0 votes

Hi support,

We have security groups named like Test-Group--Users, where is different for each group.

I have a powershell query which gets a list of those Test-Group--Users" that user is part of

Get-Aduser -properties Name,SamAccountName,Department,co,MemberOf | Select Name, Department, @{n="Test Groups";e={((@($_.memberof.split(",")) -replace "CN=") -like "Test-Group-*") -join ","}}

I am trying to achieve this using Column in Adaxes but not sure how to proceed after this

$User = $Context.GetADObject()
$UserMemberOf = $User.Get("memberof")

#How can I iterate through memberof values in Adaxes scripting
$Context.Value = $UserMemberOf 

Would appreciate any help with this. Thank you

Update I got a bit closer with this

 $User = $Context.GetDirectoryObject()
$UserMemberOf = $User.Get("memberof")
$req = $UserMemberOf.where({$_ -like "CN=Test-Group-*"})
$Context.Value = $req[0] 

But $req contains only Test-Group-<variable>-User that user is member of but it is an array

by (460 points)
edited by
0

Hello,

What exactly do you want the custom column to contain? Should it be all the groups whose name starts with Test-Group- the user is a member of?

0

Hello,

Yes your understanding is correct. That is exactly what I want. Thank you. With the updated below code I am able to get them in array.

 $User = $Context.GetDirectoryObject()
$UserMemberOf = $User.Get("memberof")
$req = $UserMemberOf.where({$_ -like "CN=Test-Group-*"})
$Context.Value = $req[0] 
0

Hello,

Unfortunately, there is no possibility to add multiple objects to a report custom column of the Directory object type. We recommend you to check built-in reports located in container Reports\All Reports\Groups\Membership. If neither of the approaches meets your needs, we can write a script for your custom column that will just list names of the groups (they will be plain text, not links). In this case, the column will ne of Text type.

0

Thank you for letting me know about that, I would be happy with plain text.

1 Answer

+1 vote
by (293k points)
selected by
Best answer

Hello,

Thank you for the confirmation. You can use the below script. In the script, the $groupNameStartsWith variable specifies the text a group name should start with to be added to the column value.

$groupNameStartsWith = "Kiosk" # TODO: modify me

# Get direct group membership.
$object = $Context.GetDirectoryObject()
$directGroupGuidsBytes = $object.GetEx("adm-MemberOfGuid")

# Search parameters
$groupNames = @()
$searcher = $Context.CreateGuidBasedSearcher($directGroupGuidsBytes)
$searcher.SetPropertiesToLoad(@("cn"))
$searcher.Criteria = New-AdmCriteria "group" -Expression {cn -startsWith $groupNameStartsWith}

try
{
    # Execute search.
    $searchIterator = $searcher.ExecuteSearch()
    $searchResults = $searchIterator.FetchAll()

    # Remove target object from greoups.
    foreach ($searchResult in $searchResults)
    {
        $groupNames += $searchResult.GetPropertyByName("cn").Values[0]
    }
}
finally
{
    # Release resources
    if ($searchIterator){ $searchIterator.Dispose() }
}

$Context.Value = [System.String]::Join(",", $groupNames)
0

Thank you for the quick script.

Understanding few elements in script, when $Context.GetDirectoryObject() and $searcher.ExecuteSearch() is perfomed int he backend is it performing a fresh query to Active Directory for every user. Trying to keep perofrmance in mind here as this may run for 1k plus users.

0

Hello,

Yes, that is correct. Also, that is the only option. There is just no other way.

0

Thank you for clarification, this is helpful. Appreciate your efforts in helping with this So there is no way to access the data that report generates when it initially makes calls and loads initial data right. I will create two reports one with the script you provided and one I am trying to develop that I posted initially.

So just to double check in my script if I can get a string manipulation fucntion like split() or replace() then I should be able to perform similar to what you are doing in foreach loop right. here is an example below

$GroupNames=@()
$User = $Context.GetDirectoryObject()
$UserMemberOf = $User.Get("memberof")
$GrpResults = $UserMemberOf.where({$_ -like "CN=Test-Group-*"})
foreach ($GrpResult in $GrpResults)
    {
        # Here I will need to use something else to split() and replace() right ??
        $GroupNames += $GrpResult.GetPropertyByName("cn").Values[0]
    }
+1

Hello,

No, it will not work as the GetPropertyByName method is only available for search results. If it works for you, you can just obtain the name from the distinguished names you get.

$groupNames=@()
$user = $Context.GetDirectoryObject()
$userMemberOf = $user.GetEx("memberof")
$grpResults = $userMemberOf.where({$_ -like "CN=Kiosk*"})
foreach ($grpResult in $grpResults)
{
    $groupDN = New-Object "Softerra.Adaxes.LDAP.DN" $grpResult
    $Context.LogMessage($groupDN.Explode($True)[0], "Information")
    $groupNames += $groupDN.Explode($True)[0]
}

$Context.Value = [System.String]::Join(",", $groupNames)
0

Thank you very much, this is great!! I can use the above provided script, much cleaner and one less call from inital script (correct me if I am wrong here)

I also got this working working by this method


$Grpnamestartwith = "OL-Litmos-"
$SearchName="CN="+$Grpnamestartwith+"*"
$GroupNames=@()
$User = $Context.GetDirectoryObject()
$UserMemberOf = $User.Get("memberof")
$GrpResults = $UserMemberOf.where({$_ -like $SearchName})
foreach($GrpResult in $GrpResults)
{
    $GroupNames += ($GrpResult.split(",")[0] -replace "CN=")
}
$Context.Value = [System.String]::Join(",",$GroupNames) 
0

Hello,

Yes, it should work just fine, too.

0

Thank you appreciate all the help with this. Also the script that we write within Adaxes console is all ADSI scripts or powershell scripts OR I am using powershell language to access ADSI service ?. I am fairly new to Adaxes scripting so just trying to understand concepts.

+1

Hello,

It depends on the code. Basically, most of the scripts you write in Windows PowerShell will work in Adaxes. However, some cmdlets (e.g. Write-Host) do not work in Adaxes. At the same time, whenever, you are using the $Context variable, the script will only work in Adaxes. The following articles will probably be helpful:

Related questions

0 votes
1 answer

Hello, I have a report of computers in multiple groups that I used to create a chart count of "Computers" in certain security memberships relating to agent software. ... a member of the group written in the script. Any assistance is appreciated. Thanks!

asked Nov 7, 2023 by Edogstraus00 (490 points)
0 votes
1 answer

I am trying to restrict which users can be added to groups. In the web configurator how can I add a criteria to restrict the users available to select are only from a ... account has to be enabled but restricting to certain OUs is what I cannot figure out.

asked Jan 19, 2023 by techg (320 points)
0 votes
1 answer

We have RBAC groups inside an OU. We would like to restrict users from being added to multiple RBAC groups at a time. For example: RBAC Roles OU Sales RBAC Group ... groups outside of this OU structure though. What's the best way to achieve this? Thanks

asked Oct 13, 2021 by bavery (250 points)
0 votes
1 answer

Hi there, I am trying creating a report in Adaxes a set of users and looking to add a few group names as column with value 'Yes' or 'No' based on if user is member of ... Value = "Yes" } else{ $Context.Value = "No" } Would appreciate any help in this aspect.

asked May 6, 2022 by Vish539 (460 points)
0 votes
1 answer

We're delegating admin rights to our various IT departments, only giving them access over their stuff under their OUs. They're missing the option to see the group membership ... on user's management history, is there another approach that I'm not aware of?

asked Sep 18 by felix (150 points)
3,574 questions
3,263 answers
8,282 comments
548,008 users