Script Repository


Active users with managers

September 30, 2019
285

The script emails a CSV file with a report containing enabled users that have managers specified, users creation date, managers themselves and the status of the manager accounts (enabled/disabled). To run the script, create a Schedueld Task configured for the Domain-DNS object type and assign it over a managed domain. The domain does not specify the scope of users that will be added to the report and will only be used to trigger execution of the Scheduled Task. The criteria for adding users are specified in the PowerShell script.

Parameters:

  • $excludedOuDNs - Specifies an array of distinguished names (DNs) of the OUs, users located in which will not be included into the report. For information on how to get the DN of a directory object, see http://adaxes.com/sdk/?HowDoI.GetDnOfObject.html.
  • $csvFilePath - Specifies a path to the CSV file that will be temporary created.
  • $recipient - Specifies the email address of the notification recipient.
  • $from - Specifies the email address from which the notification will be sent.
  • $subject - Specifies the email notification subject.
  • $message - Specifies the email notification message.
  • $smtpServer - Specifies the SMTP server that will be used to send the notification.
Edit Remove
PowerShell
$excludedOuDNs = @("CN=Users,DC=domain,DC=com", "OU=Sales,DC=domain,DC=com") # TODO modify me

# CSV file settings
$csvFilePath = "C:\Scripts\Report.csv" # TODO: modify me

# Mail settings
$recipient = "recipient@domain.com" # TODO: modify me
$from = "noreply@domain.com" # TODO: modify me
$subject = "Managers report" # TODO: modify me
$message = "Managers report" # TODO: modify me
$smtpServer = "mail.domain.com" # TODO: modify me

function IsDescendantOfExcludedOu ($dnObject, $excludedOuDNs)
{
    foreach ($ouDN in $excludedOuDNs)
    {
        if ($dnObject.IsDescendantOf($ouDN))
        {
            return $True
        }
    }
    
    return $False
}

function SearchObjects($filter, $properties)
{
    $searcher = $Context.BindToObject("Adaxes://rootDSE")
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    $searcher.SetPropertiesToLoad($properties)
    $searcher.VirtualRoot = $True
    
    try
    {
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()
        
        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

# Search managers
$searchResults = SearchObjects "(&(sAMAccountType=805306368)(directReports=*))" @("userAccountControl", "distinguishedName")
$managersInfos = @{}
foreach ($searchResult in $searchResults)
{
    # Get manager account status
    $managerName = $Context.GetDisplayNameFromAdsPath($searchResult.AdsPath)
    if ($searchResult.Properties["userAccountControl"].Value -band 2)
    {
        $accountStatus = "Disabled"
    }
    else
    {
        $accountStatus = "Enabled"
    }
    
    # Add users to report
    $managersInfos.Add($searchResult.Properties["distinguishedName"].Value, @{Name = $managerName; AccountStatus = $accountStatus})
}

# Search users
$searchResults = SearchObjects "(&(sAMAccountType=805306368)(manager=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" @("distinguishedName", "manager", "whenCreated")

# Build table
$records = New-Object System.Collections.ArrayList
foreach ($searchResult in $searchResults)
{
    $dnObject = New-Object "Softerra.Adaxes.Ldap.DN" $searchResult.Properties["distinguishedName"].Value
    if (IsDescendantOfExcludedOu $dnObject $excludedOuDNs)
    {
        continue
    }
    
    $managerInfo = $managersInfos[$searchResult.Properties["manager"].Value]
    
    $userName = $Context.GetDisplayNameFromAdsPath($searchResult.AdsPath)
    $record = New-Object PSObject -Property @{
        "Username" = $userName
        "Manager" = $managerInfo.Name
        "When Created" = $searchResult.Properties["whenCreated"].Value.ToLocalTime()
        "Manager account status" = $managerInfo.AccountStatus
    }
    [void]$records.Add($record)
}

# Send mail
$records.ToArray() | Export-csv -NoTypeInformation -Path $csvFilePath
Send-MailMessage -To $recipient -from $from -SmtpServer $smtpServer -Subject $subject -Body $message -Attachments @($csvFilePath)

# Remove temporary file
Remove-Item $csvFilePath -Force

Comments ( 0 )
No results found.
Leave a comment