Script Repository


Users whose Adaxes custom attribute is set to a future date

November 16, 2016
1264

Since searching for Adaxes custom attributes is not supported, you need to use a script to locate users whose Adaxes attribute is set to a certain value. The following script lists users whose date/time custom attribute, such as CustomAttributeDate1, is set to a future date. You can perform the search in a certain Active Directory domain, Organizational Unit or container.

To generate a list upon request, you can create a Custom Command that runs the script. To schedule generation of such lists, you need to create a Scheduled Task. When creating a Custom Command or a Scheduled Task, configure it to be executed on the type of Active Directory objects in which you want to search for users. For example, if you want to search for users located in an Organizational Unit, configure a command or task for the Organizational Unit objects, and execute them on the OU you need.

To add the script to a Custom Command or Scheduled Task, use the Run a program or PowerShell script action.

Parameters:

  • $attributeName - specifies the LDAP display name of the Adaxes custom attribute that you want to be included in the report,
  • $to - specifies email addresses of the recipient(s) of the report;
  • $subject - specifies the email message subject;
  • $reportHeader - specifies the email message header;
  • $htmlTable - specifies the headers of the table that the report contains;
  • $reportFooter - specifies the email message footer.
Edit Remove
PowerShell
$attributeName = "adm-CustomAttributeDate1" # TODO: modify me

# Email message setings
$to = "%adm-InitiatorEmail%" # TODO: modify me
$subject = "My Subject" # TODO: modify me
$reportHeader = "<h1><b>Users whose '$attributeName' is set to future time</b></h1><br/>"
$htmlTable = @"
<table border="1">
    <tr>
        <th>Full name</th>
        <th>Logon name</th>
        <th>Attribute value</th>
    </tr>
"@ # TODO: modify me
$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me

# Search all users in the target object
$searcher = $Context.TargetObject
$searcher.PageSize = 500
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SearchFilter = "(sAMAccountType=805306368)"
$searcher.SetPropertiesToLoad(@("userPrincipalName","cn"))

try
{
    $searchResult = $searcher.ExecuteSearch()
    $records = ""
    foreach ($userID in $searchResult.FetchAll()) 
    {
        # Bind to user
        $user = $Context.BindToObject($userID.AdsPath)
        
        # Check the attribute value
        try
        {
            $attributeDateTime = $user.Get($attributeName)
        }
        catch
        {
            continue
        }
        
        $currentDateTime = [Datetime]::UtcNow
        if ($attributeDateTime -le $currentDateTime)
        {
            continue
        }
        
        # Add user the report
        $records += "<tr><td>" + $userID.Properties["cn"].Value + "</td>"
        $records += "<td>" + $userID.Properties["userPrincipalName"].Value + "</td>"
        $records += "<td>" + $attributeDateTime + "</td></tr>"
    }
}
finally
{
    $searchResult.Dispose()
}

if ([System.String]::IsNullOrEmpty($records))
{
    $reportHeader += "<b>No users found</b>"
}
else
{
    $reportHeader += "$htmlTable$records</table>"
}

# Build report
$htmlBody = $reportHeader + $reportFooter

# Send mail
$Context.SendMail($to, $subject, $NULL, $htmlBody)

Comments ( 0 )
No results found.
Leave a comment