The script creates and emails a list of users whose 2 attributes do not match. Using the script you can, for example, get a list of users whose email address specified in Active Directory does not match their Windows logon name.
Note: To schedule the report, create a scheduled task configured for the Domain-DNS object type that runs the script and assign it over any of your AD domains. To add the script to a scheduled task, use the Run a program or PowerShell script action.
Parameters:
- $firstAttribute and $secondAttribute - Specify LDAP display names of the attributes that must match.
- $to - Specifies a comma separated list of recipients of the report.
- $subject - Specifies the email message subject.
- $reportHeader - Specifies the email message header.
- $reportFooter - Specifies the email message footer.
PowerShell
$firstAttribute = "userPrincipalName" # TODO: modify me
$secondAttribute = "mail" # TODO: modify me
# Email message settings
$to = "recipient@domain.com" # TODO: modify me
$subject = "Attribute Mismatch" # TODO: modify me
$reportHeader = "<h3><b>Attribute Mismatch</b></h3><br/>" # TODO: modify me
$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me
# Get the default Web Interface address
$webInterfaceAddress = "%adm-WebInterfaceUrl%"
if ([System.String]::IsNullOrEmpty($webInterfaceAddress))
{
$Context.LogMessage("Default web interface address not set for Adaxes service. For details, see http://www.adaxes.com/help/?HowDoI.ManageService.RegisterWebInterface.html", "Warning")
}
# Find all users
$searcher = $Context.BindToObject("Adaxes://rootDSE")
$searcher.PageSize = 500
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SearchFilter = "(sAMAccountType=805306368)"
$searcher.SetPropertiesToLoad(@($firstAttribute, $secondAttribute, "ObjectGuid"))
$searcher.VirtualRoot = $True
try
{
$searchResultIterator = $searcher.ExecuteSearch()
$searchResults = $searchResultIterator.FetchAll()
$htmlListItems = New-Object "System.Text.StringBuilder"
foreach ($searchResult in $searchResults)
{
$firstAttributeValue = $searchResult.Properties[$firstAttribute].Value
$secondAttributeValue = $searchResult.Properties[$secondAttribute].Value
if ($firstAttributeValue -eq $secondAttributeValue)
{
continue
}
$guid = [Guid]$searchResult.Properties["ObjectGuid"].Value
$username = [Softerra.Adaxes.Utils.ObjectNameHelper]::GetObjectName($searchResult.AdsPath, "IncludeParentPath")
$link = "<a href='$webInterfaceAddress`ViewObject.aspx?guid=$guid'>$username</a>"
[void]$htmlListItems.Append("<li>$link</li>")
}
if ($htmlListItems.Length -eq 0)
{
$html = $reportHeader + "<b>No users with attribute mismatch found</b>" + $reportFooter
}
else
{
$html = $reportHeader + "<ul>" + $htmlListItems.ToString() + "</ul>" + $reportFooter
}
# Send mail
$Context.SendMail($to, $subject, $NULL, $html)
}
finally
{
# Release resources used by AD search
$searchResultIterator.Dispose()
}