Hello,
Yes, you are right, sorry for missing it. As we can see, you are using Adaxes 2023.2 and the script from built-in report Passwords changed long ago. Starting with version 2023, criteria was added to Adaxes and that is something you should use instead of LDAP filters. For details on how to build criteria, see https://adaxes.com/sdk/HowDoI.BuildCriteria. We updated your script accordingly and added the options you requested. Here is the final script:
# Get parameter values
$days = $Context.GetParameterValue("param-Days")
$highlight = $Context.GetParameterValue("param-Highlight") -eq "1"
# To highlight users who can log in, we need account options and the account expiration date
if ($highlight)
{
$Context.DirectorySearcher.SearchParameters.PropertiesToLoad.AddRange(@(
"userAccountControl", "accountExpires"))
}
# Set search criteria
$threshold = (Get-Date).AddDays(- $days)
$criteria = New-AdmCriteria "user" {(mailboxType -ne "shared") -and (pwdLastSet -lt $threshold) -and (accountDisabled -eq $false)}
$criteria["user"].Add({(employeeType -eq "admin") -or (employeeType -eq "service") -or (employeeType -empty $True)})
$Context.DirectorySearcher.AddCriteria($criteria)
# Build the report
try
{
$searchIterator = $Context.DirectorySearcher.ExecuteSearch()
while ($Context.MoveNext($searchIterator))
{
$searchResult = $searchIterator.Current
# Highlight users who can log in
$itemStyle = $NULL
if ($highlight -and
-not $Context.IsAccountDisabled($searchResult) -and
-not $Context.IsAccountExpired($searchResult))
{
# Create a style for highlighted objects
if (-not $styleHighlighted)
{
$styleHighlighted = $Context.Items.CreateItemStyle($NULL, "#f5f7de",
"ADM_LISTITEMFONTSTYLE_REGULAR")
}
$itemStyle = $styleHighlighted
}
$Context.Items.Add($searchResult, $NULL, $itemStyle)
}
}
finally
{
if ($searchIterator) { $searchIterator.Dispose() }
}