This script e-mails an HTML-formatted report containing values of all properties of a newly created user or all updated properties of a user account. The script can only be executed in a business rule triggering After creating a user or After updating a user.
Parameters:
- $to - Specifies the email address of the recipient.
- $subject - Specifies the email message subject.
- $reportHeader - Specifies the report header.
- $reportFooter - Specifies the report footer.
- $ignoredProperties - Specifies LDAP names of the properties that won't be included into the report.
PowerShell
$to = "recipient@domain.com" # TODO: modify me
$subject = "All properties of user %fullname%" # TODO: modify me
$reportHeader = "<h3><b>All properties of user %fullname%</b></h3><br/><table border='0'>" # TODO: modify me
$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it was sent to you for notification purposes only.</i></p>" # TODO: modify me
$ignoredProperties = @("objectClass") # TODO: modify me
# Get property list
$propertyList = $Context.Action.PropertyList
# Get display names of all properties
$path = $Context.GetWellKnownContainerPath("ConfigurationSetSettings")
$configurationContainer = $Context.BindToObject($path)
$culture = [System.Globalization.CultureInfo]::CurrentCulture
$attributeFriendlyNames = $configurationContainer.GetAttributeFriendlyNames($culture.ThreeLetterISOLanguageName, "ADM_GETATTRFRIENDLYNAMESMODE_MERGED")
$attributeFriendlyNamesMap = @{}
foreach ($attributeFriendlyName in $attributeFriendlyNames)
{
$ldapPropertyName = $attributeFriendlyName.AttributeName
$typeSpecificFriendlyNames = $attributeFriendlyName.TypeSpecificFriendlyNames
if ($typeSpecificFriendlyNames.Length -eq 0)
{
$attributeFriendlyNamesMap.Add($ldapPropertyName, $attributeFriendlyName.GenericFriendlyName)
continue
}
$friendlyName = $NULL
foreach ($type in $typeSpecificFriendlyNames)
{
if ($type.ObjectType -ne $Context.TargetObject.Class)
{
continue
}
$friendlyName = $type.FriendlyName
break
}
if ($friendlyName -eq $NULL)
{
$attributeFriendlyNamesMap.Add($ldapPropertyName, $attributeFriendlyName.GenericFriendlyName)
}
else
{
$attributeFriendlyNamesMap.Add($ldapPropertyName, $friendlyName)
}
}
# Build report
for ($i = 0; $i -lt $propertyList.PropertyCount; $i++)
{
$propertyEntry = $propertyList.Item($i)
$ldapPropertyName = $propertyEntry.Name
# Skip ignored properties
if ($ignoredProperties -contains $ldapPropertyName)
{
continue
}
if ($propertyEntry.Values -eq $NULL)
{
continue
}
# Add property name to report
if ($attributeFriendlyNamesMap.ContainsKey($ldapPropertyName))
{
$propertyName = $attributeFriendlyNamesMap[$ldapPropertyName]
}
else
{
$propertyName = $ldapPropertyName
}
$reportHeader += "<tr><td>$propertyName`:</td><td>"
# Add property value to report
foreach ($propertyValue in $propertyEntry.Values)
{
# Convert value for specific properties
switch ($ldapPropertyName)
{
"accountExpires"
{
$value = "%accountExpires%"
}
"unicodePwd"
{
$value = "%unicodePwd%"
}
"pwdLastSet"
{
$value = "%pwdLastSet%"
}
default
{
$value = ($propertyValue.GetObjectProperty([ref]$propertyEntry.ADsType)).ToString()
}
}
$reportHeader += "$value;"
}
$reportHeader += "</td></tr>"
}
$reportHeader += "</table>"
$htmlBody = $reportHeader + $reportFooter
# Send email
$Context.SendMail($to, $subject, $NULL, $htmlBody)
It looks like there are some spelling mistakes in the description.
"updated proeprties of a user account.er account."
Thank you for pointing out the mistake. We corrected the script description.
properties of a user account.er account
Hello Ben,
Thank you for the report. We have corrected the script description.