0 votes

Hello,

i'm german so sorry for my bad english. :D
I'm using the Bultin Report "Member of Groups:

# Get parameter values
$groupTypes = $Context.GetParameterValue("param-GroupTypes")
$memberTypes = $Context.GetParameterValue("param-MemberTypes")
$membersPropertyName = $Context.GetParameterValue("param-IndirectMembers")

# Custom column identifiers
$groupColumnID = "{b3292b44-9d91-4c84-a411-179dc0bf19d3}"

# IDs of primary groups to exclude from the report
$primaryGroupIDs = @{ 513="Domain Users"; 515="Domain Computers"; 516="Domain Controllers"; 521="RODCs" }

# Search filter
$filter = "(|" + $groupTypes + ")"
$Context.DirectorySearcher.AppendFilter($filter)
$filterMembers = "(|" + $memberTypes + ")"

# Add properties necessary to generate the report
$propertiesForMembers = $Context.DirectorySearcher.GetPropertiesToLoad()
$propertiesForGroups = @("objectClass", "objectGuid", "distinguishedName", "primaryGroupToken")
$Context.DirectorySearcher.SetPropertiesToLoad($propertiesForGroups)

# Create a hash table to map member GUIDs to search results
$guidComparer = $Context.CreatePropertyValueComparer("objectGuid")
$memberGuidToSearchResult = New-Object System.Collections.Hashtable @($guidComparer)

# Generate report
try
{
    $searchIterator = $Context.DirectorySearcher.ExecuteSearch()
    while ($Context.MoveNext($searchIterator))
    {
        $searchResult = $searchIterator.Current

        # Exclude well-known primary groups
        $primaryGroupID = $searchResult.GetPropertyByName("primaryGroupToken").Values[0]
        if ($primaryGroupIDs.Contains($primaryGroupID))
        {
            continue
        }

        $groupDN = $searchResult.GetPropertyByName("distinguishedName").Values[0]

        # Get GUIDs of the group members
        $group = $Context.BindToObjectBySearchResult($searchResult)
        try
        {
            $memberGuids = $group.GetEx($membersPropertyName)
        }
        catch  [System.Runtime.InteropServices.COMException]
        {
            if ($_.Exception.ErrorCode -eq 0x8000500D) # E_ADS_PROPERTY_NOT_FOUND
            {
                # The group doesn't have any members
                $columnValues = @{ $groupColumnID = $groupDN; }
                if ($styleNoMembers -eq $NULL)
                {
                    $styleNoMembers = $Context.Items.CreateItemStyle("#3d3d3d", $NULL,
                        "ADM_LISTITEMFONTSTYLE_REGULAR")
                }
                $Context.Items.Add(-1, "<Keine Mitglieder>", "Information", $columnValues, $styleNoMembers)
                continue
            }
            else
            {
                throw $_.Exception
            }
        }

        # Add group members to the report

        $guidsToSearch = $NULL
        # Add already found objects
        foreach ($memberGuid in $memberGuids)
        {
            if (-not $memberGuidToSearchResult.Contains($memberGuid))
            {
                if ($guidsToSearch -eq $NULL)
                {
                    $guidsToSearch = New-Object System.Collections.ArrayList
                }
                $guidsToSearch.Add($memberGuid)
            }
            else
            {
                $memberSearchResult = $memberGuidToSearchResult[@(,$memberGuid)][0]
                $clonedSearchResult = $memberSearchResult.Clone($False)
                $columnValues = @{ $groupColumnID = $groupDN; }
                $Context.Items.Add($clonedSearchResult, $columnValues, $NULL)
            }
        }

        if ($guidsToSearch -eq $NULL)
        {
            continue
        }

        # Search for members
        $memberSearcher = $Context.CreateGuidBasedSearcher($guidsToSearch)
        $memberSearcher.SetPropertiesToLoad($propertiesForMembers)
        $memberSearcher.AppendFilter($filterMembers)
        try
        {
            $memberSearchIterator = $memberSearcher.ExecuteSearch()
            while ($Context.MoveNext($memberSearchIterator))
            {
                $memberSearchResult = $memberSearchIterator.Current

                # Remember the search result
                $memberGuid = $memberSearchResult.GetPropertyByName("objectGuid").Values[0]
                $memberGuidToSearchResult[$memberGuid] = $memberSearchResult.Clone($False)

                # Add the object to the report
                $columnValues = @{ $groupColumnID = $groupDN; }
                $Context.Items.Add($memberSearchResult, $columnValues, $NULL)
            }
        }
        finally
        {
            if ($memberSearchIterator) { $memberSearchIterator.Dispose() }
        }
    }
}
finally
{
    if ($searchIterator) { $searchIterator.Dispose() }
}

The Result of this Report is exactly the same when executed in Adaxes Management Console and in the Web-Portal.
I modified the script so that not the Property "distinguishedName" but the Property "cn" or "name" is used.

The Result when executed inside the Management Console is as expected.
When executed inside the Web Portal than there is only one group "unspecified" with alle the users inside.

What am i doing wrong here?

by (100 points)
0

Hello,

I modified the script so that not the Property "distinguishedName" but the Property "cn" or "name" is used.

