Script Repository


Change password and reset password operations

February 24, 2021
1470

The script creates and sends an HTML-formatted report on operations where a user password was changed via Adaxes, with a breakdown into Password Change, Administrative Password Reset and Self-Service Password Reset.

Note: The script uses the $Context variable available on the server side only. This means that it can be executed only by business rules, custom commands, and scheduled tasks. For example, to schedule the report, you can create a scheduled task configured for the Domain-DNS object type. To add the script to a scheduled task, use the Run a program or PowerShell script action.

Parameters:

  • $numDays - Specifies the number of days to include in the report. Set the value to 0 to disable filtering by date and output all records that relate to setting a user password.
  • $to - Specifies a semicolon-separated list of recipients of the report.
  • $subject - Specifies the email message subject. In the subject, the {0} placeholder is replaced with information on how many days are included in the report.
  • $reportFooter - Specifies the email message footer.
Edit Remove
PowerShell
$numDays = 1 # set to 0 to include all records
$to = "recipient@domain.com" # TODO: modify me
$subject = "Change Password and Reset Password Operations {0}" # TODO: modify me
$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me

function GetExecutionLog ($logEntryCollection, $executionLog)
{
    $executionLog += "<ul>"
    foreach ($logEntry in $logEntryCollection)
    {
        # Get operation info
        $type = $logEntry.Type
        $message = $logEntry.Message
        $source = $logEntry.Source
        
        # Build report record
        $messageBuilder = ""
        if (-not([System.String]::IsNullOrEmpty($source)))
        {
            # Add source to the message
            $messageBuilder += "$source`: "
        }
        $messageBuilder += "$type - $message"
        
        # Encode all HTML tags
        $messageBuilder = [System.Web.HttpUtility]::HtmlEncode($messageBuilder)
        
        # Add message to report
        $executionLog += "<li>$messageBuilder"
        
        # Add subentries, if any
        $subEntries = $logEntry.SubEntries
        if ($subEntries.Count -ne 0)
        {
            $executionLog = GetExecutionLog $subEntries $executionLog
        }
        $executionLog += "</li>"
    }
    $executionLog += "</ul>"
    return $executionLog
}

# Bind to General Log
$path = $Context.GetWellKnownContainerPath("ServiceLog")
$serviceLog = $Context.BindToObject($path)
$generalLog = $serviceLog.GeneralLog
if ($numDays -ne 0)
{
    $subject = [System.String]::Format($subject, "during the last $numDays days")
    $generalLog.StartDateTime = (Get-Date).AddDays(-$numDays)
    $generalLog.EndDateTime = Get-Date
}
else
{
    $subject = [System.String]::Format($subject, "total")
}

# Get log records
$log = $generalLog.Log
$records = $log.GetPage(0)

# Add log records to report
$passwordOperationInfo = @{
    "Change" = @{"Successful" = 0; "Failed" = 0; "Records" = ""}; 
    "Reset" = @{"Successful" = 0; "Failed" = 0; "Records" = ""}; 
    "SelfReset" = @{"Successful" = 0; "Failed" = 0; "Records" = ""}}
foreach ($record in $records)
{
    # Check operation type
    $recordOperationTypes = $record.GetOperationTypes()
    $addInitiator = $True
    if ($recordOperationTypes -contains "change password")
    {
        $operationInfo = $passwordOperationInfo.Change
    }
    elseif ($recordOperationTypes -contains "reset password" -and $recordOperationTypes -notcontains "self password reset")
    {
        $operationInfo = $passwordOperationInfo.Reset
    }
    elseif ($recordOperationTypes -contains "self password reset")
    {
        $operationInfo = $passwordOperationInfo.SelfReset
        $addInitiator = $False
    }
    else
    {
        continue
    }
        
    if ($record.State -eq "OPERATION_STATE_FAILED_NO_CONTINUE")
    {
        $collor = "bgcolor='red'"
        $operationInfo.Failed += 1
    }
    elseif ($record.State -eq "OPERATION_STATE_FAILED_CAN_CONTINUE")
    {
        $collor = "bgcolor='yellow'"
        $operationInfo.Failed += 1
    }
    else
    {
        $collor = $NULL
        $operationInfo.Successful += 1
    }
    
