Script Repository


Properties of a new or updated user

February 18, 2021
2582

This script e-mails an HTML-formatted report containing values of all properties of a newly created user or all updated properties of a user account. The script can only be executed in a business rule triggering After creating a user or After updating a user.

Parameters:

  • $to - Specifies the email address of the recipient.
  • $subject - Specifies the email message subject.
  • $reportHeader - Specifies the report header.
  • $reportFooter - Specifies the report footer.
  • $ignoredProperties - Specifies LDAP names of the properties that won't be included into the report.
Edit Remove
PowerShell
$to = "recipient@domain.com" # TODO: modify me
$subject = "All properties of user %fullname%" # TODO: modify me
$reportHeader = "<h3><b>All properties of user %fullname%</b></h3><br/><table border='0'>" # TODO: modify me
$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it was sent to you for notification purposes only.</i></p>" # TODO: modify me
$ignoredProperties = @("objectClass") # TODO: modify me

# Get property list
$propertyList = $Context.Action.PropertyList

# Get display names of all properties
$path = $Context.GetWellKnownContainerPath("ConfigurationSetSettings")
$configurationContainer = $Context.BindToObject($path)
$culture = [System.Globalization.CultureInfo]::CurrentCulture
$attributeFriendlyNames = $configurationContainer.GetAttributeFriendlyNames($culture.ThreeLetterISOLanguageName, "ADM_GETATTRFRIENDLYNAMESMODE_MERGED")
$attributeFriendlyNamesMap = @{}
foreach ($attributeFriendlyName in $attributeFriendlyNames)
{
    $ldapPropertyName = $attributeFriendlyName.AttributeName

    $typeSpecificFriendlyNames = $attributeFriendlyName.TypeSpecificFriendlyNames
    if ($typeSpecificFriendlyNames.Length -eq 0)
    {
        $attributeFriendlyNamesMap.Add($ldapPropertyName, $attributeFriendlyName.GenericFriendlyName)
        continue
    }
    
    $friendlyName = $NULL
    foreach ($type in $typeSpecificFriendlyNames)
    {
        if ($type.ObjectType -ne $Context.TargetObject.Class)
        {
            continue
        }
        $friendlyName = $type.FriendlyName
        break
    }
    
    if ($friendlyName -eq $NULL)
    {
        $attributeFriendlyNamesMap.Add($ldapPropertyName, $attributeFriendlyName.GenericFriendlyName)
    }
    else
    {
        $attributeFriendlyNamesMap.Add($ldapPropertyName, $friendlyName)
    }
}

# Build report
for ($i = 0; $i -lt $propertyList.PropertyCount; $i++)
{
    $propertyEntry = $propertyList.Item($i)
    $ldapPropertyName = $propertyEntry.Name
    
    # Skip ignored properties
    if ($ignoredProperties -contains $ldapPropertyName)
    {
        continue
    }

    if ($propertyEntry.Values -eq $NULL)
    {
        continue
    }

    # Add property name to report
    if ($attributeFriendlyNamesMap.ContainsKey($ldapPropertyName))
    {
        $propertyName = $attributeFriendlyNamesMap[$ldapPropertyName]
    }
    else
    {
        $propertyName = $ldapPropertyName
    }
    
    $reportHeader += "<tr><td>$propertyName`:</td><td>"
    
    # Add property value to report
    foreach ($propertyValue in $propertyEntry.Values)
    {
            # Convert value for specific properties
            switch ($ldapPropertyName)
            {
                "accountExpires"
                {
                    $value = "%accountExpires%"
                }
                "unicodePwd"
                {
                    $value = "%unicodePwd%"
                }
                "pwdLastSet"
                {
                    $value = "%pwdLastSet%"
                }
                default
                {
                    $value = ($propertyValue.GetObjectProperty([ref]$propertyEntry.ADsType)).ToString()
                }
            }
            
            $reportHeader += "$value;"
    }
    $reportHeader += "</td></tr>"
}

$reportHeader += "</table>"
$htmlBody = $reportHeader + $reportFooter

# Send email
$Context.SendMail($to, $subject, $NULL, $htmlBody)


Comments ( 4 )
avatar
Ben Smith
Nov 23, 2020
Hi,

It looks like there are some spelling mistakes in the description.

"updated proeprties of a user account.er account."
avatar
Support
Nov 24, 2020
Hello Ben,

Thank you for pointing out the mistake. We corrected the script description.
avatar
Ben Smith
Feb 03, 2021
Looks like you still missed it. :)

properties of a user account.er account
avatar
Support
Feb 04, 2021

Hello Ben,

Thank you for the report. We have corrected the script description.

Leave a comment