Script Repository


Remove actions with empty groups from Custom Commands, Business Rules and Scheduled Tasks

April 06, 2020
182

The script removes all the Add to group and Remove from group actions that do not have a group specified from all Custom Commands, Business Rules and Scheduled Tasks. Such situations can happen if the group specified in an action was removed. The script also sends an email notification containing a record like the following for each removed action if at least one action was removed:

Removed action with blank group from Deprovision Custom Command

To run the script, create a Scheduled Task configured for the Domain-DNS object type and add a managed domain to the Activity Scope of the task.

Parameters:

  • $to - Specifies the email address to which the script will send the notification.
  • $subject - Specifies the subject of the email notification.
Edit Remove
PowerShell
# E-mail settings
$to = "recipient@domain.com" # TODO: modify me
$subject = "Report" # TODO: modify me

function SearchObjects($path, $filter)
{
    $searcher = $Context.BindToObject($path)
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"

    try
    {
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()
        
        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

# A hashtable with types of configuration objects and their aliases
$configurationObjectInfos = @{
    "BusinessRules" = "adm-BusinessRule", "Business Rule";
    "CustomCommands" = "adm-CustomCommand", "Custom Command";
    "ScheduledTasks" = "adm-ScheduledTask", "Scheduled Task";}

$report = New-Object "System.Text.StringBuilder"
foreach ($alias in $configurationObjectInfos.Keys)
{
    $configurationContainerPath = $Context.GetWellKnownContainerPath($alias)
    $objectType = $configurationObjectInfos[$alias][0]
    $objectTypeDisplayName = $configurationObjectInfos[$alias][1]
    $searchresults = SearchObjects $configurationContainerPath "(objectCategory=$objectType)"
    
    # Search actions for the specified string
    foreach ($searchresult in $searchresults)
    {
        # Bind to the Business Rule, Custom Command or Scheduled Task
        $object = $Context.BindToObject($searchresult.AdsPath)
        $objectName = $object.Get("Name")
        
        # Perform search actions
        for ($i = $object.ConditionedActions.Count - 1; $i -ge 0; $i--)
        {
            # Check actions
            $actionsAndConditionsSet = $object.ConditionedActions.GetObject($i)
            for ($j = $actionsAndConditionsSet.Actions.Count - 1; $j -ge 0; $j--)
            {
                $action = $actionsAndConditionsSet.Actions.GetObject($j)
                if ($action.Class -ne "adm-ChangeGroupMembershipAction")
                {
                    continue
                }
                    
                $actionObject = $action.GetAction()
                if (![System.String]::IsNullOrEmpty($actionObject.GroupDnTemplate))
                {
                    continue
                }
                
                $groupGuid = [Guid]$action.Get("adm-GroupGuid")
                try
                {
                    $group = $Context.BindToObject("Adaxes://<Guid=$groupGuid>")
                }
                catch
                {
                    # Remove action
                    $actionsAndConditionsSet.Actions.Remove($action)
                    [void]$report.AppendLine("Removed action with blank group from $objectName $objectTypeDisplayName")
                }
            }
    
            if ($actionsAndConditionsSet.Actions.Count -eq 0)
            {
                $object.ConditionedActions.Remove($actionsAndConditionsSet)
            }
        }
    }
}
# No actions foound, exit
if ($report.Length -eq 0)
{
    return
}

# Send mail
$Context.SendMail($to, $subject, $report.ToString(), $NULL)

Comments ( 0 )
No results found.
Leave a comment