Adaxes

Trying to figure out why the report fails with an error after returning a few results

0 votes

I created a custom report based on the script supplied and it seems to be working because it returns a few results before throwing the attached error.

image.png

Everything looks correct in the report configuation and script. Any ideas what might be causing it to error out on some groups or why it would be returning a null-value?

related to an answer for: Report to see in which rule a group was used
by (20 points)
0

Hello,

For troubleshooting purposes, please, post here or send us (support@adaxes.com) the script you are using to generate the report in TXT format.

by (301k points)
0

The code used was copied from the related answer that is linked to this question.

$groupDNString = "%param-Group%"
$groupDN = New-Object "Softerra.Adaxes.LDAP.DN" $groupDNString

try
{
    $groupCriteria = New-AdmCriteria -Type "group" -Expression {membershipType -eq "rule-based"}
    $Context.DirectorySearcher.AddCriteria($groupCriteria)

    $searchResultIterator = $Context.DirectorySearcher.ExecuteSearch()
    while ($Context.MoveNext($searchResultIterator))
    {
        $searchResult = $searchResultIterator.Current
        $group = $Context.BindToObjectBySearchResult($searchResult)

        foreach ($rule in $group.MembershipRules) 
        {
            if ($rule.Type -ne "ADM_BUSINESSUNITMEMBERSHIPTYPE_GROUP")
            {
                continue
            }

            $ruleGroupDNString = $rule.Group.Get("distinguishedName")
            $ruleGroupDN = New-Object "Softerra.Adaxes.LDAP.DN" $ruleGroupDNString

            if ($groupDN -eq $ruleGroupDN)
            {
                $Context.Items.Add($searchResult)
                break
            }
        }
    }
}
finally
{
    if ($searchResultIterator) 
    { 
        $searchResultIterator.Dispose()
    }
}
by (20 points)
0

Hello,

Unfortunately, we were not able to reproduce the error and the script works exactly as intended.

For further troubleshooting, please, post here or send us (support@adaxes.com) a screenshot of the Multi-server environment dialog. The dialog displays how many Adaxes services you have and what their versions are. For information on how to view it, see https://www.adaxes.com/help/MultiServerEnvironment.

by (301k points)
0

Here is the screeshot of our multi-server environment. image.png

Is there a way for me to do any debug on this script to report which object it is throwing the error on? I've tried it with multiple groups and most throw the error after returning a few results.

Not sure if this helps or not, but I am seeing this in the log: image.png Which would be at this line:
$ruleGroupDNString = $rule.Group.Get("distinguishedName")

In this case, the report returned seven results before it threw the error.

by (20 points)

1 Answer

0 votes
by (301k points)

Hello,

The issue can occur in case there are invalid membership rules. For example, a group in a rule is deleted. We updated the script to handle such cases.

$groupDNString = "%param-Group%"
$groupDN = New-Object "Softerra.Adaxes.LDAP.DN" $groupDNString

try
{
    $groupCriteria = New-AdmCriteria -Type "group" -Expression {membershipType -eq "rule-based"}
    $Context.DirectorySearcher.AddCriteria($groupCriteria)

    $searchResultIterator = $Context.DirectorySearcher.ExecuteSearch()
    while ($Context.MoveNext($searchResultIterator))
    {
        $searchResult = $searchResultIterator.Current
        $group = $Context.BindToObjectBySearchResult($searchResult)
        $groupName = $Context.GetDisplayNameFromAdsPath($group.AdsPath, $True)

        foreach ($rule in $group.MembershipRules) 
        {
            if ($rule.Type -ne "ADM_BUSINESSUNITMEMBERSHIPTYPE_GROUP")
            {
                continue
            }

            if ($NULL -eq $rule.Group)
            {
                $Context.LogMessage("Membership rules of $groupName group contain ivalid objects.", "Warning")
                continue
            }

            $ruleGroupDNString = $rule.Group.Get("distinguishedName")
            $ruleGroupDN = New-Object "Softerra.Adaxes.LDAP.DN" $ruleGroupDNString

            if ($groupDN.CompareTo($ruleGroupDN) -eq 0)
            {
                $Context.Items.Add($searchResult)
                break
            }
        }
    }
}
finally
{
    if ($searchResultIterator) 
    { 
        $searchResultIterator.Dispose()
    }
}
0

Looks like that did the trick. Thanks for the fix!

by (20 points)

Related questions

0 votes
1 answer
Does Adaxes have a report to seek out users with the same password?

We are looking for if Adaxes has a report we can run that will tell us if there are multiple users using the same or similar passwords? Is there any tool that we can ... as another users? I appreciate any information you may be able to provide. Thank You,

asked Feb 27, 2024 by Jeff.Briand (80 points)
0 votes
1 answer
Trying to create an report with extension attribute

I am trying to create a report, that searches the extension attribute40 of all users for a username. I tried the report with "Active Directory search (param-Username)" and script. I would be glad about a tip

asked Dec 8, 2022 by boris (570 points)
0 votes
1 answer
Trying to create a report to show the delegate access on selected mailbox

I've got the following script so far using the SDK but running into an error: You cannot call a method on a null-valued expression. At line:1 char:1 + ... .BindToObjectByDN("$object.SearchResult.AdsPath.DN") $Context.Items.Add($item, $columnValues) } } } }

asked May 19, 2021 by richarddewis (260 points)
0 votes
1 answer
Is it possible to generate a report of all of the business rules carried out on a user when they are disabled?

I'd like to be able to either send an email report or export a CSV of all of the business rules carried out when a user is disabled. This would be ... Management Activity section but this includes things that weren't part of the disable operation. Thanks

asked Feb 19, 2020 by bavery (250 points)
0 votes
1 answer
Is it possible when copying a user to reference the source account in an after user creation business rule?

I am trying to trigger processing outside of Active Directory when an account is created based on the source user account that was used. Does Adaxes store the source account anywhere?

asked Oct 9, 2023 by jnordell (20 points)
3,677 questions
3,361 answers
8,494 comments
549,333 users