Script Repository


Objects located in Organizational Unit

April 24, 2017
1385

This script generates and emails an HTML-formatted report containing Active Directory objects located in the Organizational Unit on which it is executed and matching a certain LDAP filter. It also allows skipping certain Organizational Units located within the listed OU.

To generate the reports upon request, you can create a Custom Command for the Organizational Unit object type that runs the script. To schedule the reports, you need to create a Scheduled Task and include the necessary OU in the Activity Scope.

To add the script to a Custom Command or Scheduled Task, use the Run a program or PowerShell script action.

Parameters:

  • $searchFilter - specifies a LDAP search filter string that will be used to find the objects you need;
  • $reportProperties - specifies LDAP display names of the object attributes you want to include in the report;
  • $excludedOuNames - specifies names of sub-OUs that will be skipped. Pass an empty array not to skip any sub-OUs;
  • $to - specifies email addresses of the recipient(s) of the report;
  • $subject - specifies the email message subject;
  • $reportHeader - specifies the report header;
  • $reportFooter - specifies the report footer.
Edit Remove
PowerShell
$searchFilter = "(&(objectCategory=person)(objectClass=user))" # TODO: modify me
$reportProperties = @("description", "physicalDeliveryOfficeName", "department")
$excludedOuNames = @("Service Accounts", "Disabled Accounts") # TODO modify me

# E-mail message settings
$to = "recipient@example.com" # TODO: modify me
$subject = "Users in OU '%name%'" # TODO: modify me
$reportHeader = "<h2><b>Users in OU '%name%'</b></h2>" # TODO: modify me
$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me

function IsDescendantOfOu($userDN, $excludedOuNames)
{
    foreach ($ouName in $excludedOuNames)
    {
        if ($userDN.Contains("OU=$ouName,"))
        {
            return $True
        }
    }
    return $False
}

# Find objects matching the LDAP filter
$searcher = $Context.TargetObject
$searcher.SearchFilter = $searchFilter
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$propertiesToLoad = $reportProperties + @("distinguishedName", "objectGuid")
$searcher.SetPropertiesToLoad($propertiesToLoad)

try
{
    # Get the default Web Interface address
    $webInterfaceAddress = "%adm-WebInterfaceUrl%"
    if ([System.String]::IsNullOrEmpty($webInterfaceAddress))
    {
        $Context.LogMessage("Default Web Interface address not set for Adaxes service. For details, see http://www.adaxes.com/help/?HowDoI.ManageService.RegisterWebInterface.html", "Warning")
    }
    
    # Get display names of all properties
    $culture = [System.Globalization.CultureInfo]::CurrentCulture
    $attributeFriendlyNamesCache = [Softerra.Adaxes.Directory.AttributeFriendlyNamesCache]::GetInstance($culture)
    
    # Build HTML table
    $table = "<table border='1'>"
    $table += "<tr><th>User display name</th>"
    foreach ($propertyLdapName in $reportProperties)
    {
        # Add property name to the report
        if ($attributeFriendlyNamesCache.HasFriendlyName($propertyLdapName))
        {
            $propertyName = $attributeFriendlyNamesCache.GetFriendlyName($propertyLdapName, "user")
        }
        else
        {
            $propertyName = $propertyLdapName
        }

        $table += "<th>$propertyName</th>"
    }

    $table += "</tr>"
    
    # Add user info to the report
    $searchResultIterator = $searcher.ExecuteSearch()
    $users = $searchResultIterator.FetchAll()

    foreach ($user in $users)
    {
        # Skip users located in excluded OUs
        if (IsDescendantOfOu $user.Properties["distinguishedName"].Value $excludedOuNames)
        {
            continue
        }
        
        # Add user info to the report
        # Add display name and link to view in the Web Interface
        $guid = [Guid]$userID.Properties["objectGuid"].Value
        $userDisplayName = [Softerra.Adaxes.Utils.ObjectNameHelper]::GetObjectName($userID.AdsPath, "IncludeParentPath")
        $tableRow = "<tr><td><a href='$webInterfaceAddress`ViewObject.aspx?guid=$guid'>$userDisplayName</a></td>"

        # Add the specified properties
        foreach ($propertyLdapName in $reportProperties)
        {
            $value = $userID.Properties[$propertyLdapName].Values
            if ($value.Length -gt 1)
            {
                $value = $value -join "; "
            }
            $tableRow += "<td>$value</td>"
        }

        $tableRow += "</tr>"
        $table += $tableRow
    }
    
    # Finish building the HTML table
    $table += "</table>"
    $htmlReport = $reportHeader + $table + $reportFooter

    # Send mail
    $Context.SendMail($to, $subject, $NULL, $htmlReport)
}
finally
{
    # Release resources used by the search
    $searchResultIterator.Dispose()
}


Comments ( 0 )
No results found.
Leave a comment