Script Repository


Users whose Adaxes custom attribute is not empty

March 14, 2017
1781

Since searching for Adaxes custom attributes is not supported, you need to use a script to locate users who have a certain custom attribute set. The following script allows searching for a particular custom attribute in a certain Active Directory domain, Organizational Unit or container.

To generate a list upon request, you can create a Custom Command that runs the script. To schedule generation of such lists, you need to create a Scheduled Task. When creating a Custom Command or a Scheduled Task, configure it to be executed on the type of Active Directory objects in which you want to search for users. For example, if you want to search for users located in an Organizational Unit, configure a command or task for the Organizational Unit objects, and execute them on the OU you need.

To add the script to a Custom Command or Scheduled Task, use the Run a program or PowerShell script action.

Parameters:

  • $propertyName - specifies the LDAP display name of the Adaxes custom attribute that you want to be included in the report,
  • $to - specifies email addresses of the recipient(s) of the report;
  • $subject - specifies the email message subject;
  • $reportHeader - specifies the email message header;
  • $reportFooter - specifies the email message footer.
Edit Remove
PowerShell
$attributeName = "adm-CustomAttributeDate1"

# Email message settings
$to = "%adm-InitiatorEmail%" # TODO: modify me
$subject = "My Subject" # TODO: modify me
$reportHeader = @"
<h1><b>Users whose '$attributeName' attribute is not empty</b></h1><br/>
<table border="1">
    <tr>
        <th>Full name</th>
        <th>Logon name</th>
        <th>Attribute value</th>
    </tr>
"@ # TODO: modify me

$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me

# Search all users in the target object
$searcher = $Context.TargetObject
$searcher.PageSize = 500
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SearchFilter = "(sAMAccountType=805306368)"
$searcher.SetPropertiesToLoad(@("userPrincipalName","cn"))

try
{
    $searchResult = $searcher.ExecuteSearch()
    foreach ($userID in $searchResult.FetchAll()) 
    {
        # Bind to user
        $user = $Context.BindToObject($userID.AdsPath)
        
        # Check the attribute value
        try
        {
            $separationDateTime = $user.Get($attributeName)
        }
        catch
        {
            continue
        }
        
        # Add to the report
        $reportHeader += "<tr><td>" + $userID.Properties["cn"].Value + "</td>"
        $reportHeader += "<td>" + $userID.Properties["userPrincipalName"].Value + "</td>"
        $reportHeader += "<td>" + $separationDateTime + "</td></tr>"
    }
}
finally
{
    $searchResult.Dispose()
}

$reportHeader += "</table>"

# Build report
$htmlBody = $reportHeader + $reportFooter

# Send mail
$Context.SendMail($to, $subject, $NULL, $htmlBody)


Comments ( 0 )
No results found.
Leave a comment