0 votes

Hi,

I'm currently facing a problem where I want to set up a powershell script that should report all accounts (enabled, disabled, expired) matching a specific employeeType

Import-Module Adaxes

# Email message settings
$to = "ijacob@littelfuse.com" # TODO: modify me
$subject = "List of the users in lfext.com" # TODO: modify me
$htmlReportHeader = "<h3><b>List of the users in lfext.com </b></h3><br/>" # TODO: modify me
$htmlReportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me

$members = Get-AdmUser -Filter 'employeeType -like "extSharePoint"' -AdaxesService localhost -Server lfext.com -Properties *

# Build report
$disabledAccounts = "<b>Disabled Accounts</b><br/><ol>"
$expiredAccounts = "<b>Expired Accounts</b><br/><ol>"
$activeAccounts = "<b>Active Accounts</b><br/><ol>"

foreach ($member in $members){
    $currentDate = Get-Date
    #$accountExpires = $member.Get("accountExpires")

    if ($member.AccountDisabled)
    {
        $disabledAccounts += "<li>$member.name</li>"
        continue
    }
    elseif (($member.AccountExpirationDate -lt $currentDate))
    {
        $expiredAccounts += "<li>$member.name</li>"
        continue
    }
    else
    {
        $activeAccounts += "<li>$member.name</li>"
        continue
    }
}

# Build HTML report
$disabledAccounts += "</ol>"
$expiredAccounts += "</ol>"
$activeAccounts += "</ol>"
$htmlBody = $htmlReportHeader + $activeAccounts + $expiredAccounts + $disabledAccounts + $htmlReportFooter

# Send mail
$Context.SendMail($to, $subject, $NULL, $htmlBody)

Current Output:

Somehow expired and disabled Accounts are mixed up and I need to include the following fields:
· Company Name
· Name (DisplayName)
· Title
· Email address
· Phone/mobile
· CustomAttributeText10
· CustomAttributeText11
· CustomAttributeText12
· Userid expiration date
· Description
· Created Date
· Modified Date
And the header of the table should include the field names

The report does not need to contain any links to the Adaxes web service, full CN or something else, just the plain Info
Can you help me with this?

kind regards
Ingemar

by (960 points)
0

Meanwhile I changed the script to the following:

Import-Module Adaxes

# Email message settings
$to = "ijacob@littelfuse.com" # TODO: modify me
$subject = "List of the users in lfext.com" # TODO: modify me
$members = Get-AdmUser -Filter 'employeeType -like "extSharePoint"' -Properties * -AdaxesService localhost -Server lfext.com

$htmlBuilder = New-Object "System.Text.StringBuilder"
$htmlBuilder.append("<html><head>")
$htmlBuilder.append("<meta http-equiv=""Content-Type""`
    content=""text/html charset=UTF-8""></head>")
$htmlBuilder.append("<body>")
$htmlBuilder.appendFormat(
    "<p>Users in lfext.com (<b>{0}</b>)</p>",
    $members.count)
$htmlBuilder.append("<table width=""100%%"" border=""1"">")
$htmlBuilder.append("<tr>")
$htmlBuilder.append("<th>User Name</th>
    <th>Company</th><th>Title</th><th>Phone</th><th>Mobile</th><th>LF Contact</th><th>LF Title</th><th>LF Mail</th><th>Expiration Date</th><th>Description</th><th>Created</th><th>Modified</th>")
$htmlBuilder.append("</tr>")

foreach ($_ in $members) {

        $htmlBuilder.append("<tr>")       
        $htmlBuilder.appendFormat("<td>{0}</td>", $_.Name)       
        $htmlBuilder.appendFormat("<td>{0}</td>", $_.company)       
        $htmlBuilder.appendFormat("<td>{0}</td>", $_.title) 
        $htmlBuilder.appendFormat("<td>{0}</td>", $_.telephoneNumber)
        $htmlBuilder.appendFormat("<td>{0}</td>", $_.mobile)
        $htmlBuilder.appendFormat("<td>{0}</td>", $_.mobile) #.mobile is just a placeholder, should be adm-customAttributeText10
        $htmlBuilder.appendFormat("<td>{0}</td>", $_.mobile) #.mobile is just a placeholder, should be adm-cumstomAttributeText11
        $htmlBuilder.appendFormat("<td>{0}</td>", $_.mobile) #.mobile is just a placeholder, should be adm-cumstomAttributeText12
        $htmlBuilder.appendFormat("<td>{0}</td>", $_.accountExpires) # doesn't look like a timestamp
        $htmlBuilder.appendFormat("<td>{0}</td>", $_.description)  
        $htmlBuilder.appendFormat("<td>{0}</td>", $_.createTimeStamp)
        $htmlBuilder.appendFormat("<td>{0}</td>", $_.modifyTimeStamp) 
        $htmlBuilder.append("</tr>")   
}

$htmlBuilder.append("</table>")
$htmlBuilder.append("</body></html>")
$Context.SendMail($to, $subject, $NULL,
    $htmlBuilder.ToString())

But I'm still facing few issues, phone numbers are not being displayed even so they are definitely filled in, I don't know how to retrieve the adm-CustomAttributeText fields, not sure how to get account expiration date and I'm missing the difference between active, disabled and already expired accounts.

right now, it looks like this:

0

finally I think I got most of my requirements by myself, here's the code:

Import-Module Adaxes

# Search all users in the target object
$searcher = $Context.TargetObject
$searcher.PageSize = 500
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SearchFilter = "(employeeType=extSharePoint)"
$searcher.SetPropertiesToLoad(@("userPrincipalName","cn","description","mobile","phoneNumber"))

