0 votes

We'll be updating over 14K accounts with data (adding data to a virtual attribute) using a scheduled task but I don't want the updates to trigger Business Rules and flood the Adaxes log with entries. Is there an easy way to prevent this?

by (870 points)
0

Hello Sandra,

If the updates are performed by built-in actions (e. g. Update the user) in your scheduled task, there is no way to make the actions not trigger business rules. The only solution is to use a script that will perform the updates directly in AD without involving Adaxes pipeline. For us to help you with the script, please, post here or send us (support@adaxes.com) a screenshot of the scheduled task you have.

0

I don't have a working screen shot yet but will post when it's completed. Will this work if I'm putting the data into an Adaxes custom (virtual) attribute? I didn't think those were available outside of the Adaxes environment.

0

Hello Sandra,

You are right, Adaxes custom attributes are not available outside the software. However, they can also be updated avoiding Adaxes pipeline.

0

I sent my script to support@adaxes.com. I look forward to hearing from you.

1 Answer

+1 vote
by (270k points)
selected by
Best answer

Hello Sandra,

Thank you for the provided script. For it to perform the operations avoiding Adaxes pipeline, just remove the -AdaxeService localhost part from all the cmdlet (e.g. Get-AdmObject) calls.

0

When I run my script, I get the error message "The specified directory service attribute or value does not exist" for each user. I am attempting to add values to the attributes adm-CustomAttributeDate 3 and adm-CustomAttributeText 4.

0

Hello Sandra,

As per our check, just removing that part from your script will not work. Here is the updated script that should do the trick:

Import-Module Adaxes

$csvFilePath = "\adaxes01\c$\HR-9\Test Files\ImportUniqueIdentifiers.csv"
$userIdColumn = "EMPLOYEE_ID"
$userIdProperty = "employeeId"
$accountPasswordColumn = "AccountPassword"
$customColumnNames = @{
    "LAST_FOUR" = "adm-CustomAttributeText20";
    "DOB" = "adm-CustomAttributeText21";
} # TODO: modify me
$aDObjectProperties = @("Manager", "Secretary") # TODO: modify me

# E-mail settings
$to = "recipient@domain.com"
$subject = "Import Unique Identifiers Report"
$reportHeader = "<h2>Import report</h2>"
$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me

$domainName = $Context.GetObjectDomain("%distinguishedName%")
$importedUsers  = Import-Csv -Path $csvFilePath

$moreThanOneUserFound = New-Object "System.Text.StringBuilder"
$userNotFound = New-Object "System.Text.StringBuilder"
foreach ($userFromCSV in $importedUsers)
{
    $userObject = @{}
    $accountPassword = $NULL
    $propertiesToClear = @()
    foreach ($property in $userFromCSV.PSObject.Properties)
    {
        $columnName = $property.Name
        $value = $property.Value

        if ($columnName -ieq $accountPasswordColumn -and !([System.String]::IsNullOrEmpty($value)))
        {
            $accountPassword = $value
            continue
        }
        elseif ($columnName -ieq $accountPasswordColumn -and [System.String]::IsNullOrEmpty($value))
        {
            continue
        }

        if ($customColumnNames.ContainsKey($columnName))
        {
            $propertyName = $customColumnNames[$columnName]
        }
        else
        {
            $propertyName = $columnName
        }

        if ([System.String]::IsNullOrEmpty($value))
        {
            $propertiesToClear += $propertyName
            continue
        }

        # Parse special columns
        if ($columnName -ieq $userIdColumn)
        {
            $propertyName = $userIdProperty
        }
        elseif ($aDObjectProperties -icontains $columnName)
        {
            $aDObject = Get-AdmObject -Filter {(Name -eq $value) -or (DisplayName -eq $value) -or (distinguishedName -eq $value)} `
                -AdaxesService localhost -ErrorAction SilentlyContinue -Server $domainName

            if ($aDObject -is [System.Array])
            {
                $Context.LogMessage("Found more than one object with identity '$value'.", "Warning")
                continue
            }

            if ($aDObject -eq $NULL)
            {
                $Context.LogMessage("Could not locate object with identity '$value'.", "Warning")
                continue
            }

