0 votes

Hello, we want to setup a scheduled report with all our teams (security groups) and their respective team-leader (specified in "managedBy" of security group).

I get the name of the team-leader in the report, but i also need the attribute "employeeNumber" of the team-leader. And this is my problem...

Can you help me with this problem?

by (160 points)
0

Hello,

For us to suggest a solution, please, specify how exactly the report is currently generated. If it is generated by a script, please, post the script here or send to us (support[at]adaxes.com).

0

I copied a default report "objects in OU", so i think it is generated by the following script

# Get parameter values
$objectTypes = $Context.GetParameterValue("param-ObjectTypes")
$scope = $Context.GetParameterValue("param-Scope")
$subtreeScope = $scope -eq "ADS_SCOPE_SUBTREE"

# Custom column identifiers
$ouColumnID = "{44db2afb-5559-4d2f-a1f7-e623e3a6c815}"

# Create a searcher for child objects
$childObjSearcher = New-Object Softerra.Adaxes.Adsi.Search.DirectorySearcher $NULL, $False
$childObjSearcher.SearchParameters.SearchScope = $scope
$childObjSearcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$childObjSearcher.SearchParameters.Filter = "(|" + $objectTypes + ")"
$childObjSearcher.SearchParameters.PageSize = 500
$childObjSearcher.SetPropertiesToLoad($Context.DirectorySearcher.GetPropertiesToLoad())

# Add properties necessary to generate the report
$propertiesForOUs = @("objectClass", "objectGuid", "distinguishedName")
$Context.DirectorySearcher.SetPropertiesToLoad($propertiesForOUs)

# Search filter
$filter = "(objectCategory=organizationalUnit)"
$Context.DirectorySearcher.AppendFilter($filter)

# Generate report
try
{
    $searchIterator = $Context.DirectorySearcher.ExecuteSearch()
    while ($Context.MoveNext($searchIterator))
    {
        $searchResult = $searchIterator.Current

        $ouDN = $searchResult.GetPropertyByName("distinguishedName").Values[0]
        $columnValues = @{ $ouColumnID = $ouDN; }

        # Search for child objects
        $hasChildObjects = $False
        $childObjSearcher.SearchParameters.BaseObjectPath = $searchResult.AdsPath
        try
        {
            $childObjSearchIterator = $childObjSearcher.ExecuteSearch()
            while ($Context.MoveNext($childObjSearchIterator))
            {
                $childObjSearchResult = $childObjSearchIterator.Current
                if ($subtreeScope -and ($childObjSearchResult.AdsPath -eq $searchResult.AdsPath))
                {
                    # Subtree scope includes the base object. We don't need the object in the report.
                    continue
                }

                $hasChildObjects = $True
                # Add the object to the report
                $Context.Items.Add($childObjSearchResult, $columnValues, $NULL)
            }
        }
        finally
        {
            if ($childObjSearchIterator) { $childObjSearchIterator.Dispose() }
        }

        if ($hasChildObjects -eq $False)
        {
            # The OU is empty
            if ($styleNoChildObjects -eq $NULL)
            {
                $styleNoChildObjects = $Context.Items.CreateItemStyle("#3d3d3d", $NULL,
                    "ADM_LISTITEMFONTSTYLE_REGULAR")
            }
            $Context.Items.Add(-1, "<Keine Objekte>", "Information", $columnValues, $styleNoChildObjects)
        }
    }
}
finally
{
    if ($searchIterator) { $searchIterator.Dispose() }
}
0

Hello,

Sorry for the confusion, but we are not sure what report exactly you need. Should it only include security groups located in the selected OU and the report columns should display group names, group owners (specified in the Managed By property) and Employee Numbers of the owners?

If that is not so, please, provide all the possible details regarding the desired report with live examples.

0

You are exactly right. Security Groups in selected OU and in the columns the name of the group, group owner and employeeNumber of the owner.

1 Answer

0 votes
by (283k points)

Hello,

Thank you for the confirmation. To create the desired report:

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, right-click your service node.
  3. In the context menu, navigate to New and click Report. image.png
  4. Enter a report name and click Next. image.png
  5. Click New.
  6. Click Next twice and then click Finish.
  7. Click Next twice.
  8. In the Report-specific columns section, click Add. image.png
  9. Enter a custom column name (e.g. Owner Employee Number) and click Next. image.png
  10. In the Script field, paste the below script:
$group = $Context.GetADObject()
try
{
    $groupOwnerDN = $group.Get("managedBy")
    $groupOwner = $Context.BindToObjectByDN($groupOwnerDN)
    $employeeNumber = $groupOwner.Get("employeeNumber")
}
catch
{
    $employeeNumber = $NULL
}

$Context.Value = $employeeNumber
  1. Click Finish.
  2. Click Next.
  3. In the Search filter field, enter the following:
(groupType:1.2.840.113556.1.4.803:=2147483648)
  1. Click Next and finish creating the report.
0

Thanks for your help, it works great!

Related questions

0 votes
0 answers

It would be great if we could run a report on an OU and get the following information: Computer Name Local Accounts Whether or not the account is an administrator ... this is less important. Thanks in advance. Your support team is great and appreciated.

asked Sep 8, 2021 by mikek (80 points)
0 votes
1 answer

Hi, I would need to set a random plaintext in the header of the login page of one of the contexts (via custom HTML). This plaintext must be aligned with a ... . This would serve as a pseudo verification code for entering in the console. Thanks, Daniele

asked May 26, 2020 by dmaggiolo (20 points)
0 votes
1 answer

Using this built in function: There is no option to change the domain on the user account, however this is not the domain we use for UPN. However after creating a user, you can change it but trying to avoid going back into the object.

asked Apr 14, 2023 by mightycabal (1.0k points)
0 votes
1 answer

How can I create a script that does these things For internal audit. objective Even removing all groups of a disconnected user, we will still know which groups the ... in the created group (audit)-sAMAccountName-access add the (user)-sAMAccountName in members

asked Jul 2, 2022 by alancardoso (40 points)
0 votes
1 answer

I have 18 domains managed by Adaxes and have noticed that Admin (full access) t all objects acts normally, but for piecemeal scopes like Service Desk that scopes to individual ... role (including 16 denies) and expect it to grow as we add more domains.

asked Sep 20, 2022 by DA-symplr (100 points)
3,477 questions
3,170 answers
8,082 comments
547,079 users