Script Repository


Users who performed self-password reset recently

December 09, 2021
212

The script generates a report containing users who performed self-password reset during the specified time period.

Parameters:

  • $eventDateColumnID - Specifies the identifier of the custom column that will contain the date and time when the self-password reset was performed. The column should be of Date/Time type. To get the identifier of a custom column:
    1. In the Report-specific columns section, on the Columns tab, right-click the custom column.
    2. In the context menu, navigate to Copy and click Column ID.
    3. The column identifier will be copied to clipboard.
  • $isSuccessfullColumnID - Specifies the identifier of the custom column that will contain a value (true/false) indicating whether the self-password reset was successful. The column should be of Boolean type.
  • $policyNameColumnID - Specifies the identifier of the custom column that will contain the name of the Self-service policy the user is enrolled for. The column should be of Text type.
  • $hoursParameterName - Specifies the name of the parameter used to select the number of hours to check for self-password resets. The parameter name should be specified with the param- prefix.
Edit Remove
PowerShell
$eventDateColumnID = "{e9920b5a-9167-444c-937a-efdf461f2a14}" # TODO: modify me
$isSuccessfullColumnID = "{adc31b12-0e51-4732-84dc-473f9358af44}" # TODO: modify me
$policyNameColumnID = "{d59b77d2-6106-420d-befa-d3b2cbf7da65}" # TODO: modify me
$hoursParameterName = "param-hours" # TODO: modify me

# Get parameter value
$hours = $Context.GetParameterValue($hoursParameterName)

# Bind to the 'Password Self-Service statistics' container
$passwordSelfServiceStatisticsPath = $Context.GetWellKnownContainerPath("PasswordSelfServiceStatistics")
$passwordSelfServiceStatistics = $Context.BindToObject($passwordSelfServiceStatisticsPath)

# Generate the 'Password Resets' report
$passwordSelfServiceStatistics.ResetReportCache("ADM_PSSREPORTTYPE_RESETPWD")
$reportIsBeingGenerated = $True

# Get the 'Password Resets' report
do 
{
    try
    {
        $report = $passwordSelfServiceStatistics.GetReport("ADM_PSSREPORTTYPE_RESETPWD")
        $reportIsBeingGenerated = $False
    }
    catch [System.Runtime.InteropServices.COMException]
    {
        if ($_.Exception.ErrorCode -eq "-2147024875")
        {
            # Report is being generated. Wait 10 seconds
            Start-Sleep -Seconds 10
        }
        else
        {
            $reportIsBeingGenerated = $False
            $Context.LogMessage($_.Exception.Message, "Error")
            return
        }
    }
}
while ($reportIsBeingGenerated)

# Add the date when the report was generated
$reportHeader = $reportHeader -f $report.GenerateDate

# Add report records
$records = $report.Records
$threshold = (Get-date).AddHours(- $hours).ToUniversalTime()
for ($i = 0; $i -lt $records.Count; $i++)
{
    $record = $records.GetRecord($i)
    
    # Get user information
    $userPath = $NULL
    $userDisplayName = $NULL
    $userParentCanonicalName = $NULL
    $userAccountIsEnabled = $NULL
    $userIsEnrolled = $NULL
    $userAccountIsExpired = $NULL
    $userInfo = $record.GetUserInfo([ref]$userPath, [ref]$userDisplayName, [ref]$userParentCanonicalName, 
        [ref]$userAccountIsEnabled, [ref]$userIsEnrolled, [ref]$userAccountIsExpired)
    $eventDate = $record.EventDate
    
    if ($eventDate -lt $threshold)
    {
        continue
    }
    
    # Get policy information
    $policyPath = $NULL
    $policyName = $NULL
    $policyInfo = $record.GetEnrollmentPolicyInfo([ref]$policyPath, [ref]$policyName)
    
    # Add the information to the report
    $user = $Context.BindToObject($userPath)
    $columnValues = @{
        $isSuccessfullColumnID = $record.IsSuccessfull
        $policyNameColumnID = $policyName
        $eventDateColumnID = $eventDate
    }
    $Context.Items.Add($user, $columnValues, $NULL)
}

Comments ( 0 )
No results found.
Leave a comment