0 votes

Hallo Everyone

Is there a way to find out recently which Group Membership have been add to a User and if that is possible can we also find our who is the initiator. I've seen the templates for the Groups, but seem i can't follow through.

Thank you in advance for your feedback.

by (340 points)

1 Answer

0 votes
by (216k points)

Hello,

If the membership updates were performed via Adaxes, the information about the operations should be present in operation logs. For information on how to view the logs, please, have a look at the following tutorial: https://www.adaxes.com/tutorials_ActiveDirectoryManagement_ViewADOperationsPerformedViaAdaxes.htm.

To view the log records about a user membership updates, you can filter the logs by the user name. The filters should be like the following: image.png

0

Hallo

Thank you for tutorial, In the Report Adaxes Log what Parameter do i have to change so that "add/Remove Group member" can filter it and make it in a Report.

Any additional information about the desired report would be much appreciated.

0

Hello,

Unfortunately, filtering by operation type takes too much time and can cause report generation failure by exceeding the timeout for script execution. Because of that, the filtering is not available for a big number of log records and the built-in reports for logging do not have such filter.

However, if the supposed number of log records for search is less than 10000, we can provide you with a script for custom report.

0

Hallo

I only need less than 1000 Log records if you can Provide me with the Script for custom Report that will be huge help for me. Thank you.

0

Hello,

Sorry for the confusion but we meant the total number of log records for the period of time the search will be performed for, not the number of records that will be output. Could you, please, clarify the number of records in the Adaxes log for the period the report is supposed to be generated on? To view the number:

  1. Launch Adaxes Administration console.
  2. In the Console Tree, expand your service node.
  3. Select Logging. image.png
  4. In the Time period drop-down, select Date range. image.png
  5. Specify the required range. The number of records will be displayed next to the drop-down. image.png
0

Hallo Sorry for the late reply

I only need the Range for a week.

image.png

0

Hello,

Thank you for the clarification. The report can be created based on the Adaxes log built-in report (located in Reports\All Reports\Miscellaneous\Logging by default). To create the report:

  1. Launch Adaxes Administration console.
  2. In the Console Tree, expand your service node.
  3. Navigate to Reports\All Reports\Miscellaneous\Logging.
  4. Right-click the Adaxes log report.
  5. In the context menu, click Copy. The report will be copied to clipboard. image.png
  6. Paste the report into a container in All Reports.
  7. Specify a new name for the report (e.g. Adaxes log membership update).
  8. Select the Edit report after copy completes checkbox. image.png
  9. Click OK.
  10. Activate the Parameters tab.
  11. Click New. image.png
  12. Select AD object picker. image.png
  13. Click Next.
  14. Specify a parameter name and display name (e.g. User).
  15. Click Next.
  16. Click Configure. image.png
  17. In the Display only objects that match the following LDAP filter field, specify the following filter: (sAMAccountType=805306368) image.png
  18. Click OK.
  19. Click Finish.
  20. Activate the Script tab.
  21. Replace the script in the tab with the script below. In the script, the $userParamName variable specifies the name of the parameter created on step 14 with the param- prefix (e.g. param-User).
$userParamName = "param-User" # TODO: modify me

# Get parameter values
$days = $Context.GetParameterValue("param-Days")
$initiator = $Context.GetParameterValue("param-Initiator")
$showServiceSender = $Context.GetParameterValue("param-ShowServiceSender") -eq "1"
$errorsOnly = $Context.GetParameterValue("param-ErrorsOnly") -eq "1"

$initiatorUser = $initiator.IndexOf("1") -ge 0
$initiatorScheduledTask = $initiator.IndexOf("2") -ge 0
$anyInitiator = $initiatorUser -and $initiatorScheduledTask

# Bind to the 'Service Log' container
$serviceLogPath = $Context.GetWellKnownContainerPath("ServiceLog")
$serviceLog = $Context.BindToObject($serviceLogPath)

# Get log records
$generalLog = $serviceLog.GeneralLog
$generalLog.StartDateTime = (Get-Date).AddDays(- $days)
$generalLog.EndDateTime = Get-Date

$log = $generalLog.Log
$records = $log.GetPage(0)

foreach ($record in $records)
{
    if ($Context.Items.Aborted)
    {
        return
    }

    if ($errorsOnly -and -not(
        ($record.State -eq "OPERATION_STATE_FAILED_CAN_CONTINUE") -or
        ($record.State -eq "OPERATION_STATE_FAILED_NO_CONTINUE")))
    {
        continue
    }

    if ($record.TargetObjectType -ne "group")
    {
        continue
    }

    # Filter by the member added/removed
    $userDn = New-Object "Softerra.Adaxes.Ldap.DN" $Context.GetParameterValue("param-User")
    $userName = $userDn.Leaf.Value
    if ($record.Description -notlike "*$userName*")
    {
        continue
    }

    $operationTypes = $record.GetOperationTypes()
    if ($operationTypes -notcontains "manage group members")
    {
        continue
    }

    if (-not $anyInitiator)
    {
        $initiatorClass = $record.Initiator.ObjectClass

        if ((($initiatorUser -eq $False) -and $initiatorClass -ieq "user") -or
            (($initiatorScheduledTask -eq $False) -and
                (($initiatorClass -ieq "adm-ScheduledTask") -or
                ($initiatorClass -ieq "adm-ReportScheduledTask"))))
        {
            continue
        }
    }

    if (-not $showServiceSender)
    {
        if ($record.CommandSender -ieq "Service")
        {
            continue
        }
    }

    $Context.Items.Add($record)
}

image.png 22. Click OK.

0

It Works pefectly Thank you very much.

Related questions

0 votes
1 answer

I recently updated to Adaxes 2023.2 from 2021.x. We have a weekly email that goes out documenting users membership in groups and it is helpful for a historical look ... 'primaryGroupToken'." Stack trace: at <ScriptBlock>, <No file>: line 34

asked May 29, 2023 by jbadry (430 points)
0 votes
1 answer

Hello, I have 3 groups in my AD environment and want to show all the users that belong to each group. For example - Group 1 Group 2 Group 3 The existing report in the Adaxes ... -Usser D etc. Is there a way to create a report like this? Thank you in advance!

asked Nov 6, 2020 by sirslimjim (480 points)
0 votes
1 answer

Is it possible using PowerShell to copy group memberships from an already existing user without copying 2 specific groups named for example test and test 1 ? We are currently ... groups are not included. I can share the PowerShell script if needed. KR, Cas

asked Oct 30, 2023 by Cas (200 points)
0 votes
1 answer

I created a group Business Rule that triggers "After adding or removing a member from a group". On its Activity Scope I added a test group, and set it for "The group ... does not trigger. What should I do to make the BR detect this (admittedly rare) case?

asked Mar 16, 2023 by alex.vanderwoude (60 points)
0 votes
1 answer

I need to create a lot of groups that have similar dynamic membership rules. e.g. Marketing group that adds users if they are enabled and if customAttribute10 is "14" Sales ... other settings and attributes between them. So is there a way to do this in bulk?

asked Jan 25, 2023 by jcrook (100 points)
3,552 questions
3,242 answers
8,245 comments
547,831 users