0 votes

Morning,

I have a very intermittent problem with reading a value from the Global Configuration. See code below.

A value that is normally incremented sometimes gets "reset" to 888000 due to the "# If no number is set in the global configuration, use the initial number"
I can't see any reason as to why this would be so can only think of an interruption of some description so the value can't be read.

I can reset it back easily but can you add any more error checking or log entry(s) to help me troubleshoot next time it happens please?

$usernameFormat = "A{0:000000}" # TODO: modify me
$initialNumber = 888000 # TODO: modify me
$maxNumber = 900000 # TODO: modify me

$settingsPath = $Context.GetWellKnownContainerPath("ConfigurationSetSettings")
$settings = $Context.BindToObject($settingsPath)

# Get the next contractor number from global configuration
try
{
    $number = [int]($settings.Get("adm-CustomAttributeInt1"))
    $number++
}
catch
{
    # If no number is set in the global configuration, use the initial number
    $number = $initialNumber
}
by (840 points)
0

Hello,

Do you have Adaxes Service installed on a single computer or multiple computers? If Adaxes Service is installed on multiple computers, can you check the ADAM (AdaxesBackend) Event Log on all of them for any errors or warnings that relate to replication?

0

Thanks for replying.

Sorry no, it's all on one server.
Looking in the ADAM event log suggests no issues as far as I can tell.

I would suggest that this script resets the value but why is a mystery so far.

John.

0

John,

This is only partial script. Can you post here or send us the complete text of the script exactly as you use it?

Also, as far as we remember, we provided you an additional script that resets the attribute value to the default. It should be used as a part of a Custom Command. Can you check Adaxes General Log and verify whether the Custom Command has been used? Maybe, someone launched it without your knowledge and authorization? For information on how to view Adaxes General Log, see the following help article: http://www.adaxes.com/help/?Logging.Vie ... eLogl.html.

0

Here you go :D (Sanitised a little)
The other script to reset works fine and would set the number to a different number that 888000

$usernameFormat = "A{0:000000}" # TODO: modify me
$initialNumber = 888000 # TODO: modify me
$maxNumber = 900000 # TODO: modify me

$settingsPath = $Context.GetWellKnownContainerPath("ConfigurationSetSettings")
$settings = $Context.BindToObject($settingsPath)

# Get the next contractor number from global configuration
try
{
    $number = [int]($settings.Get("adm-CustomAttributeInt1"))
    $number++
}
catch
{
    # If no number is set in the global configuration, use the initial number
    $number = $initialNumber
}

$uniqueUsername = [System.String]::Format($usernameFormat, $number)
do
{
    if ($number -gt [int]$maxNumber)
    {
        $Context.Cancel("Cannot generate a username for the contractor because the maximum allowed contractor number has been reached. Please contact your system administrator.")
        return
    }

    # Check whether the username is unique
    $searcher = $Context.BindToObject("Adaxes://rootDse")
    $searcher.PageSize = 500
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.SearchFilter = "(&(sAMAccountType=805306368)(sAMAccountName=$uniqueUsername))"
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    $searcher.VirtualRoot = $True

    try
    {
        $searchResult = $searcher.ExecuteSearch()
        $result = $searchResult.FetchAll()

        # If the username is not unique, find a unique one
        if ($result.Count -ne 0)
        {
            $number++
            $uniqueUsername = [System.String]::Format($usernameFormat, $number)
        }
    }
    finally
    {
        $searchResult.Dispose()
    }

}
while ($result.Count -ne 0)

# Save the new number in the global settings
if ($number -lt [int]$initialNumber)
{
    $settings.Put("adm-CustomAttributeInt1", $number)
    $settings.SetInfo()
}

#Gather employee number, upper and lower case versions and set password
    $cemployeeValue = $uniqueUsername
    $cemployeeValueLow = $uniqueUsername.ToLower()
    $defPassword = "<PASSWORD>"

    #Gather user's names and initials
    $clastNameValue = ($Context.GetModifiedPropertyValue("sn")).Trim()
    $cfirstNameValue = ($Context.GetModifiedPropertyValue("givenName")).Trim()
    $cinitialsValue = ($Context.GetModifiedPropertyValue("initials")).Trim()

    #Calculate user's display name, email, homedir, logonname, pobox
    $upnSuffix = $Context.GetObjectDomain("%distinguishedName%")
    $cdisplayNameValue = "$($clastNameValue) $($cfirstNameValue) $($cinitialsValue)"
    $cemailValue = "$($cfirstNameValue.ToLower()).$($clastNameValue.ToLower()).<SUFFIX>"
    $chomeDirValue = "\<SERVERNAME>\$cemployeeValue$"
    $clogonNameValue = $($cemployeeValue)
    $clogonNameValueSuffix = $($cemployeeValue) + "@" + $upnSuffix
    $cprofilePathValue = "\<SERVERNAME>\$cemployeeValue$\Settings"
    $cpoBoxValue = "$($cfirstNameValue.ToLower()).$($clastNameValue.ToLower()).<SUFFIX>"

    #Set some static user properties
    $ccityValue = "Chat"
    $ccountryValue = "GB"
    $chomeDriveValue = "O:"
    $cofficeValue = "<OFFICE>"
    $cpostCodeValue = "<POSTCODE>"
    $expiryValue = Get-Date
    $expiryValue = $expiryValue.AddDays(365)

