Script Repository


Users with managers

May 18, 2020
225

The script emails a report containing users that have managers specified, managers themselves and the status of the manager accounts (enabled/disabled). To run the script, create a Schedueld Task configured for the Domain-DNS object type and assign it over a managed domain. The domain does not specify the scope of users that will be added to the report and will only be used to trigger execution of the Scheduled Task. The criteria for adding users are specified in the PowerShell script.

Script 1: Report embedded into email body

Parameters:

  • $to - Specifies the recipient's email address.
  • $subject - Specifies the email notification subject.
  • $reportHeader - Specifies the report header.
  • $reportFooter - Specifies the report footer.
Edit Remove
PowerShell
# E-mail settings
$to = "recipient@domain.com" # TODO: modify me
$subject = "Managers report" # TODO: modify me
$reportHeader = "<h2>Managers report</h2>"
$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it was sent to you for notification purposes only.</i></p>" # TODO: modify me

function SearchObjects($filter, $properties)
{
    $searcher = $Context.BindToObject("Adaxes://rootDSE")
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    $searcher.SetPropertiesToLoad($properties)
    $searcher.VirtualRoot = $True
    
    try
    {
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()
        
        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

# Search managers
$searchResults = SearchObjects "(&(sAMAccountType=805306368)(directReports=*))" @("directReports", "userAccountControl")

# Build table
$tableRecords = New-Object "System.Text.StringBuilder"
foreach ($searchResult in $searchResults)
{
    # Get manager account status
    $managerName = $Context.GetDisplayNameFromAdsPath($searchResult.AdsPath)
    if ($searchResult.Properties["userAccountControl"].Value -band 2)
    {
        $accountStatus = "Disabled"
    }
    else
    {
        $accountStatus = "Enabled"
    }
    
    # Add users to report
    foreach ($dn in $searchResult.Properties["directReports"].Values)
    {
        $path = New-Object -TypeName "Softerra.Adaxes.Adsi.AdsPath" -ArgumentList @($null, $dn)
        $userName = [Softerra.Adaxes.Utils.ObjectNameHelper]::GetObjectName($path, "IncludeParentPath")
        [void]$tableRecords.Append("<tr>")
        [void]$tableRecords.Append("<td>$userName</td>")
        [void]$tableRecords.Append("<td>$managerName</td>")
        [void]$tableRecords.Append("<td>$accountStatus</td>")
        [void]$tableRecords.Append("</tr>")
    }
}

# Build HTML
$html = New-Object "System.Text.StringBuilder"
[void]$html.Append($reportHeader)
[void]$html.Append("<table border='1' width='100%%'>")
[void]$html.Append("<tr><th>Username</th><th>Manager</th><th>Manager account status</th></tr>")
[void]$html.Append($tableRecords.ToString())
[void]$html.Append("</table>")
[void]$html.Append($reportFooter)

# Send mail
$Context.SendMail($to, $subject, $NULL, $html.ToString())

Script 2: Report attached as CSV

This script also allows excluding users located in specific OUs from the report.

Parameters:

  • $excludedOuDNs - Specifies an array of distinguished names (DNs) of the OUs, users located in which will not be included into the report. For information on how to get the DN of a directory object, see Get the DN of an Active Directory Object.
  • $csvFilePath - Specifies a path to the CSV file that will be temporary created.
  • $recipient - Specifies the email address of the notification recipient.
  • $from - Specifies the email address from which the notification will be sent.
  • $subject - Specifies the email notification subject.
  • $message - Specifies the email notification message.
  • $smtpServer - Specifies the SMTP server that will be used to send the notification.
Edit Remove
PowerShell
$excludedOuDNs = @("CN=Users,DC=domain,DC=com", "OU=Sales,DC=domain,DC=com") # TODO modify me

# CSV file settings
$csvFilePath = "C:\Scripts\Report.csv" # TODO: modify me

# Mail settings
$recipient = "recipient@domain.com" # TODO: modify me
$from = "noreply@domain.com" # TODO: modify me
$subject = "Managers report" # TODO: modify me
$message = "Managers report" # TODO: modify me
$smtpServer = "mail.domain.com" # TODO: modify me

function IsDescendantOfExcludedOu ($dnObject, $excludedOuDNs)
{
    foreach ($ouDN in $excludedOuDNs)
    {
        if ($dnObject.IsDescendantOf($ouDN))
        {
            return $True
        }
    }
    
    return $False
}

function SearchObjects($filter, $properties)
{
    $searcher = $Context.BindToObject("Adaxes://rootDSE")
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    $searcher.SetPropertiesToLoad($properties)
    $searcher.VirtualRoot = $True
    
    try
    {
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()
        
        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}



# Search managers
$searchResults = SearchObjects "(&(sAMAccountType=805306368)(directReports=*))" @("directReports", "userAccountControl")

# Build table
$records = New-Object System.Collections.ArrayList
foreach ($searchResult in $searchResults)
{
    # Get manager account status
    $managerName = $Context.GetDisplayNameFromAdsPath($searchResult.AdsPath)
    if ($searchResult.Properties["userAccountControl"].Value -band 2)
    {
        $accountStatus = "Disabled"
    }
    else
    {
        $accountStatus = "Enabled"
    }
    
    # Add users to report
    foreach ($dn in $searchResult.Properties["directReports"].Values)
    {
        $dnObject = New-Object "Softerra.Adaxes.Ldap.DN" $dn
        if (IsDescendantOfExcludedOu $dnObject $excludedOuDNs)
        {
            continue
        }
        
        $path = New-Object -TypeName "Softerra.Adaxes.Adsi.AdsPath" -ArgumentList @($null, $dn)
        $userName = [Softerra.Adaxes.Utils.ObjectNameHelper]::GetObjectName($path, "IncludeParentPath")
        $record = New-Object PSObject -Property @{
            "Username" = $userName
            "Manager" = $managerName
            "Manager account status" = $accountStatus
        }
        [void]$records.Add($record)
    }
}

# Send mail
$records.ToArray() | Export-csv -NoTypeInformation -Path $csvFilePath
Send-MailMessage -To $recipient -from $from -SmtpServer $smtpServer -Subject $subject -Body $message -Attachments @($csvFilePath)

# Remove temporary file
Remove-Item $csvFilePath -Force


Comments ( 0 )
No results found.
Leave a comment