0 votes

I would like to generate a report that will show me the recently modified "ipPhone" property field, which contains our Extensions, so that our Help Desk can use that to update other systems. I see there's script here, that may help https://www.adaxes.com/script-repositor ... d-s455.htm

How would I use that to make this possible?

by (1.4k points)
0

Hello,

Do we understand correctly, that you need to have a report that will include users and values of the ipPhone property (former and current)? Unfortunately, the script you referenced will no be helpful in this case as it can only be used to check whether a property value was updated in the operation that caused execution of the script itself.

Also, please, specify what version of Adaxes you are currently using To check that:

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, right-click your service.
  3. In the context menu, click Properties.
  4. Adaxes version will be displayed on the General tab.
0

We are using version 3.9.15526.0

The fields I'm looking for are:

DisplayName
ipPhone
Changed date of ipPhone

And the drop down option to select in Last 7,14,21,30 days.

I guess the Changed date isn't really necessary as long as it only displays ipPhone changes in the range selected.

1 Answer

0 votes
by (288k points)
selected by
Best answer

Hello,

Thank you for the provided details.

We recommend you to use the built-in Recently modified users report. Be default, the report is located in container Reports\All Reports\Users. In the report, the Days (display name Modified during the last) parameter specifies the period. You can change available parameter values to meet your needs. For details, see step 4 of the following tutorial: https://www.adaxes.com/tutorials_Active ... Report.htm. For information on how to configure report column settings, see step 5 of the tutorial.

0

This method you recommend will show me modified users, not specially to the ipPhone field, but to any field, so that's not going to work.

If I run the Management History report under logging, it shows me what I'm trying to look for, here:

https://imgur.com/dT1dQFR

Is there a way to modify this report to show me only those type records?

0

Hello,

Thank you for sharing the details.

Yes, this can be done by adding a Property name picker parameter to the report. The script will get the display name of the selected property and add only the logs records whose operation description contains the display name to the report. If this approach meets your needs, we will provide you with detailed instructions for updating the report.

Should you need any other modifications made to the report, please, provide us with all the possible details.

0

Yes, that sounds good, thank you.

0

Hello,

Thank you for your patience. Find the instructions for updating the built-in Management History report attached.

For your information: if the display name of a property changes, log records with the old display name will not be included into the report.

  1. Launch Adaxes Administration Console.

  2. In the Console Tree, expand your service node.

  3. Navigate to Reports\All Reports\Micsellaneous\Logging.

  4. Right-click the Management History report and then click Edit in the context menu.

  5. Activate the Parameters tab and click New.

  6. Select Property name picker and click Next.

  7. Enter a parameter name and display name (e.g. PropertyName and Property Name).

  8. Click Next and then click Finish.

  9. Activate the Script tab.

  10. Paste the below script into the corresponding field. In the script:

    • Make sure that the following line contains the parameter name you entered on step 7: $ldapPropertyName = $Context.GetParameterValue("param-PropertyName")
    • The $objectColumnID variable specifies the identifier of the Object custom column. To get the identifier:
      1. Activate the Columns tab.
      2. In the Report-specific columns section, select the Object column and click Edit.
      3. On the General tab, click Copy Column ID.
      4. The column identifier will be copied to clipboard.
     # Get parameter values
     $ldapPropertyName = $Context.GetParameterValue("param-PropertyName")
     $objectTypes = $Context.GetParameterValue("param-ObjectTypes")
     $days = $Context.GetParameterValue("param-Days")
     $initiator = $Context.GetParameterValue("param-Initiator")
     $showServiceSender = $Context.GetParameterValue("param-ShowServiceSender") -eq "1"
     $errorsOnly = $Context.GetParameterValue("param-ErrorsOnly") -eq "1"
    
     $initiatorUser = $initiator.IndexOf("1") -ge 0
     $initiatorScheduledTask = $initiator.IndexOf("2") -ge 0
     $anyInitiator = $initiatorUser -and $initiatorScheduledTask
    
     $startDate = (Get-Date).AddDays(- $days)
     $endDate = Get-Date
    
     # Search filter
     $filterObjectTypes = "(|" + $objectTypes + ")"
     $Context.DirectorySearcher.AppendFilter($filterObjectTypes)
    
     # Custom column identifiers
     $objectColumnID = "{5c1618e5-af1a-482e-bc5e-7032e1eecba3}"
    
     # Add properties necessary to generate the report
     $Context.DirectorySearcher.SearchParameters.PropertiesToLoad.Add("distinguishedName")
    
     # Get display name for the selected property
     $path = $Context.GetWellKnownContainerPath("ConfigurationSetSettings")
     $configurationContainer = $Context.BindToObject($path)
     $culture = [System.Globalization.CultureInfo]::CurrentCulture
     $attributeFriendlyNames = $configurationContainer.GetAttributeFriendlyNames($culture.ThreeLetterISOLanguageName, "ADM_GETATTRFRIENDLYNAMESMODE_MERGED")
     $propertyFriendlyNameByTypes = @{}
    
     foreach ($attributeFriendlyName in $attributeFriendlyNames)
     {
         if ($attributeFriendlyName.AttributeName -ne $ldapPropertyName)
         {
             continue
         }
    