Could you, please, clarify what exactly was changed? Screenshots would be very helpful. You can post them here or send to our support email: support[at]adaxes.com.

The Result when executed inside the Management Console is as expected.
When executed inside the Web Portal than there is only one group "unspecified" with alle the users inside.

Did you use the same user account to generate the report in Adaxes Administration Console and in Web Interface? For information on how to check\change the credentials used to logon to Adaxes service in Adaxes Administration Console, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.Man ... count.html.

How exactly do you generate the report in Adaxes Web Interface? Do you just select the report from the reports list or you added the report to the home page?

0

Hello,

Hello,

I modified the script so that not the Property "distinguishedName" but the Property "cn" or "name" is used.

Could you, please, clarify what exactly was changed? Screenshots would be very helpful. You can post them here or send to our support email: support[at]adaxes.com.

in the given script i changed the following lines:

Line 19: 
#original   $propertiesForGroups = @("objectClass", "objectGuid", "distinguishedName", "primaryGroupToken")
#modified   $propertiesForGroups = @("objectClass", "objectGuid", "cn", "primaryGroupToken") 

Line 41: 
#original   $groupDN = $searchResult.GetPropertyByName("distinguishedName").Values[0]
#modified   $groupDN = $searchResult.GetPropertyByName("cn").Values[0]

The Result when executed inside the Management Console is as expected.
When executed inside the Web Portal than there is only one group "unspecified" with alle the users inside.

Did you use the same user account to generate the report in Adaxes Administration Console and in Web Interface? For information on how to check\change the credentials used to logon to Adaxes service in Adaxes Administration Console, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.Man ... count.html.

How exactly do you generate the report in Adaxes Web Interface? Do you just select the report from the reports list or you added the report to the home page?

i tried both for both cases, using the adaxes service account, and my personal account.
The Results are the same.

Original Report: Working in Adaxes Administration Console and in the Web Interface (remaining unchanged after copy)

Modified Report: Working in Adaxes Administration Console but not in the Web Interface (modified lines seeing above)
There is another mismatch in the web interface: The group description column is for users empty.

Result inside Admin Console:

Result inside Web Interface:

1 Answer

0 votes
by (294k points)
selected by
Best answer

Hello,

Thank you for the provided details.

This behavior occurs because the custom column Group is of Active Directory object type. To remedy the issue, you need to change the column type to Text. To do so:

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, expand the service node.
  3. Navigate to Reports\All reports\Groups\Membership.
  4. Right-click the Members of groups report and then click Edit in the context menu.
  5. In the dialog box that opens, activate the Columns tab.
  6. In the Report-specific columns section, select Group and click Edit.
  7. On the General tab, select Text and click OK twice.
0

Hello,

thanks for the reply. This worked like a charm for the grouping of the users.

The user description column unfortunately is still empty inside the web interface.
I tried to create a report-specific description column with column type text (like group is now) and in the valuation tab i used the template %description% but no success in the web interface (Admin Console works).

Do you have any idea for this too?

0

Hello,

As per our check, the report works just fine with the modification you made to the script and the Group custom column type set to Text. The Description column should not be affected. It looks like the behavior occurs because the account whose credentials were used to sign in to Adaxes Web Interface does not have the permissions to see the value of the Description property for the users. To check that, please, try to generate the report in Adaxes Web Interface when signed in with the credentials of the Adaxes service account (specified during Adaxes installation).

If the issue still persists could we, please, review your Adaxes configuration? Please, make a backup of your configuration and email it (support[at]adaxes.com) to us: https://www.adaxes.com/help/?HowDoI.Man ... ation.html.
To not include credentials, please, do not select the Back up credentials checkbox on step 2 of the wizard.

Related questions

0 votes
1 answer

We have four OUs in Active Directory (Pending Deletion, Disabled with Mail Delegates, Disabled with HR Extensions and Disabled_Temp_Leave) that users are moved to prior to their eventual ... past 7 days have been moved to one of 4 of these OUs. Thanks!

asked Jun 3, 2021 by RayBilyk (240 points)
0 votes
1 answer

I have a 'Before user account creation' business rule that starts as follows: If script 'Validate user exists' returns true then Do Nothing // rest of ... experiencing a bug where $Context.Cancel is not properly terminating the business rule. Thanks.

asked Dec 17, 2024 by lw.fa (150 points)
0 votes
1 answer

I have a number of custom Powershell commands that run during user onboarding, and while the Powershell script runs successfully, the Adaxes execution log for the command will ... Adaxes when this happens so the command doesn't show that it ran successfully?

asked Dec 16, 2024 by cwyant-hfg (40 points)
0 votes
1 answer

I'd like to log specific details from my scripts but would like to integrate it with Adaxes if possible.

asked Jun 5, 2024 by ZoomGhost (280 points)
0 votes
1 answer

Hi, if a user creates a new user via web form and backend scripts are executed, is there a way to skip this waiting page? I not sure if I found some setting in the ... asynchronously" would do the trick, no? But I want all task are excuted one after one.

asked Jan 24, 2024 by wintec01 (1.5k points)
3,596 questions
3,283 answers
8,317 comments
548,255 users