    # Get Execution Log
    $executionLogEntries = $record.GetExecutionLog()
    if ($executionLogEntries.Count -eq 0)
    {
        $executionLog = "Execution Log is empty"
    }
    else
    {
        # Add Execution Log to report
        $executionLog = GetExecutionLog $executionLogEntries ""
    }
    
    $reportRecord = "<tr valign='top'><td $collor>$($record.StartTime)</td><td $collor>$($record.CompletionTime)</td>"
    if ($addInitiator)
    {
        $reportRecord += "<td>$($record.Initiator.Name)</td>"
    }
    $reportRecord += "<td>$($record.TargetObjectName)</td><td>$executionLog</td></tr>"
    
    # Add record to report
    $operationInfo.Records += $reportRecord
}

# Build html
$html = New-Object "System.Text.StringBuilder"
[void]$html.Append("<h2>Statistics</h2>")
[void]$html.Append("<table border='1'><tr><th>Operation</th><th>Successful</th><th>Failed</th><th>Total</th></tr>")
[void]$html.Append("<tr><td>Change Password</td><td>$($passwordOperationInfo.Change.Successful)</td><td>$($passwordOperationInfo.Change.Failed)</td><td>$($passwordOperationInfo.Change.Failed + $passwordOperationInfo.Change.Successful)</td></tr>")
[void]$html.Append("<tr><td>Reset Password</td><td>$($passwordOperationInfo.Reset.Successful)</td><td>$($passwordOperationInfo.Reset.Failed)</td><td>$($passwordOperationInfo.Reset.Failed + $passwordOperationInfo.Reset.Successful)</td></tr>")
[void]$html.Append("<tr><td>Self-Reset Password</td><td>$($passwordOperationInfo.SelfReset.Successful)</td><td>$($passwordOperationInfo.SelfReset.Failed)</td><td>$($passwordOperationInfo.SelfReset.Failed + $passwordOperationInfo.SelfReset.Successful)</td></tr>")
[void]$html.Append("</table>")
if (-not([System.String]::IsNullOrEmpty($passwordOperationInfo.Change.Records)))
{
    [void]$html.Append("<h2>Change Password</h2>")
    [void]$html.Append("<table border='1'><tr><th>Start Time</th><th>Completion Time</th><th>Initiator</th><th>Target Object</th><th>Execution Log</th></tr>")
    [void]$html.Append($passwordOperationInfo.Change.Records)
    [void]$html.Append("</table>")
}
if (-not([System.String]::IsNullOrEmpty($passwordOperationInfo.Reset.Records)))
{
    [void]$html.Append("<h2>Reset Password</h2>")
    [void]$html.Append("<table border='1'><tr><th>Start Time</th><th>Completion Time</th><th>Initiator</th><th>Target Object</th><th>Execution Log</th></tr>")
    [void]$html.Append($passwordOperationInfo.Reset.Records)
    [void]$html.Append("</table>")
}
if (-not([System.String]::IsNullOrEmpty($passwordOperationInfo.SelfReset.Records)))
{
    [void]$html.Append("<h2>Self-Reset Password</h2>")
    [void]$html.Append("<table border='1'><tr><th>Start Time</th><th>Completion Time</th><th>Target Object</th><th>Execution Log</th></tr>")
    [void]$html.Append($passwordOperationInfo.SelfReset.Records)
    [void]$html.Append("</table>")
}
[void]$html.Append($reportFooter)

# Send report
$Context.SendMail($to, $subject, $NULL, $html)


Comments ( 0 )
No results found.
Leave a comment