         $propertyFriendlyNameByTypes.Add("Default", $attributeFriendlyName.GenericFriendlyName)
         foreach ($type in $attributeFriendlyName.TypeSpecificFriendlyNames)
         {
             $propertyFriendlyNameByTypes.Add($type.ObjectType, $type.FriendlyName)
         }
         break
     }
    
     # Generate report
     try
     {
         $searchIterator = $Context.DirectorySearcher.ExecuteSearch()
         while ($Context.MoveNext($searchIterator))
         {
             $searchResult = $searchIterator.Current
    
             $dn = $searchResult.GetPropertyByName("distinguishedName").Values[0]
             $columnValues = @{ $objectColumnID = $dn }
    
             # Get Modification Log for the object
             $obj = $Context.BindToObjectBySearchResult($searchResult)
             $modificationLog = $obj.GetModificationLog()
             $modificationLog.StartDateTime = $startDate
             $modificationLog.EndDateTime = $endDate
             $log = $modificationLog.Log
             $records = $log.GetPage(0)
    
             # Add log records to the report
             $noRecords = $True
             foreach ($record in $records)
             {
                 if ($Context.Items.Aborted)
                 {
                     return
                 }
    
                 if ($errorsOnly -and -not(
                     ($record.State -eq "OPERATION_STATE_FAILED_CAN_CONTINUE") -or
                     ($record.State -eq "OPERATION_STATE_FAILED_NO_CONTINUE")))
                 {
                     continue
                 }
    
                 if (-not $anyInitiator)
                 {
                     $initiatorClass = $record.Initiator.ObjectClass
                     if ((($initiatorUser -eq $False) -and $initiatorClass -ieq "user") -or
                         (($initiatorScheduledTask -eq $False) -and
                             (($initiatorClass -ieq "adm-ScheduledTask") -or
                             ($initiatorClass -ieq "adm-ReportScheduledTask"))))
                     {
                         continue
                     }
                 }
    
                 if (-not $showServiceSender)
                 {
                     if ($record.CommandSender -ieq "Service")
                     {
                         continue
                     }
                 }
    
                 if ($propertyFriendlyNameByTypes.ContainsKey($record.TargetObjectType))
                 {
                     $propertyFriendlyName = $propertyFriendlyNameByTypes[$record.TargetObjectType]
                 }
                 else
                 {
                     $propertyFriendlyName = $propertyFriendlyNameByTypes["Default"]
                 }
    
                 if ($record.DescriptionXml -notmatch "<propertyName>$propertyFriendlyName</propertyName>")
                 {
                     continue
                 }
    
                 $Context.Items.Add($record, $columnValues, $NULL)
                 $noRecords = $False
             }
    
             # If there are no records, add <No records> item
             if ($noRecords -eq $True)
             {
                 if ($styleNoRecords -eq $NULL)
                 {
                     $styleNoRecords = $Context.Items.CreateItemStyle("#3d3d3d", $NULL,
                         "ADM_LISTITEMFONTSTYLE_REGULAR")
                 }
                 $Context.Items.Add(-1, "<No records>", "Information", $columnValues, $styleNoRecords)
             }
         }
     }
     finally
     {
         if ($searchIterator) { $searchIterator.Dispose() }
     }
  11. Click OK.

0

That works perfect, thanks!

Related questions

0 votes
1 answer

We have four OUs in Active Directory (Pending Deletion, Disabled with Mail Delegates, Disabled with HR Extensions and Disabled_Temp_Leave) that users are moved to prior to their eventual ... past 7 days have been moved to one of 4 of these OUs. Thanks!

asked Jun 3, 2021 by RayBilyk (240 points)
0 votes
0 answers

We have been checking to see who users were most recently disabled so we can manually check a few things. Here is the code I used to get that information using the ... report $Context.SendMail($to, $subject, $NULL, $htmlBody) } I hope someone finds it useful!

asked Jan 8, 2015 by mobosys (290 points)
0 votes
1 answer

Hi, we currenlty have a business rule to send an email everytime the Title, Manager, Department, accountExpires, EmployeeType or FirstName attributes are ... Unit: %BusinessUnit% End Date: %accountExpires% Effective Date of Change: %adm-CustomAttributeDate2%

asked Feb 14 by KevC (60 points)
0 votes
1 answer

Is there a way to get a report weekly on who created/deleted/modified current Active Directory objects? Almost like a audit report ? Or is there a way to show who made the last change in the "Other" section of the user account

asked Jun 2, 2020 by travisdhahn (20 points)
+1 vote
1 answer

I see many questions regarding this in the Forum, and last solution is from 2014 - based on custom PS script, has something in the product come up that solves this ... outputs users that does not comply to property pattern in order to upkeep AD sanity. Thanks

asked Jan 21, 2021 by spinnetho (50 points)
3,541 questions
3,232 answers
8,225 comments
547,805 users