Script Repository

Process pending approval requests created more than X days ago

February 25, 2021 Views: 1084
Approval Requests

The scripts process outdated approval requests that were not approved, denied or cancelled within a predefined time frame. To run the script, create a scheduled task configured for the Domain-DNS object type.

Deny outdated approval requests

Parameters:

  • $requestExpirationDays – Specifies the number of days an approval request needs to remain pending to become outdated.
  • $reason – Specifies a reason for the requests denial.
Edit Remove
PowerShell
$requestExpirationDays = 30 # TODO: modify me
$reason = "The request is denied because it was not processed within $requestExpirationDays days" # TODO: modify me

# Bind to the 'Approval Requests' container
$approvalRequestsPath = $Context.GetWellKnownContainerPath("ApprovalRequests")
$container = $Context.BindToObject($approvalRequestsPath)

# Get all pending approval requests
$requestGuidsInBytes = $container.GetApprovalRequests("ADM_APPROVALSTATE_PENDING")

# Iterate through the requests
foreach ($guidInBytes in $requestGuidsInBytes)
{
    # Bind to the approval request
    $guid = [Guid]$guidInBytes
    $request = $Context.BindToObject("Adaxes://<GUID=$guid>")
    
    # Check whether the request must be denied
    $deadlineDate = $request.CreationDate.AddDays($requestExpirationDays)
    if ([System.DateTime]::Now -lt $deadlineDate)
    {
        continue
    }

    $request.Deny($reason)
}

Approving outdated approval requests

Parameter:

  • $requestExpirationDays – Specifies the number of days an approval request needs to remain pending to become outdated.
Edit Remove
PowerShell
$requestExpirationDays = 30 # TODO: modify me

# Bind to the 'Approval Requests' container
$approvalRequestsPath = $Context.GetWellKnownContainerPath("ApprovalRequests")
$container = $Context.BindToObject($approvalRequestsPath)

# Get all pending approval requests
$requestGuidsInBytes = $container.GetApprovalRequests("ADM_APPROVALSTATE_PENDING")

# Iterate through the requests
foreach ($guidInBytes in $requestGuidsInBytes)
{
    # Bind to the approval request
    $guid = [Guid]$guidInBytes
    $request = $Context.BindToObject("Adaxes://<GUID=$guid>")
    
    # Check whether the request must be approved
    $deadlineDate = $request.CreationDate.AddDays($requestExpirationDays)
    if ([System.DateTime]::Now -lt $deadlineDate)
    {
        continue
    }

    $request.Approve()
}
Comments 2
avatar
Gareth Jan 11, 2023
Is there a way I can tie this script to just one initiator? I'd like to run this but only from approval requests that have been initated by a specific scheduled task.
Reply
avatar
Support Jan 13, 2023
Yes, it is possible. Please, find the updated scripts below. In the scripts, the $scheduledTaskDN variable was added. It specifies the distinguished name (DN) of the scheduled task that initiated requests which must be processed. For information on how to get an object DN, have a look at the following SDK article: https://www.adaxes.com/sdk/HowDoI.GetDnOfObject


Deny outdated approval requests

Edit Remove
PowerShell
$requestExpirationDays = 30 # TODO: modify me
$scheduledTaskDN = "CN=MyTask,CN=Scheduled Tasks,CN=Configuration Objects,CN=Adaxes Configuration,CN=Adaxes" # TODO: modify me
$reason = "The request is denied because it was not processed within $requestExpirationDays days" # TODO: modify me

$task = $Context.BindToObjectByDN($scheduledTaskDN)
$taskGuid = [Guid]$task.Get("objectGuid")

# Bind to the 'Approval Requests' container
$approvalRequestsPath = $Context.GetWellKnownContainerPath("ApprovalRequests")
$container = $Context.BindToObject($approvalRequestsPath)

# Get all pending approval requests
$requestGuidsInBytes = $container.GetApprovalRequests("ADM_APPROVALSTATE_PENDING")

# Iterate through the requests
foreach ($guidInBytes in $requestGuidsInBytes)
{
    # Bind to the approval request
    $guid = [Guid]$guidInBytes
    $request = $Context.BindToObject("Adaxes://<GUID=$guid>")
    
    # Check whether the request must be denied
    $deadlineDate = $request.CreationDate.AddDays($requestExpirationDays)
    $requestorGuid = [Guid]$request.Get("adm-ApprovalRequestorGuid")
    
    if ([System.DateTime]::Now -lt $deadlineDate -or ($requestorGuid -ne $taskGuid))
    {
        continue
    }

    $request.Deny($reason)
}


Approve outdated approval requests

Edit Remove
PowerShell
$requestExpirationDays = 30 # TODO: modify me
$scheduledTaskDN = "CN=MyTask,CN=Scheduled Tasks,CN=Configuration Objects,CN=Adaxes Configuration,CN=Adaxes" # TODO: modify me

$task = $Context.BindToObjectByDN($scheduledTaskDN)
$taskGuid = [Guid]$task.Get("objectGuid")

# Bind to the 'Approval Requests' container
$approvalRequestsPath = $Context.GetWellKnownContainerPath("ApprovalRequests")
$container = $Context.BindToObject($approvalRequestsPath)

# Get all pending approval requests
$requestGuidsInBytes = $container.GetApprovalRequests("ADM_APPROVALSTATE_PENDING")

# Iterate through the requests
foreach ($guidInBytes in $requestGuidsInBytes)
{
    # Bind to the approval request
    $guid = [Guid]$guidInBytes
    $request = $Context.BindToObject("Adaxes://<GUID=$guid>")
    
    # Check whether the request must be approved
    $deadlineDate = $request.CreationDate.AddDays($requestExpirationDays)
    $requestorGuid = [Guid]$request.Get("adm-ApprovalRequestorGuid")
    
    if ([System.DateTime]::Now -lt $deadlineDate -or ($requestorGuid -ne $taskGuid))
    {
        continue
    }

    $request.Approve()
}
Reply
avatar
Gareth Jan 18, 2023
Works perfect, thank you!
Reply
Leave a comment
Related Scripts

Got questions?

Support Questions & Answers