Adaxes

Report: Users Without Photo

0 votes

I'm using this report as a baseline and I have it mostly working, but I need assistance setting the ldap filter or search base to include only specified OUs instead of the whole domain because I'm running it against DomainDNS and cannot use Activity Scope.

$to = "email@example.com" # TODO: modify me

function GetObjectDisplayName($objectDN)
{
    $objectPath = New-Object -TypeName "Softerra.Adaxes.Adsi.AdsPath"`
        -ArgumentList @($null, $objectDN)   
    return [Softerra.Adaxes.Utils.ObjectNameHelper]::GetObjectName(
        $objectPath, "IncludeParentPath")
}

# Get the default Web Interface address
$webInterfaceAddress = "%adm-WebInterfaceUrl%"
$appendWebInterFaceLink = $True
if ([System.String]::IsNullOrEmpty($webInterfaceAddress))
{
    $appendWebInterFaceLink = $False
    $Context.LogMessage("Default web interface address not set for Adaxes service. For details, see http://www.adaxes.com/help/?HowDoI.ManageService.RegisterWebInterface.html", "Warning")
}

$htmlBuilder = New-Object "System.Text.StringBuilder"
$htmlBuilder.append("<html><head>")
$htmlBuilder.append("<meta http-equiv=""Content-Type""`
    content=""text/html charset=UTF-8""></head>")
$htmlBuilder.append("<body>")
$htmlBuilder.append("<p>Disabled Managers</p>")
$htmlBuilder.append("<table width=""100%%"" border=""1"">")
$htmlBuilder.append("<tr>")
$htmlBuilder.append("<th>Full Name</th><th>Username</th>
<th>Parent</th><th>Direct Reports</th>")
if ($appendWebInterFaceLink)
{
    $htmlBuilder.append("<th>Link</th>")
}

$htmlBuilder.append("</tr>")

# Find disabled managers
$searcher = $Context.BindToObject("Adaxes://rootDSE")
$searcher.PageSize = 500
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SearchFilter = "(&(objectCategory=user)(samAccountName=*)(!thumbnailPhoto=*))"
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.VirtualRoot = $True

try
{
    $searchResult = $searcher.ExecuteSearch()
    $photoEmpty = $searchResult.FetchAll()

    # Add information on each user
    if ($photoEmpty.Count -gt 0)
    {
        foreach ($employee in $photoEmpty)
        {
            $employee = $Context.BindToObject($employee.AdsPath)
            $employeeDN = New-Object "Softerra.Adaxes.Ldap.DN" $employee.Get("distinguishedName")
            $parentDisplayName = GetObjectDisplayName($employeeDN.Parent.ToString())
            $htmlBuilder.append("<tr>")
            $htmlBuilder.appendFormat("<td>{0}</td>", $employee.Get("name"))
            $htmlBuilder.appendFormat("<td>{0}</td>", $employee.Get("sAMAccountName"))
            $htmlBuilder.appendFormat("<td>{0}</td>", $parentDisplayName)

            # Append direct reports
            $htmlBuilder.append("<td>")
#            foreach ($directReportDN in $employee.GetEx("directReports"))
#            {
#                $directReport = $Context.BindToObjectByDN($directReportDN)
#                $htmlBuilder.appendFormat("{0} ({1})<br />", $directReport.Get("name"), $directReport.Get("sAMAccountName"))
#            }
#            $htmlBuilder.append("</td>")

            if ($appendWebInterFaceLink)
            {
                $htmlBuilder.appendFormat("<td><a href='$webInterfaceAddress`ViewObject.aspx?guid={0}'>View</a></td>", [Guid]$employee.Get("objectGUID"))
            }
            $htmlBuilder.append("</tr>")
        }
    }

    $htmlBuilder.append("</table>")
    $htmlBuilder.appendFormat("Total: {0} employees", $photoEmpty.Count.ToString())
    $htmlBuilder.append("</body></html>")

    $Context.SendMail($to, "[AD Report] Employees Without Pictures", $NULL, $htmlBuilder.ToString())
}
finally
{
    $searchResult.Dispose()
}
by (540 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Update 2018

Starting with Adaxes 2018.1 you can use a built-in report, Users without photo. By default, the report is located in container Reports\All Reports\Users.

Original

Hello,

Here's a version of the script that will do the job. In the script:

  • $to - specifies the recipient of the report;
  • $subject - specifies the subject for the email notification;
  • $ouDNs - specifies Distinguished Names (DNs) of the Organizational Units that you want to run the report for.
$to = "recipient@domain.com" # TODO: modify me
$subject = "[AD Report] Employees Without Pictures" # TODO: modify me
$ouDNs = @("OU=MyOU1,DC=domain,DC=com", "OU=MyOU2,DC=domain,DC=com") # TODO: modify me

function BuildReport($ouDN)
{
    # Find users without photos
    $searcher = $Context.BindToObjectByDN($ouDN)
    $searcher.PageSize = 500
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.SearchFilter = "(&(objectCategory=person)(objectClass=user)(!(thumbnailPhoto=*)))"
    $searcher.SetPropertiesToLoad(@("distinguishedName", "name", "sAMAccountName", "objectGuid"))

    try
    {
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()

