Adaxes

Powershell Script with two jobs in it

0 votes

I have written a de-provisioning job as part of removing a terminated employee's access. This job disables the account, resets the password, sets the account description to specific verbiage, etc. Part of this job is a Powershell script that removes all group memberships from the AD account. This works great (I believe I was assisted with the script on this forum previously), and is as follows:

Import-Module Adaxes
$user = Get-AdmUser "%distinguishedName%" -Properties MemberOf
if ($user.MemberOf -ne $Null)
{
    foreach ($groupDN in $user.MemberOf)
    {
        Remove-AdmGroupMember $groupDN -Members $user  -Confirm:$False
    }
}

However, due to continued mistakes in removing access accidentally, a second script has been written to pipe out the user's AD group memberships to a .csv file with the AD username as the name of the file, for when I need to restore those group memberships. It's not an elegant solution, but it works. This script is as follows: 

Import-Module Adaxes
$user =  "%Username%"
$tempfile = "\\SERVERNAME\FOLDER" + $user + ".csv"
Get-AdmUser $user | Get-AdmPrincipalGroupMembership -AdaxesService ADAXESSERVERNAME | Select-Object name | Export-Csv -NoTypeInformation $tempfile

I have tried combining this "pipe user group membership" script into the de-provision script, so that I can just run the one job, but it doesn't work. What I want it to do is:

  1. Pipe out all of the user's AD group memberships to a USERNAME.csv file and store it on a server share.
  2. Remove all AD group memberships from the user's account.

Both scripts work individually, but combined, the script doesn't work. I have tried it in both Powershell by itself, and in the Adaxes tool as part of the de-provision job. Could I possibly get help with this? Thanks!

by (360 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

This script should do the job:

$tempfilePath = "\\SERVERNAME\FOLDER\%username%.csv" # TODO: modify me

# Get all groups that the user is a direct member of
$groupGuids = $Context.TargetObject.GetEx("adm-DirectMemberOfGuid")

# Get the ID of the user's primary group
$primaryGroupId = $Context.TargetObject.Get("primaryGroupID")

$report = @()
foreach ($groupGuidBytes in $groupGuids)
{
    # Bind to the group
    $groupGuid = New-Object "System.Guid" (,$groupGuidBytes)
    $groupGuid = $groupGuid.ToString("B")
    $groupPath = "Adaxes://<GUID=$groupGuid>"
    $group = $Context.BindToObject($groupPath)

    # Skip the group if it is the primary group for the user
    if ($group.Get("primaryGroupToken") -eq $primaryGroupId)
    {
        continue
    }

    # Remove the user from the group
    $group.Remove($Context.TargetObject.AdsPath)

    # Add the group to the report
    $reportEntry = New-Object PSObject
    $reportEntry | Add-Member -Name Name -Value $group.Get("name") -MemberType NoteProperty
    $report += $reportEntry
}

# Save the report
$report | Export-Csv -Path $tempfilePath -NoTypeInformation
0

This works great! Once again, you guys are awesome. Thank you!

by (360 points)

Related questions

0 votes
1 answer
Is it possible to execute a disabled parameterised Custom Command from a Powershell script?

Hi, I followed this example: https://www.adaxes.com/sdk/IAdmTop6.html, but because the Custom Command is disabled, I get the following error message: System.Management.Automation ... if I enable the Custom Command. I am using Adaxes 2018.2 Best Regards Martin

asked Feb 19, 2020 by Martin (100 points)
0 votes
1 answer
Is it possible to sort a dropdown-field in the portal? The field is populated by a script

I have a dropdown-field on the web surface, which is populated by a script. The script looks up all groups in a specific OU and displays them. In the Property Pattern ... random order. What should i do to show the groups in alphabetical order in the portal?

asked Sep 15, 2020 by lohnag (160 points)
0 votes
1 answer
PowerShell script with parameters, pass them to Custom Command

We've the following script we want to use in Adaxes to create as part of user creation, to ask if the user will need a AWS workspace, then asks employeetype for different ... "Error") exit(-1) } else { $Context.LogMessage("Created workspace", "Information") }

asked May 3 by Plusa (20 points)
0 votes
1 answer
Help with powershell script

Hi, we just recently installed Adaxes and would like to implement a PowerShell script that I have previously written which cleans up user objects if they have been manually ... to perform the operation Stack trace: at &lt;ScriptBlock&gt;, &lt;No file&gt;".

asked Oct 2, 2023 by Mark.Monaco (20 points)
0 votes
1 answer
How do we properly open and close an Exchange Online session with Powershell script?

Recently, Microsoft deprecated use of the remote PS sessions using version 1. We have since converted all of our scripts to version 2, but our nightly staff ... { # Close the remote session and release resources Disconnect-ExchangeOnline -Confirm:$false }

asked Nov 2, 2022 by MShep (80 points)
3,365 questions
3,064 answers
7,815 comments
545,265 users