number) and click Next. image.png
  10. In the Script field, paste the below script:
$group = $Context.GetADObject()
try
{
    $groupOwnerDN = $group.Get("managedBy")
    $groupOwner = $Context.BindToObjectByDN($groupOwnerDN)
    $employeeNumber = $groupOwner.Get("employeeNumber")
}
catch
{
    $employeeNumber = $NULL
}

$Context.Value = $employeeNumber
  1. Click Finish.
  2. Click Next.
  3. In the Search filter field, enter the following:
(groupType:1.2.840.113556.1.4.803:=2147483648)
  1. Click Next and finish creating the report.
0

Thanks for your help, it works great!

Related questions

0 votes
0 answers

It would be great if we could run a report on an OU and get the following information: Computer Name Local Accounts Whether or not the account is an administrator ... this is less important. Thanks in advance. Your support team is great and appreciated.

asked Sep 8, 2021 by mikek (80 points)
0 votes
1 answer

Hi, I would need to set a random plaintext in the header of the login page of one of the contexts (via custom HTML). This plaintext must be aligned with a ... . This would serve as a pseudo verification code for entering in the console. Thanks, Daniele

asked May 26, 2020 by dmaggiolo (20 points)
0 votes
0 answers

How can I create a script that does these things For internal audit. objective Even removing all groups of a disconnected user, we will still know which groups the ... in the created group (audit)-sAMAccountName-access add the (user)-sAMAccountName in members

asked 2 days ago by alancardoso (20 points)
0 votes
1 answer

I would like users to use Adaxes to add themselves or others to a group, but instead of it just working, it has to go thru an approval process and be approved by the group owner before they are added. Thanks!

asked Jun 30, 2021 by RayBilyk (200 points)
0 votes
0 answers

I'm trying to setup a quick automations to drop a notification into a Micrsoft Teams feed using their Webhook integration. I've managed to make Webhooks work ... -body $body -ContentType 'application/json' Any assistance with this would be gratefully received

asked Jan 20, 2020 by richarddewis (240 points)
2,761 questions
2,494 answers
6,535 comments
1,481,356 users