Script Repository

Users whose AD attribute is not empty with breakdown by the attribute value

February 24, 2021

The script generates and emails a list of users whose AD attribute is not empty. The list is broken down by the attribute value.

To generate a list upon request, you can create a custom command for the Domain-DNS object type that runs the script. To schedule generation of such lists, you need to create a scheduled task and include any of your domains in the Activity Scope. The selected domain will be used only to trigger execution of the PowerShell script and will not affect the scope of AD users added to the list.

To add the script to a custom command or scheduled task, use the Run a program or PowerShell script action.


  • $attributeLdapName - Specifies the LDAP display name of the attribute that you want to search by.
  • $to - Specifies email addresses of the recipient(s) of the report.
  • $subject - Specifies the email message subject.
  • $reportHeader - Specifies the email message header.
  • $reportFooter - Specifies the email message footer.
Edit Remove
$attributeLdapName = "scriptPath" # TODO: modify me

# Email message settings
$to = "" # TODO: modify me
$subject = "Users who have a value for '$attributeLdapName'" # TODO: modify me
$reportHeader = "<h3><b>Users who have a value for '$attributeLdapName'</b></h3><br/>" # TODO: modify me
$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me

# Get the default Web Interface address
$webInterfaceAddress = "%adm-WebInterfaceUrl%"
if ([System.String]::IsNullOrEmpty($webInterfaceAddress))
    $Context.LogMessage("Default web interface address not set for Adaxes service. For details, see", "Warning")

# Find all users who have the attribute set
$searcher = $Context.BindToObject("Adaxes://rootDSE")
$searcher.PageSize = 500
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SearchFilter = "(&(sAMAccountType=805306368)($attributeLdapName=*))"
$searcher.SetPropertiesToLoad(@("ObjectGuid", $attributeLdapName))
$searcher.VirtualRoot = $True

    $searchResultIterator = $searcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()

    $userInfos = @{}
    foreach ($searchResult in $searchResults)
        # Get user information for the report
        $attributeValue = $searchResult.Properties[$attributeLdapName].Value
        $guid = [Guid]$searchResult.Properties["ObjectGuid"].Value
        $username = $Context.GetDisplayNameFromAdsPath($searchResult.AdsPath)
        # Add user to collection
        if (-not ($userInfos.ContainsKey($attributeValue)))
            $list = New-Object "System.Text.StringBuilder"
            $userInfos.Add($attributeValue, $list)
        [void]$userInfos[$attributeValue].Append("<li><a href='$webInterfaceAddress`ViewObject.aspx?guid=$guid'>$username</a></li>")
    # Build report
    $html = New-Object "System.Text.StringBuilder"

    if ($userInfos.Count -eq 0)
        [void]$html.Append("<b>No users with value specified for attribute '$attributeLdapName'</b>")
        foreach ($attributeValue in $userInfos.Keys)

    # Send mail
    $Context.SendMail($to, $subject, $NULL, $html)
    # Release resources used by AD search

Comments ( 0 )
No results found.
Leave a comment