0 votes

We are trying to verify a unique attribute for all users.
what we need it to do:
1. Compare "Employee ID" attribute against all users. (to find any duplicates)
2. Needs to run as a scheduled tasks
3. Need to ignore values of "N/A" and "0" (zero) in the output report.
4. Email .csv or HTML report to a user.

Is this possible with in Adaxes?

Tony Babbe

by (320 points)
0

Hello Tony,

That's possible with the help of PowerShell scripts. It is possible to create a script that finds users with duplicate Employee IDs and generates an appropriate report that is then sent to a certain recipient. We can help you with the script. Could you clarify a few points:

  1. Need to ignore values of "N/A" and "0" (zero) in the output report.

What do you mean by "N/A"? Is it the text "N/A" stored in the Employee ID property or do you mean the case when the Employee ID property is empty?

  1. Email .csv or HTML report to a user.

Both options are possible. Which one do you prefer?

0

Thank you for your reply,

As for this question:

What do you mean by "N/A"? Is it the text "N/A" stored in the Employee ID property or do you mean the case when the Employee ID property is empty?

I ment the the value of Employee ID if it equal to "N/A" or "0" not to be reported in the report.

We would prefer it be a .csv file.

Again, thank you for your help.

Tony Babbe

0

Tony,

OK, we've assigned our script guys to write a script for you. We'll update this topic as soon as they come up with something.

0

By the way, in the new version there will be a built-in report for finding duplicate properties of AD objects.

0

How, do I do that, is there a tutorial for it.

Thanks,

Tony Babbe

0

Tony,

Our script guys will write a script that does the job. As soon as they do it, we'll post it in this topic and give instructions on how to use the script with Adaxes.

1 Answer

0 votes
by (216k points)

Hello Tony,

The script is ready. Here you are:

$to = "recipient@domain.com" # TODO: modify me
$subject = "Users with Non-Unique Employee IDs" # TODO: modify me
$messageBody = "Users with Non-Unique Employee IDs" # TODO: modify me
$from = "noreply@domain.com" # TODO: modify me
$smtpServer = "mail.domain.com" # TODO: modify me
$csvFileName = "report.csv"  # TODO: modify me

# Search all users with Employee ID specified
$searcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher" $NULL, $False
$searcher.SearchParameters.PageSize = 500
$searcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SearchParameters.Filter = "(&(sAMAccountType=805306368)(!employeeID=N\2fA)(!employeeID=0)(employeeID=*))" # Exclude users with Employee ID = 0 and Employee ID = N/A
$searcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.SetPropertiesToLoad(@("employeeID"))
$searcher.VirtualRoot = $True

$result = $searcher.ExecuteSearch()
$users = $result.FetchAll()
$result.Dispose()

# Build a hash table containing Employee IDs and matching usernames
$employeeIDs = @{}
foreach ($userID in $users)
{
    $employeeID = $userID.Properties["employeeID"].Value
    $user = $Context.BindToObject($userID.AdsPath)
    $userName = [Softerra.Adaxes.Utils.ObjectNameHelper]::GetObjectName($user, 'IncludeParentPath')

    if ($employeeIDs.ContainsKey($employeeID))
    {
        $employeeIDs[$employeeID] += "$userName"
        continue
    }

    $employeeIDs.Add($employeeID, @("$userName")) | Out-Null
}

# Build report
$report = @()
foreach ($employeeID in $employeeIDs.Keys)
{
    $userNames = $employeeIDs[$employeeID]

    # Skip users with unique Employee IDs
    if ($userNames.Length -eq 1)
    {
        continue
    }

    # Add non-unique Employee ID to the report
    $reportRecord = New-Object PSObject
    $reportRecord | Add-Member NoteProperty EmployeeID $employeeID

    # Add matching usernames to the report
    $reportRecord | Add-Member NoteProperty UserNames $NULL
    foreach ($userName in $userNames)
    {
        $reportRecord.UserNames += "$userName;"
    }

    $report += $reportRecord
}

# Export to temp csv file
$tempCsvFilePath = [System.IO.Path]::GetTempPath()
$tempCsvFilePath += $csvFileName
$report | Export-Csv $tempCsvFilePath -NoTypeInformation

# Send message
Send-MailMessage -To $to -from $from -SmtpServer $smtpServer -Subject $subject -Body $messageBody -Attachments $tempCsvFilePath

# Remove temp csv file
Remove-Item $tempCsvFilePath -Force

In the script:

  • $to - specifies the recipient of the report,
  • $subject - specifies the subject of the e-mail message with the report,
  • $messageBody - specifies the content of the e-mail message with the report,
  • $from - specifies the report sender,
  • $smtpServer - specifies the SMTP server to be used to send the report,
  • $csvFileName - specifies the name of the CSV file containing the report

To use it with Adaxes, you'll need to create a Custom Command (to be able to launch it on demand) or a Scheduled Task (to launch it on a certain schedule). To create a Custom Command or a Scheduled Task that launches the script and generates a report:

  1. Create a new Custom Command or Scheduled Task.

  2. On the 2nd step of the Create Custom Command wizard,
    - or -
    on the 3rd step of the Create Scheduled Task wizard,

    select Show all object types.

  3. Select the Domain-DNS object type.

  4. At the next step, add the Run a program or PowerShell script action and paste the above script in the Script field.

  5. At the final step of the Create Scheduled Task wizard, include any of your AD domains in the Assignment Scope.

0

Here is the list of Error I got trying to run the script.

