0 votes

Hello,

Was wondering if there is a script for a business rule or a property pattern that can be used for this request. I am wondering how can I do a check anytime a user is modified that checks if the email address (Proxy Address and Mail) values are not already present in the AD. If they are then id like it to error and let the person know that the SMTP address is already taken.

Essentially when editing a user account and assigning it a new email address id like a check to be done to confirm uniqueness and then allow to proceed if its unique. I have something like this but doesnt work and errors no matter what.

Import-Module Adaxes

function IsMailUnique($isOnPremiseObject, $emailAddress)
{
    # Filter to check if the mail address or proxyAddresses already exist
    if ($isOnPremiseObject)
    {
        $filter = {mail -eq $emailAddress -or proxyAddresses -contains "SMTP:$emailAddress"}
    }
    else
    {
        $filter = {mail -eq $emailAddress -or proxyAddresses -contains "SMTP:$emailAddress"}
    }

    $domain = $Context.GetObjectDomain("%distinguishedName%")
    $user = Get-AdmUser -Filter $filter -Server $domain -AdaxesService localhost

    # Return false if no user is found, meaning email is unique
    return $null -eq $user
}

# Check directory type.
$isOnPremiseObject = $Context.TargetObject.DirectoryType -eq 1

# Get the email address and proxy addresses.
$emailAddress = $Context.GetModifiedPropertyValue("mail")
$proxyAddresses = $Context.GetModifiedPropertyValue("proxyAddresses")

# Check if the email address is unique.
if (-not (IsMailUnique $isOnPremiseObject $emailAddress))
{
    # If email is already taken, return True
    $Context.LogMessage("The email address '$emailAddress' is already in use.", "Information")
    return $true
}
else
{
    # If email is unique (not taken), return False
    $Context.LogMessage("The email address '$emailAddress' is available.", "Information")
    return $false
}
by (60 points)

1 Answer

0 votes
by (294k points)

Hello Kole,

Have a look at the following script from our repository: https://www.adaxes.com/script-repository/check-whether-email-and-username-are-unique-s347.htm. You will just need to update the criteria part not to check the username. For details on how to build criteria in Adaxes scripts, see https://adaxes.com/sdk/HowDoI.BuildCriteria. The following tutorial might also be helpful: https://www.adaxes.com/help/ValidateModifyUserInputWithScript.

0

Hello I am running the script you shared and it doesnt appear to be working. It errors for all email address changes. I have pasted the script in below as well as a screenshot of the business rule I am using. Would like to get this working for both new users and for updating existing users.

Screenshot 2024-11-13 at 11.33.58 AM.png

$expression = {mail -eq "%mail%"}
$criteria = New-AdmCriteria -Type "user" -Expression $expression
Write-Host $criteria

$criteria = New-AdmCriteria "user" {passwordNeverExpires -eq $true}

# Search for users with the username or email address specified
$searcher = $Context.BindToObject("Adaxes://rootDSE")
$searcher.Criteria = $criteria
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.VirtualRoot = $True
$searcher.SizeLimit = 1

try
{
    $searchResultIterator = $searcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()

    if ($searchResults.Length -ne 0)
    {
        $Context.Cancel("A user with the same username or email address already exists")
        return
    }
}
finally
{
    # Release resources
    $searchResultIterator.Dispose()
}
0

Hello Kole,

There are a lot of issues in the way you used the script. First of all, Write-Host does not work in Adaxes. You need to use method $Context.LogMessage. Also, for some reason you are creating criteria twice and thus the first one is never used. You need to either remove the below line or create criteria once with combined expression. Finally, the script cannot be used in a condition. If that is your desire, you need to set the $Context.ConditionIsMet variable to true/false instead of calling $Context.Cancel.

Related questions

0 votes
1 answer

Hello, When a user account is created, we would like for that user to be added to a group whose name is based on a certain naming convention. If the group doesn't yet exist ... If that group doesn't exist, it will first create the group and then add the user.

asked Mar 11 by sjjb2024 (60 points)
0 votes
1 answer

feature request: Allow scheduled reports to have any email address as a recipient.

asked Nov 24 by PaulPCGuy7 (20 points)
0 votes
1 answer

Hi all, I've created a 'View User' command via the Web Interface Configurator. I don't want users to be able to make any changes, so I've created a Custom ... there any way to remove this, short of removing the entire Exchange section itself? Thanks, David

asked Sep 5 by dshortall (80 points)
0 votes
1 answer

Hello, I'm wondering if it's possible to export a list of all users in AD along with their email addresses to an Excel spreadsheet and then schedule that export to append ... address that wasn't previously used. Please let me know if this is possible. Thanks!

asked Apr 11 by sjjb2024 (60 points)
0 votes
1 answer

The default pattern format we need should be :First letter of User firstname concatinated to user lastname and pd.sandiego.gov as in jdoe@pd.sandiego.gov

asked Jan 23 by hhsmith (100 points)
3,588 questions
3,277 answers
8,303 comments
548,077 users