0 votes

the following script works great to email a table list of ALL users indicating the appropriate value of the customer fields specified. The challenge is the export includes EVERY user in our AD. Is there a way to limit it to only those users that have a value for ANY of the fields requested. IE if everything other than DisplayName were blank - don't include that record in the output table. Thank you!

$email = "<somebody@mii.com>" # TODO: modify me  

$propertyNames = @("DisplayName",“MIIUSDenverProductionSQL”,”MIIUSDenverTestSQL”,”MIITopTeam”,”MIIMSDN”,”MIILabManager”,”MIIADN”,”MIITFS2”,”MIIUSTestTrack”,”MIIUSAegisTestTrack”,”MIINAmericaTestTrack”,”MIIUSRobbinsTestTrack”,”MIIUSEngineOneTestTrack”,”MIIUSTrencoTestTrack”,”MIISapphirePortalTestTrack”,”MIISapphireOEMTestTrack”,”MIIGlobalWebTestTrack”,”MIIUSTestTrackMiTekBAEApplications”,”MIIUSTestTrackMitekPortalsandAccessoryApps”,”MIIUSTestTrackWebandSWE”) # TODO: modify me  

$bodyBuilder = New-Object "System.Text.StringBuilder"  
$bodyBuilder.append("<html><head>") | Out-Null  
$bodyBuilder.append("<meta http-equiv=""Content-Type"" content=""text/html charset=UTF-8""></head>") | Out-Null  
$bodyBuilder.append("<body>") | Out-Null  
$bodyBuilder.append("Rob & Dave: This is an annual security review required by Berkshire Hathaway auditors. Please review the various security areas and those who have been authorized security to these areas. If you wish to modify any of the security options for an individual, please complete a security request appropriately. If you have any questions, please contact Michael Paul; otherwise you do not need to respond. Unless I hear from you, it is expected by default that you have completed the review and made any necessary security changes accordingly within 30 days of receiving this email report. Thank you!") | Out-Null  
$bodyBuilder.append("<table width=""100%%"" border=""1"">") | Out-Null  
$bodyBuilder.append("<tr>") | Out-Null  

foreach ($propertyName in $propertyNames)  
{  
 $bodyBuilder.append("<th>$propertyName</th>") | Out-Null  
}  

$bodyBuilder.append("</tr>") | Out-Null  

# Find all users under the target object  
$searcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher" $NULL, $False  
$searcher.SearchParameters.PageSize = 500  
$searcher.SearchParameters.SearchScope = "ADS\_SCOPE\_SUBTREE"  
$searcher.SearchParameters.BaseObjectPath = $Context.TargetObject.AdsPath  
$searcher.SearchParameters.Filter = "(&(objectCategory=person)(objectClass=user))"  
$searcher.SearchParameters.ReferralChasing = "ADS\_CHASE\_REFERRALS\_NEVER"  
$searcher.SetPropertiesToLoad($propertyNames)  
$searcherResult = $searcher.ExecuteSearch()  

# Iterate through search results and include them into the report  
foreach ($user in $searcherResult.FetchAll())  
{  
 $bodyBuilder.append("<tr>") | Out-Null  
 $resultPropertyCollection = $user.Properties  

 foreach ($propertyName in $propertyNames)  
 {  
 # If the property is not set for the user  
 if (!($resultPropertyCollection.Contains($propertyName)))  
 {  
 $bodyBuilder.append("<td> </td>") | Out-Null  
 continue  
 }  
 # include values for the property in the report  
 $values = ($resultPropertyCollection\[$propertyName\]).Values  

 $bodyBuilder.append("<td>")  
 foreach ($value in $values)  
 {  
 $bodyBuilder.append("$value")  
 }  

 $bodyBuilder.append("</td>")  
 }  
 $bodyBuilder.append("</tr>") | Out-Null  
}  
$searcherResult.Dispose()  

$bodyBuilder.append("</table>") | Out-Null  
$bodyBuilder.append("</body></html>") | Out-Null  

# Send mail  
$Context.SendMail($email, "Annual Required Security Audit: SWE", $null, $bodyBuilder.ToString())
by (360 points)
0

Hello,

Sure, we've asked our script guys to have a look. We'll update this topic as soon as they come up with something.

