0 votes

Dear Adaxes Support,

I'm trying to check the uniqueness of the Initials-proberty. My script works well so far.

Import-Module Adaxes

$value = $Context.GetModifiedPropertyValue("initials");

    if ((Get-AdmUser -Filter 'initials -eq $value' -SearchBase "OU=%adm-CustomAttributeText17%,dc=buho,dc=name" -SearchScope "subtree" ) -ne $NULL )
    {
        $Context.Cancel("Ein Benutzer mit diesen Initialen existiert bereits!");
        return;
    }

I'd like check the Uniqueness just of a spezific Path. Something like this:

Import-Module Adaxes

$value = $Context.GetModifiedPropertyValue("initials");
$Domain = $Context.GetObjectDomain("%distinguishedName%")
$searchebase = "OU=%adm-CustomAttributeText17%,$Domain"

    if ((Get-AdmUser -Filter 'initials -eq $value' -SearchBase $searchebase -SearchScope "subtree" ) -ne $NULL )
    {
        $Context.Cancel("Ein Benutzer mit diesen Initialen existiert bereits!");
        return;
    }

but it doesn't work. Have you a idea how I can do this in the right way?

Thanks :-)

by (700 points)
0

Hello,

What specifically do you store in the CustomAttributeText17 property?

0

Dear Support,

Maybe is it possible to check the Uniqueness of the property 'initials' just of the Base what Company the user belongs. That would be the best for me. Then we don't have to check where's the User in the AD and we can Forget the Searchbase with the CustomAttribute. Can you help me there?

Is it also possible, outputting the users with the existing initials in the message $context.cancel

Thanks a lot,

0

Hello,

Please confirm that we understand your requirements correctly: you would like to cancel creation of a new user, if there is another user with the same Initials and that has the same company specified in the Company property. Is that correct?

Also, what the script should do if:

  • No Initials specified for the user?
  • No Company specified for the user?
0

Thats absolutly correct :-)

•No Initials specified for the user? nothing. This Property is not for all user required
•No Company specified for the user?a message that a Company is required

Thanks

1 Answer

0 votes
by (216k points)

Here's the script that meets your requirements:

Import-Module Adaxes

# Get initials
$initials = $Context.GetModifiedPropertyValue("initials")
if ($initials -eq $NULL)
{
    return
}

# Get Company
$company = $Context.GetModifiedPropertyValue("company")
if ($company -eq $NULL)
{
    $Context.Cancel("Please specify a company for the user." )
    return
}

$users = Get-AdmUser -Filter {(initials -eq $initials) -and  (company -eq $company)}

if ($users -ne $NULL)
{
    # Get usernames of all users who have the same initials and the company
    $Context.LogMessage("The following users also have the same initials:", "Warning")
    foreach ($user in $users)
    {
        $Context.LogMessage($user.Name, "Warning")
    }

    $Context.Cancel("Ein Benutzer mit diesen Initialen existiert bereits!")
}
0

Dear Support,

thanks for the script, but it doesn't work.When I try modify a exist User and the Company is empty or filled out I get this message:

0

This strongly depends on when you want to check for uniqueness. Are you going to use the script only when a user is created, only when a user is modified, or both?

0

Hi,

I'd like to use it for both. Before a User is created and before a User is modified

0

The following version of the script can be used in Business Rules triggered both before a user is created and before a user is modified:

Import-Module Adaxes

# Get Company
if ($Context.IsPropertyModified("company"))
{
    $company = $Context.GetModifiedPropertyValue("company")
}
else
{
    try
    {
        $company = $Context.TargetObject.Get("company")
    }
    catch
    {
        $company = $NULL
    }
}
if ($company -eq $NULL)
{
    $Context.Cancel("No company specified.")
    return
}

# Check if Initials were modified
if ($Context.IsPropertyModified("initials"))
{
    $initials = $Context.GetModifiedPropertyValue("initials")
}
else
{
    try
    {
        $initials = $Context.TargetObject.Get("initials")
    }
    catch
    {
        $initials = $NULL
    }
}
if ($initials -eq $NULL)
{
    return
}

$users = Get-AdmUser -Filter {(initials -eq $initials) -and  (company -eq $company)}
if ($users -ne $NULL)
{
    # Get usernames of all users who have the same initials and company
    $Context.LogMessage("The following users also have the same initials:", "Warning")
    foreach ($user in $users)
    {
        $Context.LogMessage($user.Name, "Warning")
    }

    $Context.Cancel("Ein Benutzer mit diesen Initialen existiert bereits!")
}

Please pay attention that when you make changes via the Administration Console, and change both the properties simultaneously, Adaxes will save the changes as two separate operations, setting the properties one-by-one. That is, the Business Rule will be triggered twice: first when the Initials property is updated, and then when the Company property is updated, or vice versa.

This behavior is observed only in the Administration Console. In the Web interface, if you change both the properties simultaneously, they will be set within one operation.

Related questions

0 votes
1 answer

Hello, I try to change the script from Report 'Inactive users' to get only users which are located under an specific "Admin" OU. I can't use "Look ... "(|" + $filterNoLastLogon + $filterLoggedOnBefore + ")" + $filterPasswordChangedBefore + ")" regards Helmut

asked Feb 13, 2019 by a423385 (510 points)
0 votes
1 answer

I have to do a weekly Inactiviy Report for Accounts that have not logged in for 30 days or more. 1 of the reports is for Internal users BUT there is an Account ... Adaxes and working on the product, and i need to get all my reporting done through Adaxes

asked Nov 14, 2022 by dtorannini (80 points)
0 votes
1 answer

Hello dear ADAXES community, what i wanted to do is, to have a custom report which does the following: get every group in a specific OU (the OU comes from an adaxes custom ... Add($Group.name) } } is this possible in such a way? thank you for your help

asked Sep 23, 2020 by m_st (200 points)
0 votes
1 answer

Hi, Can you tell me how to look up a list of last logged-in users for computers from specific OU? Have OU called Laptops and need to know who as last person logged into ... username-of-last-user-who-lgged-on-to-computer-s269.htm but it' s not design for OU

asked Dec 2, 2019 by roberttryba (70 points)
0 votes
1 answer

Hi Team, I am looking to see if we can enable MFA for self service for specific users, I have enabled MFA for self service using the web configuratior sign on options, but that ... MFA for all the users. So wanted to check if this is a possibility, thank you.

asked Jul 9, 2021 by Vish539 (310 points)
3,326 questions
3,025 answers
7,723 comments
544,675 users