# Email message settings
$to = "ijacob@littelfuse.com" # TODO: modify me
$subject = "List of the users in lfext.com" # TODO: modify me

$searchResult = $searcher.ExecuteSearch()

$htmlBuilder = New-Object "System.Text.StringBuilder"
$htmlBuilder.append("<html><head>")
$htmlBuilder.append("<meta http-equiv=""Content-Type""`
    content=""text/html charset=UTF-8""></head>")
$htmlBuilder.append("<body>")
$htmlBuilder.appendFormat(
    "<p>Users in lfext.com (<b>{0}</b>)</p>",
    $searchResult.count)
$htmlBuilder.append("<table width=""100%%"" border=""1"">")
$htmlBuilder.append("<tr>")
$htmlBuilder.append("<th>User Name</th>
    <th>Company</th><th>Title</th><th>Phone</th><th>Mobile</th><th>LF Contact</th><th>LF Title</th><th>LF Mail</th><th>Expiration Date</th><th>Description</th><th>Created</th><th>Modified</th>")
$htmlBuilder.append("</tr>")

foreach ($userID in $searchResult.FetchAll()) {

        $user = $Context.BindToObject($userID.AdsPath)

        $htmlBuilder.append("<tr>")       
        $htmlBuilder.appendFormat("<td>{0}</td>", $userID.Properties["cn"].Value)       
        $htmlBuilder.appendFormat("<td>{0}</td>", $user.Get("company"))       
        $htmlBuilder.appendFormat("<td>{0}</td>", $user.Get("title")) 
        $htmlBuilder.appendFormat("<td>{0}</td>", $userID.Properties["phoneNumber"].Value)
        $htmlBuilder.appendFormat("<td>{0}</td>", $userID.Properties["mobile"].Value)
        $htmlBuilder.appendFormat("<td>{0}</td>", $user.Get("adm-CustomAttributeText10"))
        $htmlBuilder.appendFormat("<td>{0}</td>", $user.Get("adm-CustomAttributeText11"))
        $htmlBuilder.appendFormat("<td>{0}</td>", $user.Get("adm-CustomAttributeText12"))
        $htmlBuilder.appendFormat("<td>{0}</td>", $user.Get("accountExpires")) # doesn't look like a timestamp
        $htmlBuilder.appendFormat("<td>{0}</td>", $userID.Properties["description"].Value)  
        $htmlBuilder.appendFormat("<td>{0}</td>", $user.Get("createTimeStamp"))
        $htmlBuilder.appendFormat("<td>{0}</td>", $user.Get("modifyTimeStamp")) 
        $htmlBuilder.append("</tr>")   
}

$htmlBuilder.append("</table>")
$htmlBuilder.append("</body></html>")
$Context.SendMail($to, $subject, $NULL,
    $htmlBuilder.ToString())

Only thing that's left so far, I need the Account Expiration Date and somehow I need to show which accounts are active, which disabled and which have expired, either by different row colors or somehow sorted.

kind regards
Ingemar

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello Ingemar,

We've made a script that can do the job and added it to our Script Repository. See Active, disabled and expired users with specific Employee Type. The script creates an HTML report with 3 different tables for active, disabled and expired user accounts.

The initial issue with scrambled active, disabled and expired accounts occurred because you tried to use the AccountDisabled property exposed by the IADsUser interface to determine whether an account is disabled. The interface is a part of Adaxes ADSI API. However, in your scripts, you use Adaxes PowerShell cmdlets. Instead of returning objects that support ADSI interfaces, the cmdlets return objects of the Softerra.Adaxes.PowerShellModule.Directory.ADUser type. Objects of that type do not expose the AccountDisabled property. You need to use the Enabled property of such objects instead. For more details, see:

Also, in your version of the script, you bound to the user account using $Context.BindToObject to get a user account attributes. Binding is an expensive operation. Instead, you can fetch the necessary property values during the search by passing the attribute names via the -Properties attribute of the Get-AdmUser cmdlet as it is done in our version of the script. This works much faster.

0

Thanks so much!

kinds regards
Ingemar

0

last question, if I want to add the manager to the table, which in itself is now issue, how do I retrieve the managers DisplayName?

kind regards
Ingemar

Related questions

0 votes
1 answer

I have a fairly simple function that I want to convert to a report in Adaxes that others can use The PowerShell function as it currently exists function Get-Groups { [CmdletBinding( ... with errors or a blank report. So how can I just add values to the report?

asked Jan 10 by jcrook (100 points)
0 votes
1 answer

We use this date to determin transfers and start dates. Basicaly on this day the Adaxes resets the password. In the report I would like to ... name, first name, last name, employeeID, CustomAttributeboolean1, customattributeboolean2, and customattributedate2.

asked May 17, 2023 by mightycabal (1.0k points)
0 votes
1 answer

For instance to execute a powershell script that enable MFA for all member in that group?

asked Jan 27, 2023 by samuel.anim-addo (20 points)
0 votes
1 answer

We are looking for if Adaxes has a report we can run that will tell us if there are multiple users using the same or similar passwords? Is there any tool that we can ... as another users? I appreciate any information you may be able to provide. Thank You,

asked Feb 27 by Jeff.Briand (80 points)
0 votes
1 answer

I created a Report asking the report to get the Assinged Microsoft Supbsription license assinged to the Users, When the Reports runs it geta few users but time out ... way to increase the time Out oprtion fro Reports that are getting information from Azure?

asked May 16 by George.Holden (60 points)
3,588 questions
3,277 answers
8,303 comments
548,084 users