0 votes

Hello,

I am needing to email a list of user accounts that are not part of any distribution groups that start with "POD-" how can do that?

by (1.3k points)
0

Hello,

It can be done by scheduling a report generated by a script. For us to help you with the script, please, specify whether you have only distribution groups whose name starts with POD- or there are also security groups matching the pattern? If latter is the case, do we understand correctly that membership in the security groups should not influence the report?

0

We have both and memberships in the security groups should not influence the report

1 Answer

0 votes
by (294k points)
reshown by

Hello,

Thank you for specifying. Below is the script for generating the report you need. For information on how to create and schedule reports, have a look at the following tutorials:

In the script:

  • $groupIdentityProperty – Specifies the LDAP name of the property that will be used to find groups whose members will be excluded from the report.
  • $groupIdentityTemplate – Specifies a template for the property value that will be used to find the groups.
$groupIdentityProperty = "name" # TODO: modify me
$groupIdentityTemplate = "POD-*"  # TODO: modify me

# Group search parameters
$groupSearcher = New-Object Softerra.Adaxes.Adsi.Search.DirectorySearcher $NULL, $False
$groupSearcher.SearchParameters.VirtualRoot = $True
$groupSearcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
$groupSearcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$groupSearcher.SearchParameters.Filter = "(&(objectCategory=group)($groupIdentityProperty=$groupIdentityTemplate)(!(groupType:1.2.840.113556.1.4.803:=2147483648)))"
$groupSearcher.SearchParameters.PageSize = 500
$groupSearcher.SearchParameters.PropertiesToLoad.Add("distinguishedName")

# Build search filter for users
$userFilter = New-Object System.Text.StringBuilder
$userFilter.Append("(&(sAMAccountType=805306368)")
try
{
    $searchIterator = $groupSearcher.ExecuteSearch()
    while ($Context.MoveNext($searchIterator))
    {
        $searchResult = $searchIterator.Current
        $groupDN = $searchResult.GetPropertyByName("distinguishedName").Values[0]
        $filterPart = [Softerra.Adaxes.Ldap.FilterBuilder]::Create("memberOf", $groupDN)
        $userFilter.Append("(!$filterPart)")
    }
    $userFilter.Append(")")
}
finally
{
    # Release resources
    if ($searchIterator) { $searchIterator.Dispose() }
}

# Generate report
$Context.DirectorySearcher.SearchFilter = $userFilter.ToString()
$Context.Items.Add($Context.DirectorySearcher)
0

This pulls a list of accounts that ARE part of a distribution groups that start with POD-. How to I update iot to show accounts that are not part of distribution groups that start with POD-? Also can it only pull Active accounts?

0

Hello,

How to I update iot to show accounts that are not part of distribution groups that start with POD-?

The script we provided does exactly what you need. It returns accounts that are not members of the groups matching the specified template. Make sure that you specify a correct property and template in the corresponding variables.

Also can it only pull Active accounts?

What exactly do you mean by active account? Do you mean enabled ones?

0

Sorry, Yes enabled accounts.

0

Hello,

Thank you for the confirmation. Here is the updated script.

$groupIdentityProperty = "name" # TODO: modify me
$groupIdentityTemplate = "POD-*"  # TODO: modify me

# Group search parameters
$groupSearcher = New-Object Softerra.Adaxes.Adsi.Search.DirectorySearcher $NULL, $False
$groupSearcher.SearchParameters.VirtualRoot = $True
$groupSearcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
$groupSearcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$groupSearcher.SearchParameters.Filter = "(&(objectCategory=group)($groupIdentityProperty=$groupIdentityTemplate)(!(groupType:1.2.840.113556.1.4.803:=2147483648)))"
$groupSearcher.SearchParameters.PageSize = 500
$groupSearcher.SearchParameters.PropertiesToLoad.Add("distinguishedName")

# Build search filter for users
$userFilter = New-Object System.Text.StringBuilder
$userFilter.Append("(&(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))")
try
{
    $searchIterator = $groupSearcher.ExecuteSearch()
    while ($Context.MoveNext($searchIterator))
    {
        $searchResult = $searchIterator.Current
        $groupDN = $searchResult.GetPropertyByName("distinguishedName").Values[0]
        $filterPart = [Softerra.Adaxes.Ldap.FilterBuilder]::Create("memberOf", $groupDN)
        $userFilter.Append("(!$filterPart)")
    }
    $userFilter.Append(")")
}
finally
{
    # Release resources
    if ($searchIterator) { $searchIterator.Dispose() }
}

# Generate report
$Context.DirectorySearcher.SearchFilter = $userFilter.ToString()
$Context.Items.Add($Context.DirectorySearcher)
0

Thank you, The disable account are now gone but i'm still getting distrobution groups that start with POD- image.png

0

Hello,

Sorry for the confusion, but we are not sure what exactly you mean. The report only includes users, not groups. And they are only users that are not members of groups that meet the template. Your screenshot contains the Member Of section when viewing properties of a user in the Administration console, not a report. Please, make sure that you specify the $groupIdentityProperty and $groupIdentityTemplate variable values properly in your script. It might be so that a different property should be used.

Related questions

0 votes
1 answer

As part of offboarding a user I need to generate a report of all AD groups, Entra groups and all Azure / M365 roles and licenses the user has before they ... about keeping a record of the leavers configured profile to simplify cloning them onto new starters.

asked Jun 24 by dhardyuk (20 points)
0 votes
0 answers

Hi all, We have Adaxes running in our environment. We don't have an on-prem Exchange environment, everything is in Exchange online. Our existing distrubution groups all ... how to get the exchange properties back for newly created groups? Kind regards, Eddy

asked Dec 8, 2022 by eddy1985 (20 points)
0 votes
1 answer

Hi, I created a distribution group via adaxes web interface. And Established e-mail address for the group. And "Automaticaly update e-mail addresses based on e-mail address policy" ... work fine. I make a mistake but I can not find it. Any suggestion. Thanks

asked Nov 12, 2013 by Erkan.Ozturk (40 points)
0 votes
1 answer

I created a group Business Rule that triggers "After adding or removing a member from a group". On its Activity Scope I added a test group, and set it for "The group ... does not trigger. What should I do to make the BR detect this (admittedly rare) case?

asked Mar 16, 2023 by alex.vanderwoude (60 points)
0 votes
0 answers

When I run the above script after selecting groups the custom field "Group" is not showing one of the selected groups and not all of the groups are being reported ... 2 specific security groups are appearing and neither in one that was included in the search

asked Nov 18, 2021 by A_Pastor (70 points)
3,588 questions
3,277 answers
8,303 comments
548,091 users