1 Answer

0 votes
by (215k points)

Hello again,

Here you are:

$email = "somebody@mii.com" # TODO: modify me

$propertyNames = @("DisplayName","MIIUSDenverProductionSQL","MIIUSDenverTestSQL","MIITopTeam","MIIMSDN","MIILabManager","MIIADN","MIITFS2","MIIUSTestTrack","MIIUSAegisTestTrack","MIINAmericaTestTrack","MIIUSRobbinsTestTrack","MIIUSEngineOneTestTrack","MIIUSTrencoTestTrack","MIISapphirePortalTestTrack","MIISapphireOEMTestTrack","MIIGlobalWebTestTrack","MIIUSTestTrackMiTekBAEApplications","MIIUSTestTrackMitekPortalsandAccessoryApps","MIIUSTestTrackWebandSWE") # TODO: modify me

$bodyBuilder = New-Object "System.Text.StringBuilder"
$bodyBuilder.append("<html><head>") | Out-Null
$bodyBuilder.append("<meta http-equiv=""Content-Type"" content=""text/html charset=UTF-8""></head>") | Out-Null
$bodyBuilder.append("<body>") | Out-Null
$bodyBuilder.append("Rob & Dave: This is an annual security review required by Berkshire Hathaway auditors. Please review the various security areas and those who have been authorized security to these areas. If you wish to modify any of the security options for an individual, please complete a security request appropriately. If you have any questions, please contact Michael Paul; otherwise you do not need to respond. Unless I hear from you, it is expected by default that you have completed the review and made any necessary security changes accordingly within 30 days of receiving this email report. Thank you!") | Out-Null
$bodyBuilder.append("<table width=""100%%"" border=""1"">") | Out-Null
$bodyBuilder.append("<tr>") | Out-Null

foreach ($propertyName in $propertyNames)
{
    $bodyBuilder.append("<th>$propertyName</th>") | Out-Null
}

$bodyBuilder.append("</tr>") | Out-Null

# Find all users under the target object
$searcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher" $NULL, $False
$searcher.SearchParameters.PageSize = 500
$searcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SearchParameters.BaseObjectPath = $Context.TargetObject.AdsPath
$searcher.SearchParameters.Filter = "(&(objectCategory=person)(objectClass=user))"
$searcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.SetPropertiesToLoad($propertyNames)

$searcherResult = $searcher.ExecuteSearch()
$users = $searcherResult.FetchAll()
$searcherResult.Dispose()
# Iterate through search results and include them into the report
foreach ($user in $users)
{
    $bodyBuilder.append("<tr>") | Out-Null
    $resultPropertyCollection = $user.Properties

    # Skip if none of the $propertyNames are set
    if (($resultPropertyCollection.Count -eq 0) -or (($resultPropertyCollection.Count -eq 1) -and ($resultPropertyCollection.Contains("DisplayName"))))
    {
        continue
    }

    foreach ($propertyName in $propertyNames)
    {
        # If the property is not set for the user
        if (!($resultPropertyCollection.Contains($propertyName)))
        {
            $bodyBuilder.append("<td>&nbsp</td>") | Out-Null
            continue
        }
        # include values for the property in the report
        $values = ($resultPropertyCollection[$propertyName]).Values

        $bodyBuilder.append("<td>")
        foreach ($value in $values)
        {
            $bodyBuilder.append("$value")
        }

        $bodyBuilder.append("</td>")
    }
    $bodyBuilder.append("</tr>") | Out-Null
}

$bodyBuilder.append("</table>") | Out-Null
$bodyBuilder.append("</body></html>") | Out-Null

# Send mail
$Context.SendMail($email, "Annual Required Security Audit: SWE", $null, $bodyBuilder.ToString())

Here's the portion of the script that skips a user if none of the properties are set:

    # Skip if none of the $propertyNames are set
    if (($resultPropertyCollection.Count -eq 0) -or (($resultPropertyCollection.Count -eq 1) -and ($resultPropertyCollection.Contains("DisplayName"))))
    {
        continue
    }
0

Thank you, the reviewers have asked for one more change to the report. Use the Friendly Name as the column header versus the Active Directory field name. Thanks!

0

Hello,

Here's a version of the script that uses the same names for the properties as they are displayed in Adaxes:

$email = "somebody@mii.com" # TODO: modify me

$propertyNames = @("DisplayName","MIIUSDenverProductionSQL","MIIUSDenverTestSQL","MIITopTeam","MIIMSDN","MIILabManager","MIIADN","MIITFS2","MIIUSTestTrack","MIIUSAegisTestTrack","MIINAmericaTestTrack","MIIUSRobbinsTestTrack","MIIUSEngineOneTestTrack","MIIUSTrencoTestTrack","MIISapphirePortalTestTrack","MIISapphireOEMTestTrack","MIIGlobalWebTestTrack","MIIUSTestTrackMiTekBAEApplications","MIIUSTestTrackMitekPortalsandAccessoryApps","MIIUSTestTrackWebandSWE") # TODO: modify me

