The script generates a report of recently deleted users with initiator. If a user was deleted outside of Adaxes, the initiator column will be empty. For information on creating reports, see the Create Report tutorial.
Parameters:
- $whenDeletedColumnID - Specifies the identifier of the custom column that will contain the date when a user was deleted. The column should be of the Date/Time type.
- $initiatorColumnID - Specifies the identifier of the custom column that will contain the user who deleted the corresponding account. The column should be of the Directory object type.
- $daysParameterName - Specifies the name of the parameter used to determine the period (in days) to retrieve deleted users for. The name should be specified with the param- prefix.
PowerShell
# Custom column identifiers
$whenDeletedColumnID = "{a7c2abeb-311c-43d4-98b9-3a7db544f3af}" # TODO: modify me
$initiatorColumnID = "{c0fc451b-a2e6-4a38-9237-5baa7acf8f6d}" # TODO: modify me
$daysParameterName = "param-Days" # TODO: modify me
# Get parameter values
$days = $Context.GetParameterValue($daysParameterName)
$endDate = Get-Date
# Build search filter
$threshold = (Get-Date).AddDays(- $days)
$thresholdGeneralizedTime =
[Softerra.Adaxes.Utils.Transform]::ToGeneralizedTime($threshold.ToUniversalTime())
$filterIsDeleted = "(isDeleted=TRUE)"
$filterDeletedAfter = "(whenChanged>=$thresholdGeneralizedTime)"
$filter = "(&" + "(&(objectClass=user)(!(objectClass=computer))(|(!(msExchRecipientTypeDetails=*))(!(msExchRecipientTypeDetails:1.2.840.113556.1.4.804:=7276219883574))))" + $filterDeletedAfter + $filterIsDeleted + ")"
# Append the search filter
$Context.DirectorySearcher.AppendFilter($filter)
# Search in deleted objects
$Context.DirectorySearcher.Tombstone = $True
# Add properties necessary to restore objects
$Context.DirectorySearcher.SearchParameters.PropertiesToLoad.Add("msDS-LastKnownRDN")
$Context.DirectorySearcher.SearchParameters.PropertiesToLoad.Add("lastKnownParent")
$Context.DirectorySearcher.SearchParameters.PropertiesToLoad.Add("whenChanged")
# Generate the report
try
{
$searchIterator = $Context.DirectorySearcher.ExecuteSearch()
while ($Context.MoveNext($searchIterator))
{
$searchResult = $searchIterator.Current
# Get Modification Log for the object
$obj = $Context.BindToObjectBySearchResult($searchResult)
$modificationLog = $obj.GetModificationLog()
$modificationLog.StartDateTime = $threshold
$modificationLog.EndDateTime = $endDate
$log = $modificationLog.Log
$records = $log.GetPage(0)
# Add log records to the report
$noRecords = $True
foreach ($record in $records)
{
if ($Context.Items.Aborted)
{
return
}
$operationTypes = $record.GetOperationTypes()
if ($operationTypes -notcontains "delete")
{
continue
}
$clonedSearchResult = $searchResult.Clone($False)
$Context.Items.Add($clonedSearchResult, @{ $initiatorColumnID = $record.Initiator.AdsPath; $whenDeletedColumnID = $record.CompletionTime }, $NULL )
}
}
}
finally
{
# Release resources
if ($searchIterator) { $searchIterator.Dispose() }
}