0 votes

Hello Adaxes Team I would like to create a report that shows me all approvals for the action "adding a user to an AD group".

I want to be able to filter by the following criteria:

  • AD Group Name
  • Initiator
  • TargetUser (The user who was added to the AD group)

I have copied the existing standard report "Approved request" and adapted it using the example here: https://www.adaxes.com/script-repository/users-who-are-members-of-each-specified-group-s575.htm

The filtering by group works. Can you help me to add the other two filters to the report?

If possible, I would like to have an additional column "Target User", which contains the name of the user who was added to the group.

Thanks and greetings pudong

by (560 points)
0

Hello,

For us to help you with the desired report, please, post here or send us (support@adaxes.com) the script you already have with group filtering. Also, please, specify how exactly you want to filter by initiator and the user being added to group. Should they be selected via a report parameter?

Any additional details and live examples will be much appreciated.

1 Answer

0 votes
by (226k points)
selected by
Best answer

Hello,

Thank you for all the details you sent. To create the report:

  1. Launch Adaxes Administration console.

  2. In the Console Tree, navigate to Reports\All Reports\Miscellaneous\Approvals.

  3. Copy the Approved requests report to a container where you want the new report to be located.

  4. Right-click the new report and then click Edit in the context menu.

  5. Activate the Parameters tab.

  6. Click New.

  7. Select AD object picker and click Next. image.png

  8. Specify a parameter name and display name (e. g. Group).

  9. Click Next.

  10. Configure the options for selecting a group (multiple selection should be disallowed) and click Finish.

  11. Repeat steps 6-10 for the parameter that will be used to select the initiator.

  12. Finally, the Parameters tab should look like the following:

  13. Activate the Columns tab.

  14. In the Report-specific columns section, select the Initiator column and click Edit. image.png

  15. Activate the Value calculation tab.

  16. Select Template.

  17. In the Template field, specify a value reference for the parameter created on step 11 (e.g. %param-user%). image.png

  18. Click OK.

  19. In the Report-specific columns section, click Add. image.png

  20. Specify a display name for the column that will contain group description and click Next. image.png

  21. Select Template.

  22. In the Template field, specify some value (e. g. empty). The value will never be present in the report and is only required to create the custom column.

  23. Click Finish.

  24. Activate the Script tab.

  25. Paste the below script into the corresponding field. In the script, the $groupDescriptionColumnID variable specifies the identifier of the custom column that will contain group description. To get the identifier:

    • On the Columns tab, right-click the column in the Report-specific columns section.
    • In the context menu, navigate to Copy and click Column ID. image.png
    • The identifier will be copied to the clipboard.
     $groupDescriptionColumnID = "{c5c1ffaa-26da-47c6-86fd-037fd86919c7}" # TODO: modify me
    
     # Get parameters values
     $userDN = $Context.GetParameterValue("param-User")
     $groupDN = $Context.GetParameterValue("param-Group")
     $days = $Context.GetParameterValue("param-Days")
    
     $user = $Context.BindToObjectByDN($userDN) -as [Softerra.Adaxes.Interop.Adsi.PersistentObjects.IAdmUser2]
     if ($NULL -eq $user)
     {
         $Context.LogMessage("The object type is not supported.", "Error")
         return
     }
    
     # Get request GUIDs
     $dateFrom = [DateTime]::Now.AddDays(- $days)
     $requestGuids = $user.GetRequestsForApproval2("ADM_APPROVALSTATE_APPROVED", $dateFrom, [DateTime]::MinValue)
    
     # Target object filter
     $group = $Context.BindToObjectByDN($groupDN)
     $groupGuid = $group.Get("objectGuid")
     $groupGuidFilter = [Softerra.Adaxes.Ldap.FilterBuilder]::Create("adm-TargetObjectGuid", $groupGuid)
    
     # Get group description
     try
     {
         $description = $group.Get("description")
     }
     catch
     {
         $description = $NULL
     }
    
     # Create a request searcher
     $requestSearcher = $Context.CreateGuidBasedSearcher($requestGuids)
     $requestSearcher.AppendFilter($groupGuidFilter)
     $approvalsPath = $Context.GetWellKnownContainerPath("ApprovalRequests")
     $requestSearcher.BaseObjectPath = $approvalsPath
     $requestSearcher.SearchParameters.VirtualRoot = $False
     $propertiesToLoad = $Context.DirectorySearcher.GetPropertiesToLoad()
     $requestSearcher.SetPropertiesToLoad($propertiesToLoad)
    
     # Generate report
     try
     {
         $searchIterator = $requestSearcher.ExecuteSearch()
         while ($Context.MoveNext($searchIterator))
         {
             $searchResult = $searchIterator.Current
             $Context.Items.Add($searchResult, @{ $groupDescriptionColumnID = $description }, $NULL)
         }
     }
     finally
     {
         if ($searchIterator) { $searchIterator.Dispose() }
     }
  26. If necessary, replace names of parameters in the following lines:

      $userDN = $Context.GetParameterValue("param-User")
      $groupDN = $Context.GetParameterValue("param-Group")
  27. Click OK.

0

Thank you for the detailed instructions! I was able to create the report.

Related questions

0 votes
1 answer

The section is not defined in the available options in Adaxes and it is in the AD as well. Eg; I need to add a section called ' Security Access' and have it ... to select from options like User Directory, Internet access, Track-It account , SAP access etc.

asked Oct 13, 2021 by Aishwarya Gavali (20 points)
0 votes
1 answer

Hello, I'd like to create a custom Adaxes report based on the following Logging Filters - I'm currently having to filter the logs manually each time I want to gather this ... would be easier to jump on a call to discuss this further? Thank you in advance!

asked Nov 16, 2020 by sirslimjim (400 points)
0 votes
1 answer

Hi, I'm very new to Adaxes and still getting to grips with it. Is there any way to search or filter within the web interface, users that have an Exchange Online shared mailbox? Thanks

asked Oct 14, 2020 by sysg89 (20 points)
0 votes
1 answer

I'm attaching below a snippet from a scheduled task. It's a function that receives as a parameter the employeeID, which is then used in the search filter. ... { $userInfo."$propertyName" = $searchResult.Properties[$propertyName].Value } } return $userInfo }

asked Oct 28, 2016 by sandramnc (820 points)
0 votes
1 answer

I have an export that will run as a monthly scheduled task that will write output to a CSV to contain employees that have been ... ([datetime]terminationDate>=$lastMonth))" $properties = $eachFieldIn $userSearcher.SetPropertiesToLoad($properties)

asked Nov 2, 2015 by sandramnc (820 points)
2,779 questions
2,511 answers
6,574 comments
25,626 users