0 votes

I've got a scheduled agent that is attempting to export data for updated employees. When an employee record is updated, we're setting the value of the LDAP custom attribute adm-CustomAttributeBoolean1 to true. A nightly scheduled task will search the domain for all users that have that attribute set to true. See the code snippet that shows the filter I'm using. I definitely have one record where the attribute is true, but the search doesn't return any rows. Any assistance would be greatly appreciated.

# Get AdsPath of target object
$targetObject = $Context.BindToObjectByDN("%distinguishedName%")
$targetObjectPath = $targetObject.ADsPath

$Context.LogMessage("Domain being searched is: " + $targetObjectPath, "Information")

# Search all users in the target OU
$userSearcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher" $NULL, $False
$userSearcher.SearchParameters.BaseObjectPath = $targetObjectPath
$userSearcher.SearchParameters.PageSize = 1000
$userSearcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
# Filter for User objects that are not disabled and employeeID doesn't contain zeros or 'NMU' or employeeID is not blank
$userSearcher.SearchParameters.Filter = "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(adm-CustomAttributeBoolean1=true))"
#$userSearcher.SearchParameters.Filter = "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(adm-CustomAttributeBoolean1=$True)(!(employeeID=000000))(!(employeeID=NMU))(employeeID=*))"
$properties = $eachFieldIn , "distinguishedName"
$userSearcher.SetPropertiesToLoad("$properties")

$sortOption = New-Object "Softerra.Adaxes.Adsi.AdmSortOption"
$sortOption.PropertyName = $sortBy
$sortOption.Direction = $sortDirection
$userSearcher.Sort = $sortOption

try
{
    $userResult = $userSearcher.ExecuteSearch()
    $sortedUsers = $userResult.FetchAll()
    $totalUserCount = $sortedUsers.Count

    # If no records returned, exit script
    if ($totalUserCount -eq 0) 
    {
      $Context.LogMessage("No updates found to export.  Processing terminated.", "Information")
      # Release resources used by the search
      $userResult.Dispose()
      return
    }
...
by (790 points)

1 Answer

0 votes
by (215k points)
selected by
Best answer

Hello,

The thing is that currently Adaxes custom attributes are not included in LDAP searches for performance considerations. To work around the issue, in your task, you can bind to each user one-by-one and check the value of the attribute. In our Script Repository, we have a script that does a very similar job: creates an HTML-formatted list of users who have a certain custom attribute assigned (not empty). See it here: http://www.adaxes.com/script-repository ... ty-s43.htm. You can use it as a starting point.

0

Thanks. I found that post and successfully used it as a basis for my scheduled task.

Related questions

0 votes
1 answer

How do you add a custom attribute to the search results? Version 2017.2 / 3.8.14823.0

asked Nov 12, 2018 by hgletifer (1.2k points)
0 votes
1 answer

I have Search configured for one of our web interfaces. One of the fields that can be searched is a custom attribute admCustomAttributeText4 (with a friendly name of ... are definitely some accounts with that attribute populated. Is this behaving as designed?

asked Sep 19, 2018 by sandramnc (790 points)
0 votes
1 answer

Hi, I have tried to rename a Boolean attribute as below: -<friendlyNameItem> <ldapName> adm-CustomAttributeBoolean1</ldapName> <friendlyName>Is A Contractor< ... as the ldap name after iis restart etc. Would appreciate any help.

asked Mar 3, 2015 by bistromath (840 points)
0 votes
1 answer

We've built a custom command that sends our EULA to people via email if their department is a certain value, otherwise it sends it to the initiator. This is part of ... the condition: How can I set the condition to test whether otheMailbox is present or not?

asked Aug 19, 2020 by johnsonua (390 points)
0 votes
1 answer

Hello! We are currently trying to use the REST API to search for all group objects in our domain, but the search result is only returning 1000 objects. We tried supplying a ... the request. Is there a way to retrieve more than 1000 objects using the REST API?

asked Feb 16 by KelseaIT (320 points)
2,757 questions
2,491 answers
6,523 comments
1,465,910 users