Script Repository


Users recently moved to the specified OU

June 07, 2021
72

The script can be used to generate a report that will include user accounts recently moved to the specified OU. The report does not require a scope. The target OU and the time period are specified via report parameters.

Parameters:

  • $ouDNsParameterName - Specifies the name of the AD object picker parameter used to select the OU users should be moved to. The parameter name must be specified with the param- prefix.
  • $delimiter - Specifies the delimiter user to separate multiple values of the parameter specified in the $ouDNsParameterName variable.
  • $daysParameterName - Specifies the name of the drop-down list parameter used to select the time period to check account moves for.
  • The parameter name must be specified with the param- prefix.
  • $dateColumnID - Specifies the identifier of the custom column that will store the move dates. To get the identifier:
    1. On the Columns tab, right-click the custom column in the Report-specific columns section.
    2. In the context menu, navigate to Copy and click Column ID.
    3. The column identifier will be copied to clipboard.
Edit Remove
PowerShell
$ouDNsParameterName = "param-myparam1" # TODO: modify me
$delimiter = ";" # TODO: modify me
$daysParameterName = "param-myparam2" # TODO: modify me
$dateColumnID = "{63a3df86-e718-401a-963a-1bcf8a4a3c52}" # TODO: modify me

# Get parameter values
$ouDNs = $Context.GetParameterValue($ouDNsParameterName).Split($delimiter)
$days = $Context.GetParameterValue($daysParameterName)

# Get OU names
$ouNameToDN = @{}
foreach ($dn in $ouDNs)
{
    $objectPath = New-Object -TypeName "Softerra.Adaxes.Adsi.AdsPath" -ArgumentList @($null, $dn)
    $ouName = [Softerra.Adaxes.Utils.ObjectNameHelper]::GetObjectName($objectPath, "IncludeParentPath")
    $ouNameToDN.Add($ouName, $dn)
}

# Bind to the 'Service Log' container
$serviceLogPath = $Context.GetWellKnownContainerPath("ServiceLog")
$serviceLog = $Context.BindToObject($serviceLogPath)

# Get log records
$generalLog = $serviceLog.GeneralLog
$generalLog.StartDateTime = (Get-Date).AddDays(- $days)
$generalLog.EndDateTime = Get-Date

$log = $generalLog.Log
$records = $log.GetPage(0)

$addedUsers = New-Object "System.Collections.Generic.HashSet[System.Guid]"
foreach ($record in $records)
{
    if ($Context.Items.Aborted)
    {
        return
    }

    if ($record.State -ne "OPERATION_STATE_COMPLETED")
    {
        continue
    }
    
    $targetObjectGuid = [Guid]$record.TargetObjectGuid
    if ($addedUsers.Contains($targetObjectGuid))
    {
        continue
    }
    
    $operationTypes = $record.GetOperationTypes()
    if ($operationTypes -notcontains "move")
    {
        continue
    }
    
    foreach ($name in $ouNameToDN.Keys)
    {
        if ($record.DescriptionXml -like "*<objectName>$name</objectName></message>")
        {
            try
            {
                $object = $Context.BindToObject("Adaxes://<GUID=$targetObjectGuid>")
            }
            catch
            {
                continue
            }
            
            $parentDN = (New-Object Softerra.Adaxes.Ldap.DN $object.Get("distinguishedName")).Parent
            if ([Softerra.Adaxes.Ldap.DN]::AreEqual($parentDN, $ouNameToDN[$name]))
            {
                $Context.Items.Add($object, @{ $dateColumnID = $record.CompletionTime}, $NULL)
                $addedUsers.Add($targetObjectGuid)
                break
            }
        }
    }
}

Comments ( 0 )
No results found.
Leave a comment