$bodyBuilder = New-Object "System.Text.StringBuilder"
$bodyBuilder.append("<html><head>") | Out-Null
$bodyBuilder.append("<meta http-equiv=""Content-Type"" content=""text/html charset=UTF-8""></head>") | Out-Null
$bodyBuilder.append("<body>") | Out-Null
$bodyBuilder.append("Rob & Dave: This is an annual security review required by Berkshire Hathaway auditors. Please review the various security areas and those who have been authorized security to these areas. If you wish to modify any of the security options for an individual, please complete a security request appropriately. If you have any questions, please contact Michael Paul; otherwise you do not need to respond. Unless I hear from you, it is expected by default that you have completed the review and made any necessary security changes accordingly within 30 days of receiving this email report. Thank you!") | Out-Null
$bodyBuilder.append("<table width=""100%%"" border=""1"">") | Out-Null
$bodyBuilder.append("<tr>") | Out-Null

# Get display names for all properties
$culture = [System.Globalization.CultureInfo]::CurrentCulture
$attributeFriendlyNamesCache = [Softerra.Adaxes.Directory.AttributeFriendlyNamesCache]::GetInstance($culture)

foreach ($propertyName in $propertyNames)
{
    # Add property name to the report
    if ($attributeFriendlyNamesCache.HasFriendlyName($propertyName))
    {
        $propertyFriendlyName = $attributeFriendlyNamesCache.GetFriendlyName($propertyName, "user")
    }
    else
    {
        $propertyFriendlyName = $propertyName
    }

    $bodyBuilder.append("<th>$propertyFriendlyName</th>") | Out-Null
}

$bodyBuilder.append("</tr>") | Out-Null

# Find all users under the target object
$searcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher" $NULL, $False
$searcher.SearchParameters.PageSize = 500
$searcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SearchParameters.BaseObjectPath = $Context.TargetObject.AdsPath
$searcher.SearchParameters.Filter = "(&(objectCategory=person)(objectClass=user))"
$searcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.SetPropertiesToLoad($propertyNames)

$searcherResult = $searcher.ExecuteSearch()
$users = $searcherResult.FetchAll()
$searcherResult.Dispose()
$Context.LogMessage($users.Count, "Information")
# Iterate through search results and include them into the report
foreach ($user in $users)
{
    $bodyBuilder.append("<tr>") | Out-Null
    $resultPropertyCollection = $user.Properties

    if (($resultPropertyCollection.Count -eq 0) -or (($resultPropertyCollection.Count -eq 1) -and ($resultPropertyCollection.Contains("DisplayName"))))
    {
        continue
    }

    foreach ($propertyName in $propertyNames)
    {
        # If the property is not set for the user
        if (!($resultPropertyCollection.Contains($propertyName)))
        {
            $bodyBuilder.append("<td> </td>") | Out-Null
            continue
        }
        # include values for the property in the report
        $values = ($resultPropertyCollection[$propertyName]).Values

        $bodyBuilder.append("<td>")
        foreach ($value in $values)
        {
            $bodyBuilder.append("$value")
        }

        $bodyBuilder.append("</td>")
    }
    $bodyBuilder.append("</tr>") | Out-Null
}

$bodyBuilder.append("</table>") | Out-Null
$bodyBuilder.append("</body></html>") | Out-Null

# Send mail
$Context.SendMail($email, "Annual Required Security Audit: SWE", $null, $bodyBuilder.ToString())
0

PERFECT! THANK YOU!

Related questions

0 votes
1 answer

The Advanced Search in the Domain Find(CTRL-F3) function allows you to select a custom Active Directory field(added by IT, not a windows default AD field). When you ... helpful to have a Contains, Does not Contain logical operator in the Find function. Thanks!

asked Oct 11, 2012 by mpaul (360 points)
0 votes
1 answer

Hello! Is there a way to clear the AD attribute "thumbnailPhoto" with a checkbox property? I wanted to implement a checkbox in the mask "Modify user" and if the box is checked, clear the attribute. How do I implement this? Much appreciated, Marco

asked Apr 21 by marco_jandl (60 points)
0 votes
1 answer

Can I manage the user that is user by Adaxes to connect to Active Directory with Privilege Access Management (PAM)? Since this user can change user's password, ... would like to manage this user so that PAM can change/rotate the password periodically

asked Nov 18, 2021 by fachmi (170 points)
0 votes
1 answer

We originally installed Adaxes and assigned the Adaxes Service user to the Domain Admins group. We are now locking down that group and have removed the Adaxes Serivce from ... to do things. What rights does Adaxes Service need in order to administer users?

asked Jul 23, 2021 by cobaltcu (20 points)
0 votes
1 answer

It's possible to integrate ADAXES with HR Solution to create user in active directory ?

asked Feb 14, 2020 by babid (20 points)
2,779 questions
2,512 answers
6,574 comments
25,886 users