            $value = $aDObject.DistinguishedName
        }

        if ($value -ieq "True" -or $value -ieq "False")
        {
            $value = [System.Boolean]::Parse($value)
        }

        $userObject.Add($propertyName, $value)
    }

    # Check whether the user exists
    $valueForSearch = $userObject.$userIdProperty
    $userExists = Get-AdmUser -LdapFilter "($userIdProperty=$valueForSearch)" `
        -AdaxesService localhost -ErrorAction SilentlyContinue -Server $domainName

    if ($NULL -eq $userExists)
    {
        $userNotFound.Append("<li>$valueForSearch</li>")
        continue
    }

    if ($userExists -is [System.Array])
    {
        $moreThanOneUserFound.Append("<li>$valueForSearch</li>")
        continue
    }

    # If user exists, update account
    $displayName = $userExists.Name
    $user = $Context.BindToObjectByDN($userExists.DistinguishedName)

    foreach ($property in $userObject.Keys)
    {
        $user.Put($property, $userObject[$property])
    }

    try
    {
        $user.SetInfoEx(@($userObject.Keys))
    }
    catch
    {
        $Context.LogMessage("An error occurred when updating user '$displayName'. Error: " + $_.Exception.Message, "Warning")
    }

    if ($propertiesToClear.Length -ne 0)
    {
        foreach ($property in $propertiesToClear)
        {
            $user.Put($property, $NULL)
        }

        try
        {
            $user.SetInfo(@($userObject.Keys))
        }
        catch
        {
            $Context.LogMessage("An error occurred when updating user '$displayName'. Error: " + $_.Exception.Message, "Warning")
        }
    }

    if ([System.String]::IsNullOrEmpty($accountPassword))
    {
        continue
    }

    try
    {
        $user.SetPassword($accountPassword)
    }
    catch
    {
        $Context.LogMessage("An error occurred when updating the password for user '$displayName'. Error: " + $_.Exception.Message, "Warning")
    }
}

if ($moreThanOneUserFound.Length -eq 0 -and $userNotFound.Length -eq 0)
{
    return
}

# Build report
$html = New-Object "System.Text.StringBuilder"
$html.Append($reportHeader)
if ($userNotFound.Length -ne 0)
{
    $html.Append("<b>The following users were not found in Active Directory:</b>")
    $html.Append("<ol>")
    $html.Append($userNotFound.ToString())
    $html.Append("</ol>")
}

if ($moreThanOneUserFound.Length -ne 0)
{
    $html.Append("<b>Found more than one user with the following value of the $userIdProperty property:</b>")
    $html.Append("<ol>")
    $html.Append($moreThanOneUserFound.ToString())
    $html.Append("</ol>")
}

# Send report
$Context.SendMail($to, $subject, $NULL, $html.ToString())

Related questions

0 votes
1 answer

I know I can set the "User must change password at next logon" flag, but noticed when I do that, they can no longer log in to Self-Service.

asked Oct 1, 2020 by RickWaukCo (320 points)
0 votes
0 answers

I am trying to find a way to create Groups based off an OU and a list of options (check boxes) within the portal For example: Select the Target OU to add groups ... 3 - Remote Administrators Option 3 - Remote Developers Option 4 - Readers Option 4 - Writers

asked Sep 11, 2020 by dknapp (100 points)
0 votes
1 answer

I added the Password last set field to the Admin view but when I click on edit it allows the admin user to change the value. Adaxes correclty handel Bad Password time and Bad password ... last set, so I guest there is a way but I can not find it. Thanks you

asked Dec 19, 2019 by tomlaf (60 points)
0 votes
1 answer

I want to remove special characters on the onboarding web form for username and mail before clicking Finish. Using a script like on the rule "Before User Creation" seems to to do the change to late and you can not verify the email adress before created.

asked Dec 27, 2021 by joem (20 points)
0 votes
1 answer

I have 18 domains managed by Adaxes and have noticed that Admin (full access) t all objects acts normally, but for piecemeal scopes like Service Desk that scopes to individual ... role (including 16 denies) and expect it to grow as we add more domains.

asked Sep 20, 2022 by DA-symplr (80 points)
3,326 questions
3,025 answers
7,724 comments
544,678 users