    #Comit changes to the user record
    $Context.SetModifiedPropertyValue("displayName", ($cdisplayNameValue)) #Set "displayname"
    $Context.SetModifiedPropertyValue("mail", ($cemailValue)) #Set "mail"
    $Context.SetModifiedPropertyValue("homeDirectory", ($chomeDirValue)) #Set "home directory"
    $Context.SetModifiedPropertyValue("homeDrive", ($chomeDriveValue)) #Set "home drive" to O:
    $context.SetModifiedPropertyValue("profilePath", ($cprofilePathValue)) #Set "Profile path"
    $Context.SetModifiedPropertyValue("userPrincipalName", ($clogonNameValueSuffix)) #Set "logon name" (Mnumber)
    $Context.SetModifiedPropertyValue("sAMAccountName", ($clogonNameValue)) #Set "pre 2000 logon name" (Mnumber)
    $Context.SetModifiedPropertyValue("postOfficeBox", ($cpoBoxValue))
    $Context.SetModifiedPropertyValue("cn", ($cemployeeValue)) #Set "fullname" to MNumber
    $Context.SetModifiedPropertyValue("l", ($ccityValue)) # Set "city" to Chat
    $Context.SetModifiedPropertyValue("c", ($ccountryValue)) #Set "country" to GB (united kngdom)    
    $Context.SetModifiedPropertyValue("physicalDeliveryOfficeName", ($cofficeValue)) #Set "office" to <OFFICE>
    $Context.SetModifiedPropertyValue("postalCode", ($cpostCodeValue)) #Set "postalcode" to <POSTCODE>
    $Context.SetModifiedPropertyValue("accountExpires", ($expiryValue)) #Set account expiry to 1yr from now
    $Context.SetNewPassword($defPassword) #Set default password
    #$Context.LogMessage("Contractor username: $userLogonName", "Information")
0

Hello,

We see a small change compared to the script we provided to you. The following lines didn't have any if-statement in the original script, and this is the cause for the issue:

# Save the new number in the global settings
if ($number -lt [int]$initialNumber)
{
$settings.Put("adm-CustomAttributeInt1", $number)
$settings.SetInfo()
}

The if-statement checks whether the new number assigned to the contractor is less than the original number. That will never be met under normal conditions, because the script always assigns a contractor number that is grater than the initial number. The only case when the condition would be met and the assigned number would be saved is when you use the reset script to assign an initial number in the global configuration smaller than 888000. In that case, if the assigned number falls within the interval between the new initial number and 888000, it will be saved. For example, if you reset the initial number to 887000, the script will save the new number if there are any free numbers available between 887000 and 887999.

What was the intention of adding that if-statement? What did you want to check with the help of it? Can you provide more details?

0

Hi guys,

Sorry for the protracted amount of time in replying, been snowed under with other projects.

I think the reason for adding it was that the first time the issue occurred a contractor account was created with A888000 and was actually allocated to the user. This meant that I had to (in my own half arsed way) prevent A888000 being saved or created again because it was actually in use.
What I really need to do is set the max number to 887999, I can then take the If statement out.

I think the thing I was looking at specifically was this:

catch
{
    # If no number is set in the global configuration, use the initial number
    $number = $initialNumber
}

This is the only reason that the proposed contractor number would be set as A888000 or higher, the real numbers involved on a day to day basis are in the A2xxxxx range. So I'm trying to think of a way that the system would think that there is no "last number2 already in the configuration. Does that make sense?

John.

0

Hello John,

We don't quite understand what your concern is. The script will enter the catch block you mentioned only if there is no saved number in the global configuration. Since you are using this solution already, there should be a number.

As far as we understand, you need to set the $maxNumber in the script to 888000, and then set the initial number stored in the global configuration to something like 200000. You should already have a script for that. The script will find the first 'free' number after the one you specified by adding a +1 and checking with AD each time.

Also, you shouldn't worry that the script will assign a 'taken' number again. The script checks whether a user with the same username (i.e. number) already exists and won't allow doing that. If the script reaches the maximum number and doesn't find an untaken one, it will simply give you an error message and won't allow creating a new user.

Please log in or register to answer this question.

Related questions

0 votes
0 answers

We have delegated updating user properties in AD and the usrs have requested those changes updated in the GAL. Is ther ea way to do this in Adaxes?

asked Feb 13, 2020 by Derek.Axe (480 points)
0 votes
1 answer

Hello, The upgrade process is, given my knowlegde, still requiring to uninstall and reinstall the product, importing back then the configuration. I had troubles with that process ... to have a patching process a little bit more easier to apply. Thanks Stephen

asked Feb 18, 2012 by sroux (800 points)
0 votes
1 answer

Hello, when we create an user we send an "welcome mail" with UPN and password out. Sometimes the manager of this user is on vacation or cant for some reason not forward ... ? With object parameters? But then i cant use the send email action. Thanks in advance.

asked Aug 7, 2023 by eww ag (140 points)
0 votes
1 answer

I'm creating a powershell script to handle all the 'modify user' steps, instead of having them be individual steps in Adaxes. This script runs after we fill out a form. A ... empty parameter considered as either a "tab" or "4 spaces" ? Thanks for your help.

asked Dec 12, 2022 by lw.fa (130 points)
0 votes
1 answer

We are trying to mass change user photos through a scripted method. We are using a modified version of the Import User Photo and Optimize User Photo scripts. ... { $newJpegPicture.Dispose() } if ($newThumbnailPicture) { $newThumbnailPicture.Dispose() } }

asked Mar 10, 2019 by polley (1.2k points)
3,549 questions
3,240 answers
8,232 comments
547,814 users