        # Add information on each user
        $searchResultsCount = $searchResults.Count
        if ($searchResultsCount -gt 0)
        {
            foreach ($searchResult in $searchResults)
            {
                [void]$htmlBuilder.Append("<tr>")
                [void]$htmlBuilder.AppendFormat("<td>{0}</td>", $searchResult.Properties["name"].Value)
                [void]$htmlBuilder.AppendFormat("<td>{0}</td>", $searchResult.Properties["sAMAccountName"].Value)
                $userDN = New-Object "Softerra.Adaxes.Ldap.DN" $searchResult.Properties["distinguishedName"].Value
                $parentDisplayName = GetObjectDisplayName($userDN.Parent.ToString())
                [void]$htmlBuilder.AppendFormat("<td>{0}</td>", $parentDisplayName)

                if ($appendWebInterFaceLink)
                {
                    [void]$htmlBuilder.AppendFormat("<td><a href='$webInterfaceAddress`ViewObject.aspx?guid={0}'>View</a></td>", [Guid]$searchResult.Properties["objectGuid"].Value)
                }
                [void]$htmlBuilder.Append("</tr>")
            }
        }

        return $searchResultsCount
    }
    finally
    {
        $searchResultIterator.Dispose()
    }
}

function GetObjectDisplayName($objectDN)
{
    $objectPath = New-Object -TypeName "Softerra.Adaxes.Adsi.AdsPath"`
        -ArgumentList @($null, $objectDN)   
    return [Softerra.Adaxes.Utils.ObjectNameHelper]::GetObjectName(
        $objectPath, "IncludeParentPath")
}

# Get the default Web Interface address
$webInterfaceAddress = "%adm-WebInterfaceUrl%"
$appendWebInterFaceLink = $True
if ([System.String]::IsNullOrEmpty($webInterfaceAddress))
{
    $appendWebInterFaceLink = $False
    $Context.LogMessage("Default web interface address not set for Adaxes service. For details, see http://www.adaxes.com/help/?HowDoI.ManageService.RegisterWebInterface.html", "Warning")
}

# Start building the report
$htmlBuilder = New-Object "System.Text.StringBuilder"
$htmlBuilder.Append("<html><head>")
$htmlBuilder.Append("<meta http-equiv=""Content-Type""`
    content=""text/html charset=UTF-8""></head>")
$htmlBuilder.Append("<body>")
$htmlBuilder.Append("<p>Disabled Managers</p>")
$htmlBuilder.Append("<table width=""100%%"" border=""1"">")
$htmlBuilder.Append("<tr>")
$htmlBuilder.Append("<th>Full Name</th><th>Username</th><th>Parent</th>")
if ($appendWebInterFaceLink)
{
    $htmlBuilder.Append("<th>Link</th>")
}
$htmlBuilder.Append("</tr>")
$totalCount = 0

# Process each OU
foreach ($dn in $ouDNs)
{
    $totalCount += BuildReport $dn
}

# Finish building the report
$htmlBuilder.Append("</table>")
$htmlBuilder.AppendFormat("<br/>Total: {0} employees", $totalCount)
$htmlBuilder.Append("</body></html>")

# Send mail
$Context.SendMail($to, $subject, $NULL, $htmlBuilder.ToString())
0

How would you exclude an OU from this search?
So, exclude an OU that is a child of one of the OUs specified within $ouDNs

by (0 points)
0

Hello,

We've published an updated version of the script in our Script Repository: Users without photo. In the new version, use $excludeOuDNs to specify the OUs you want to skip.

by (216k points)

Related questions

0 votes
1 answer
Is there a way to create a single report to look into multiple OU locations without using the drop downs?

I'm trying to schedule a report to look in a few specific OUs. Currently "Look in" location only allows for single instance or multiple drop downs. How do I schedule multiple OU locations without creating multiple reports?

asked Jul 2, 2020 by Al (20 points)
0 votes
1 answer
Business Unit - Users W/O Photo

This is the query I am using (basically if "Photo" is empty): (&amp;(sAMAccountType=805306368)(!(photo=*))) which returns everyone in AD, not just users without photos. ... sAMAccountType=805306368)(!(manager=*))) What am I doing wrong? Can my query be fixed?

asked Jun 11, 2012 by MarkManley (90 points)
0 votes
1 answer
Is there a way for users to change their display names without requirement of an administrator?

Users are asking if they can change their name to suit preferred names as opposed to birth names? Is this possible?

asked Oct 14, 2024 by Charlie.Evans (70 points)
0 votes
1 answer
Is possible to update users based on the recently created users report.

For example: This integration with SAP SuccessFactors/Active Directory will create the users without the knowledge of Adaxes but we still want to do automation around creating ... created users report and run this automation based on the result of the report?

asked Feb 7 by DarrenFisk (100 points)
0 votes
1 answer
Report of all enabled users in selected group or multiple groups.

I need to create a report of all enabled users in selected group or multiple groups. I am aware of the report named "Members of selected groups", but I don't know how to filter only enabled users. Is there a way to achieve this?

asked May 28, 2024 by gsoc.ssm (90 points)
3,648 questions
3,336 answers
8,432 comments
548,984 users