0 votes

Hallo Everyone

Is there a way to find out recently which Group Membership have been add to a User and if that is possible can we also find our who is the initiator. I've seen the templates for the Groups, but seem i can't follow through.

Thank you in advance for your feedback.

by (650 points)

1 Answer

0 votes
by (215k points)

Hello,

If the membership updates were performed via Adaxes, the information about the operations should be present in operation logs. For information on how to view the logs, please, have a look at the following tutorial: https://www.adaxes.com/tutorials_ActiveDirectoryManagement_ViewADOperationsPerformedViaAdaxes.htm.

To view the log records about a user membership updates, you can filter the logs by the user name. The filters should be like the following: image.png

0

Hallo

Thank you for tutorial, In the Report Adaxes Log what Parameter do i have to change so that "add/Remove Group member" can filter it and make it in a Report.

Any additional information about the desired report would be much appreciated.

0

Hello,

Unfortunately, filtering by operation type takes too much time and can cause report generation failure by exceeding the timeout for script execution. Because of that, the filtering is not available for a big number of log records and the built-in reports for logging do not have such filter.

However, if the supposed number of log records for search is less than 10000, we can provide you with a script for custom report.

0

Hallo

I only need less than 1000 Log records if you can Provide me with the Script for custom Report that will be huge help for me. Thank you.

0

Hello,

Sorry for the confusion but we meant the total number of log records for the period of time the search will be performed for, not the number of records that will be output. Could you, please, clarify the number of records in the Adaxes log for the period the report is supposed to be generated on? To view the number:

  1. Launch Adaxes Administration console.
  2. In the Console Tree, expand your service node.
  3. Select Logging. image.png
  4. In the Time period drop-down, select Date range. image.png
  5. Specify the required range. The number of records will be displayed next to the drop-down. image.png
0

Hallo Sorry for the late reply

I only need the Range for a week.

image.png

0

Hello,

Thank you for the clarification. The report can be created based on the Adaxes log built-in report (located in Reports\All Reports\Miscellaneous\Logging by default). To create the report:

  1. Launch Adaxes Administration console.
  2. In the Console Tree, expand your service node.
  3. Navigate to Reports\All Reports\Miscellaneous\Logging.
  4. Right-click the Adaxes log report.
  5. In the context menu, click Copy. The report will be copied to clipboard. image.png
  6. Paste the report into a container in All Reports.
  7. Specify a new name for the report (e.g. Adaxes log membership update).
  8. Select the Edit report after copy completes checkbox. image.png
  9. Click OK.
  10. Activate the Parameters tab.
  11. Click New. image.png
  12. Select AD object picker. image.png
  13. Click Next.
  14. Specify a parameter name and display name (e.g. User).
  15. Click Next.
  16. Click Configure. image.png
  17. In the Display only objects that match the following LDAP filter field, specify the following filter: (sAMAccountType=805306368) image.png
  18. Click OK.
  19. Click Finish.
  20. Activate the Script tab.
  21. Replace the script in the tab with the script below. In the script, the $userParamName variable specifies the name of the parameter created on step 14 with the param- prefix (e.g. param-User).
$userParamName = "param-User" # TODO: modify me

# Get parameter values
$days = $Context.GetParameterValue("param-Days")
$initiator = $Context.GetParameterValue("param-Initiator")
$showServiceSender = $Context.GetParameterValue("param-ShowServiceSender") -eq "1"
$errorsOnly = $Context.GetParameterValue("param-ErrorsOnly") -eq "1"

$initiatorUser = $initiator.IndexOf("1") -ge 0
$initiatorScheduledTask = $initiator.IndexOf("2") -ge 0
$anyInitiator = $initiatorUser -and $initiatorScheduledTask

# Bind to the 'Service Log' container
$serviceLogPath = $Context.GetWellKnownContainerPath("ServiceLog")
$serviceLog = $Context.BindToObject($serviceLogPath)

# Get log records
$generalLog = $serviceLog.GeneralLog
$generalLog.StartDateTime = (Get-Date).AddDays(- $days)
$generalLog.EndDateTime = Get-Date

$log = $generalLog.Log
$records = $log.GetPage(0)

foreach ($record in $records)
{
    if ($Context.Items.Aborted)
    {
        return
    }

    if ($errorsOnly -and -not(
        ($record.State -eq "OPERATION_STATE_FAILED_CAN_CONTINUE") -or
        ($record.State -eq "OPERATION_STATE_FAILED_NO_CONTINUE")))
    {
        continue
    }

    if ($record.TargetObjectType -ne "group")
    {
        continue
    }

    # Filter by the member added/removed
    $userDn = New-Object "Softerra.Adaxes.Ldap.DN" $Context.GetParameterValue("param-User")
    $userName = $userDn.Leaf.Value
    if ($record.Description -notlike "*$userName*")
    {
        continue
    }

    $operationTypes = $record.GetOperationTypes()
    if ($operationTypes -notcontains "manage group members")
    {
        continue
    }

    if (-not $anyInitiator)
    {
        $initiatorClass = $record.Initiator.ObjectClass

        if ((($initiatorUser -eq $False) -and $initiatorClass -ieq "user") -or
            (($initiatorScheduledTask -eq $False) -and
                (($initiatorClass -ieq "adm-ScheduledTask") -or
                ($initiatorClass -ieq "adm-ReportScheduledTask"))))
        {
            continue
        }
    }

    if (-not $showServiceSender)
    {
        if ($record.CommandSender -ieq "Service")
        {
            continue
        }
    }

    $Context.Items.Add($record)
}

image.png 22. Click OK.

0

It Works pefectly Thank you very much.

Related questions

0 votes
1 answer

Hello, I have 3 groups in my AD environment and want to show all the users that belong to each group. For example - Group 1 Group 2 Group 3 The existing report in the Adaxes ... -Usser D etc. Is there a way to create a report like this? Thank you in advance!

asked Nov 6, 2020 by sirslimjim (2.5k points)
0 votes
1 answer

I followed these instructions but still don't see the edit button unless I log in with my full adaxes administrator account. https://www.adaxes.com/ ... Membership" to the Group Manager built in security role. What am I missing?

asked Mar 4 by mark.it.admin (7.1k points)
0 votes
1 answer

Our Help Desk currently 'mirrors' the group membership of a new user based on another existing user in our AD. I'd like to be able to automate this so that the initiator ... and 'paste' it on the new user being created. Any help on this would be appreciated!

asked Apr 21, 2020 by RayBilyk (690 points)
0 votes
1 answer

Hello, I created a Business Unites that contains groups that apecifc users can change members of.^ Then, I created a Security Role, set permissions ans assignments. When the user ... he get two errors (see printscreens) What is missing? Thanks for your help.

asked Dec 4, 2018 by tentaal (5.8k points)
0 votes
1 answer

Hi, Group memberships are kept when using "User Copy" function. Is it possible to do the same thing between two existing users ? (custom commands or else) Thanks for your response, Yoann

asked Oct 4, 2012 by yoann.hamon (1.9k points)
2,467 questions
2,215 answers
5,950 comments
335,390 users