New-Object : Cannot find type [Softerra.Adaxes.Adsi.Search.DirectorySearcher]: make sure the assembly containing this type is loaded.
At \\auca-file01\IT\- Documentation -\- Account Administration -\powershell\employee_ID_check.ps1:11 char:13
+ $searcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher" $NULL, $F ...
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidType: (:) [New-Object], PSArgumentException
+ FullyQualifiedErrorId : TypeNotFound,Microsoft.PowerShell.Commands.NewObjectCommand

Property 'PageSize' cannot be found on this object; make sure it exists and is settable.
At \\auca-file01\IT\- Documentation -\- Account Administration -\powershell\employee_ID_check.ps1:12 char:1
+ $searcher.SearchParameters.PageSize = 500
+ ~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : PropertyNotFound

Property 'SearchScope' cannot be found on this object; make sure it exists and is settable.
At \\auca-file01\IT\- Documentation -\- Account Administration -\powershell\employee_ID_check.ps1:13 char:1
+ $searcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
+ ~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : PropertyNotFound

Property 'Filter' cannot be found on this object; make sure it exists and is settable.
At \\auca-file01\IT\- Documentation -\- Account Administration -\powershell\employee_ID_check.ps1:14 char:1
+ $searcher.SearchParameters.Filter = "(&(sAMAccountType=805306368)(!employeeID=N\ ...
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : PropertyNotFound

Property 'ReferralChasing' cannot be found on this object; make sure it exists and is settable.
At \\auca-file01\IT\- Documentation -\- Account Administration -\powershell\employee_ID_check.ps1:15 char:1
+ $searcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : PropertyNotFound

You cannot call a method on a null-valued expression.
At \\auca-file01\IT\- Documentation -\- Account Administration -\powershell\employee_ID_check.ps1:16 char:33
+ $searcher.SetPropertiesToLoad(@("employeeID"))
+ ~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull

Property 'VirtualRoot' cannot be found on this object; make sure it exists and is settable.
At \\auca-file01\IT\- Documentation -\- Account Administration -\powershell\employee_ID_check.ps1:17 char:1
+ $searcher.VirtualRoot = $True
+ ~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : PropertyNotFound

You cannot call a method on a null-valued expression.
At \\auca-file01\IT\- Documentation -\- Account Administration -\powershell\employee_ID_check.ps1:19 char:1
+ $result = $searcher.ExecuteSearch()
+ ~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At \\auca-file01\IT\- Documentation -\- Account Administration -\powershell\employee_ID_check.ps1:20 char:1
+ $users = $result.FetchAll()
+ ~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At \\auca-file01\IT\- Documentation -\- Account Administration -\powershell\employee_ID_check.ps1:21 char:1
+ $result.Dispose()
+ ~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull

Send-MailMessage : The specified string is not in the form required for an e-mail address.
At \\auca-file01\IT\- Documentation -\- Account Administration -\powershell\employee_ID_check.ps1:72 char:1
+ Send-MailMessage -To $to -from $from -SmtpServer $smtpServer -Subject $subject - ...
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidType: (:) [Send-MailMessage], FormatException
+ FullyQualifiedErrorId : FormatException,Microsoft.PowerShell.Commands.SendMailMessage

Send-MailMessage : A recipient must be specified.
At \\auca-file01\IT\- Documentation -\- Account Administration -\powershell\employee_ID_check.ps1:72 char:1
+ Send-MailMessage -To $to -from $from -SmtpServer $smtpServer -Subject $subject - ...
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], InvalidOperationException
+ FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.SendMailMessage

0

Hello Tony,

It seems like you are trying to launch the script directly from the PowerShell console. However, the script was designed to be used only in Custom Commands, Scheduled Tasks or Business Rules via the Run a Program or PowerShell script action. Take a look at instructions for creating a Custom Command or Scheduled Task that uses the script in How to compare a unique attributes.

0

Once I corrected the scope the report worked. Thanks again for the help...It means so much knowing that when we have questions you actually bring answers and solutions.

Thanks Again,
Tony

0

Hello Tony,

Thank you for your good words, we really appreciate it! ;)

Related questions

0 votes
1 answer

Hello, I want to use custom attributes to display values that would be updated via script, but I want a name my users can understand, so rename "CustomAttributeBinary1" to a more ... I cannot find this file on my server anywhere. How can I do this? Thanks.

asked Feb 3, 2015 by DFassett (710 points)
0 votes
1 answer

I am wanting to export a list of users including the properties of a specific custom attribute. Ideally, I would be able to run a get-admuser and filter on a custom attribute, but even an excel report with the custom attributes would work. Is this possible?

asked Sep 9, 2021 by ggallaway (300 points)
0 votes
1 answer

Hi All, I have just been notified that if a user uses the export feature. They are able to export attributes such as 'Member Of' that they do not have ... interface or will I have to individually add permissions to the Domain User security role? Thanks

asked Jun 30, 2020 by antondubek (440 points)
0 votes
1 answer

Good afternoon, I am attempting to create a report to flag Users where the email address in AD does not match the email address in our Payroll system. I am able to use ... ) to grab User objects. Any help or input would be greatly appreciated. Thank you, Keith

asked Aug 12, 2021 by kfrench (20 points)
0 votes
1 answer

I can add a security group as the users "manager" but I can't query members from that group I only have the option to query for manager "is" and not "includes". Using ... as a users manager, or is there a better way of adding multiple managers to a user?

asked Mar 13 by dominik.stawny (160 points)
3,326 questions
3,026 answers
7,727 comments
544,678 users