We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script repository

Users whose Adaxes custom attribute is not empty

October 13, 2023 Views: 2686

Since searching for Adaxes custom attributes is not supported, you need to use a script to locate users who have a certain custom attribute set. The following script allows searching for a particular custom attribute in a certain Active Directory domain, Organizational Unit or container.

To generate a list upon request, you can create a custom command that runs the script. To schedule generation of such lists, you need to create a scheduled task. When creating a custom command or a scheduled task, configure it to be executed on the type of Active Directory objects in which you want to search for users. For example, if you want to search for users located in an Organizational Unit, configure a command or task for the Organizational Unit objects, and execute them on the OU you need.

To add the script to a custom command or scheduled task, use the Run a program or PowerShell script action.

Parameters:

  • $propertyName - Specifies the LDAP display name of the Adaxes custom attribute that you want to be included in the report.
  • $to - Specifies email addresses of the recipient(s) of the report.
  • $subject - Specifies the email message subject.
  • $reportHeader - Specifies the email message header.
  • $reportFooter - Specifies the email message footer.
Edit Remove
PowerShell
$attributeName = "adm-CustomAttributeDate1"

# Email message settings
$to = "%adm-InitiatorEmail%" # TODO: modify me
$subject = "My Subject" # TODO: modify me
$reportHeader = @"
<h1><b>Users whose '$attributeName' attribute is not empty</b></h1><br/>
<table border="1">
    <tr>
        <th>Full name</th>
        <th>Logon name</th>
        <th>Attribute value</th>
    </tr>
"@ # TODO: modify me

$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me

# Search all users in the target object
$searcher = $Context.TargetObject
$searcher.PageSize = 500
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SearchFilter = "(sAMAccountType=805306368)"
$searcher.SetPropertiesToLoad(@("userPrincipalName","cn"))

try
{
    $searchResult = $searcher.ExecuteSearch()
    foreach ($userID in $searchResult.FetchAll()) 
    {
        # Bind to user
        $user = $Context.BindToObject($userID.AdsPath)
        
        # Check the attribute value
        try
        {
            $separationDateTime = $user.Get($attributeName)
        }
        catch
        {
            continue
        }
        
        # Add to the report
        $reportHeader += "<tr><td>" + $userID.Properties["cn"].Value + "</td>"
        $reportHeader += "<td>" + $userID.Properties["userPrincipalName"].Value + "</td>"
        $reportHeader += "<td>" + $separationDateTime + "</td></tr>"
    }
}
finally
{
    $searchResult.Dispose()
}

$reportHeader += "</table>"

# Build report
$htmlBody = $reportHeader + $reportFooter

# Send mail
$Context.SendMail($to, $subject, $NULL, $htmlBody)

Comments 2
avatar
Jim Cole Jan 09, 2024
"Since searching for Adaxes custom attributes is not supported" .... why not? Seems like such an easy thing to add to the right-click "Find" context menu when browsing the "managed domains" structure in Adaxes console.
avatar
Support Jan 10, 2024
Hello Jim,

Unfortunately, it is not an easy thing to implement. However, we are constantly searching for a possible solution.
Leave a comment
Loading...

Got questions?

Support Questions & Answers