Script Repository


Properties of a new or updated user

November 24, 2020
2296

This script e-mails an HTML-formatted report containing values of all properties of a newly created or all updated properties of a user account.er account. The script can only be executed in a Business Rule triggering After creating a user or After updating a user.

Parameters:

  • $to - Specifies the email address of the recipient.
  • $subject - Specifies the email message subject.
  • $reportHeader - Specifies the report header.
  • $reportFooter - Specifies the report footer.
  • $ignoredProperties - Specifies LDAP names of the properties that won't be included into the report.
Edit Remove
PowerShell
$to = "recipient@domain.com" # TODO: modify me
$subject = "All properties of user %fullname%" # TODO: modify me
$reportHeader = "<h3><b>All properties of user %fullname%</b></h3><br/><table border='0'>" # TODO: modify me
$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it was sent to you for notification purposes only.</i></p>" # TODO: modify me
$ignoredProperties = @("objectClass") # TODO: modify me

# Get property list
$propertyList = $Context.Action.PropertyList

# Get display names of all properties
$path = $Context.GetWellKnownContainerPath("ConfigurationSetSettings")
$configurationContainer = $Context.BindToObject($path)
$culture = [System.Globalization.CultureInfo]::CurrentCulture
$attributeFriendlyNames = $configurationContainer.GetAttributeFriendlyNames($culture.ThreeLetterISOLanguageName, "ADM_GETATTRFRIENDLYNAMESMODE_MERGED")
$attributeFriendlyNamesMap = @{}
foreach ($attributeFriendlyName in $attributeFriendlyNames)
{
    $ldapPropertyName = $attributeFriendlyName.AttributeName

    $typeSpecificFriendlyNames = $attributeFriendlyName.TypeSpecificFriendlyNames
    if ($typeSpecificFriendlyNames.Length -eq 0)
    {
        $attributeFriendlyNamesMap.Add($ldapPropertyName, $attributeFriendlyName.GenericFriendlyName)
        continue
    }
    
    $friendlyName = $NULL
    foreach ($type in $typeSpecificFriendlyNames)
    {
        if ($type.ObjectType -ne $Context.TargetObject.Class)
        {
            continue
        }
        $friendlyName = $type.FriendlyName
        break
    }
    
    if ($friendlyName -eq $NULL)
    {
        $attributeFriendlyNamesMap.Add($ldapPropertyName, $attributeFriendlyName.GenericFriendlyName)
    }
    else
    {
        $attributeFriendlyNamesMap.Add($ldapPropertyName, $friendlyName)
    }
}

# Build report
for ($i = 0; $i -lt $propertyList.PropertyCount; $i++)
{
    $propertyEntry = $propertyList.Item($i)
    $ldapPropertyName = $propertyEntry.Name
    
    # Skip ignored properties
    if ($ignoredProperties -contains $ldapPropertyName)
    {
        continue
    }

    if ($propertyEntry.Values -eq $NULL)
    {
        continue
    }

    # Add property name to report
    if ($attributeFriendlyNamesMap.ContainsKey($ldapPropertyName))
    {
        $propertyName = $attributeFriendlyNamesMap[$ldapPropertyName]
    }
    else
    {
        $propertyName = $ldapPropertyName
    }
    
    $reportHeader += "<tr><td>$propertyName`:</td><td>"
    
    # Add property value to report
    foreach ($propertyValue in $propertyEntry.Values)
    {
            # Convert value for specific properties
            switch ($ldapPropertyName)
            {
                "accountExpires"
                {
                    $value = "%accountExpires%"
                }
                "unicodePwd"
                {
                    $value = "%unicodePwd%"
                }
                "pwdLastSet"
                {
                    $value = "%pwdLastSet%"
                }
                default
                {
                    $value = ($propertyValue.GetObjectProperty([ref]$propertyEntry.ADsType)).ToString()
                }
            }
            
            $reportHeader += "$value;"
    }
    $reportHeader += "</td></tr>"
}

$reportHeader += "</table>"
$htmlBody = $reportHeader + $reportFooter

# Send email
$Context.SendMail($to, $subject, $NULL, $htmlBody)


Comments ( 2 )
avatar
Ben Smith
Nov 23, 2020
Hi,

It looks like there are some spelling mistakes in the description.

"updated proeprties of a user account.er account."
avatar
Support
Nov 24, 2020
Hello Ben,

Thank you for pointing out the mistake. We corrected the script description.
Leave a comment