0 votes

I'm trying to modify the script http://www.adaxes.com/script-repository ... ce-s79.htm to find all the users in a specific AD group, and I need to find out if they have the AD attribute 'otherMailbox' populated, since our Self Service Password Reset policy requires a code sent to an email address.

Limiting the search to the group is simple just add another clause to the ldap search, but I don't know what 'Softerra.Adaxes.Adsi.Search.DirectorySearcher' returns in a search.

Alternatively is enrollment status available via LDAP?

by (390 points)
0

I can't even get the referenced script to run. Not sure what the issue is. The failure I'm getting is:

*PS C:\Windows\system32> Y:\windows-utils\Bruce_scripts\mmc_sspr_enrolled.ps1

GAC Version Location
--- ------- --------
True v2.0.50727 C:\Windows\assembly\GAC_MSIL\Softerra.Adaxes.Adsi\3.7.11926.0__43a637781bd9a3c2\Softerra.Adaxes.Adsi.dll

New-Object : Cannot find type [Softerra.Adaxes.Adsi.Search.DirectorySearcher]: verify that the assembly containing this type is loaded.
At Y:\windows-utils\Bruce_scripts\mmc_sspr_enrolled.ps1:9 char:13
+ $searcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher ...
+ ~~~~~~~~~~~~~
+ CategoryInfo : InvalidType: (:) [New-Object], PSArgumentException
+ FullyQualifiedErrorId : TypeNotFound,Microsoft.PowerShell.Commands.NewObjectCommand*

Followed by a bunch of errors about the object not having the property.

Here's the script:

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$to = "johnson@pharmacy.arizona.edu" # TODO: modify me
$subject = "MMC Users Enrolled for Password Self-Service" # TODO: modify me
$reportHeader = "<h3><b>Users enrolled for Password Self-Service:</b></h3><br/><table border='0'>" # TODO: modify me
$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me

# Search all enabled users
$searcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher" $NULL, $False
$searcher.SearchParameters.PageSize = 500
$searcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SearchParameters.Filter = "(&(sAMAccountType=805306368)(memberOf='MedicarePtD')(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
$searcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.VirtualRoot = $True

# Find enrolled users
try
{
    $searchResult = $searcher.ExecuteSearch()
    $users = $searchResult.FetchAll()
    $userNumber = 0
    foreach ($userID in $users)
    {
        $user = $Context.BindToObject($userID.AdsPath)

        if ($user.IsEnrolled)
        {
            # Add user to report
            $userNumber++
            $userName = [Softerra.Adaxes.Utils.ObjectNameHelper]::GetObjectName($user, 'IncludeParentPath')
            $reportHeader += "<tr><td>$userNumber.</td><td>$userName</td><td> Is Enrolled</td></tr>"
        }
        else {
         # Add user to report
            $userNumber++
            $userName = [Softerra.Adaxes.Utils.ObjectNameHelper]::GetObjectName($user, 'IncludeParentPath')
            $reportHeader += "<tr><td>$userNumber.</td><td>$userName</td><td>Is NOT Enrolled</td></tr>"
        }
    }
    $reportHeader += "</table>"
}
finally
{
    $searchResult.Dispose()
}

# Build report
$htmlBody = $reportHeader + $reportFooter

# Send mail
$Context.SendMail($to, $subject, $NULL, $htmlBody)

Please log in or register to answer this question.

Related questions

0 votes
1 answer

Is there a way to export the list of users enrolled in Password Self-Service? When I click on "Statistics" and select only "Enrolled", I see the list ... Attributes such as "adm-PasswordSelfServiceEnrollmentInfo" (I am guessing that is the correct attribute)

asked Jun 6, 2016 by Kikaida (1.1k points)
0 votes
1 answer

Is there a way to present different pages when users view their own properties, and if they view other users properties in the Self Service portal? We have certain custom fields ... 't see the fields, but I would rather the whole section not shown if possible.

asked Mar 31, 2016 by Kikaida (1.1k points)
0 votes
1 answer

Hi Team, I am looking to see if we can enable MFA for self service for specific users, I have enabled MFA for self service using the web configuratior sign on options, but that ... MFA for all the users. So wanted to check if this is a possibility, thank you.

asked Jul 9, 2021 by Vish539 (100 points)
0 votes
1 answer

As Always thank you guys for such an excellent product, I have could not have so few IT admins for such a large organization as I do without this tool. As they say it ... of "User Self Service" and their role's visibility or should I be doing something else?

asked Mar 15, 2016 by strikk (360 points)
0 votes
1 answer

Hi, I'm wondering if there is a way round the following "issue" we have. We are running 2018.2 (3.10.16008.0 x64) with Self-Service Client 1.3.7797.0. A ... given a choice of sign-in options, just go straight to Username &amp; Password? Many thanks, Simon

asked Jan 17, 2019 by simontorroni (50 points)
2,640 questions
2,375 answers
6,305 comments
986,053 users