Different Report Execution

Question

Hello,

i'm german so sorry for my bad english. :D
I'm using the Bultin Report "Member of Groups:

# Get parameter values
$groupTypes = $Context.GetParameterValue("param-GroupTypes")
$memberTypes = $Context.GetParameterValue("param-MemberTypes")
$membersPropertyName = $Context.GetParameterValue("param-IndirectMembers")

# Custom column identifiers
$groupColumnID = "{b3292b44-9d91-4c84-a411-179dc0bf19d3}"

# IDs of primary groups to exclude from the report
$primaryGroupIDs = @{ 513="Domain Users"; 515="Domain Computers"; 516="Domain Controllers"; 521="RODCs" }

# Search filter
$filter = "(|" + $groupTypes + ")"
$Context.DirectorySearcher.AppendFilter($filter)
$filterMembers = "(|" + $memberTypes + ")"

# Add properties necessary to generate the report
$propertiesForMembers = $Context.DirectorySearcher.GetPropertiesToLoad()
$propertiesForGroups = @("objectClass", "objectGuid", "distinguishedName", "primaryGroupToken")
$Context.DirectorySearcher.SetPropertiesToLoad($propertiesForGroups)

# Create a hash table to map member GUIDs to search results
$guidComparer = $Context.CreatePropertyValueComparer("objectGuid")
$memberGuidToSearchResult = New-Object System.Collections.Hashtable @($guidComparer)

# Generate report
try
{
    $searchIterator = $Context.DirectorySearcher.ExecuteSearch()
    while ($Context.MoveNext($searchIterator))
    {
        $searchResult = $searchIterator.Current

        # Exclude well-known primary groups
        $primaryGroupID = $searchResult.GetPropertyByName("primaryGroupToken").Values[0]
        if ($primaryGroupIDs.Contains($primaryGroupID))
        {
            continue
        }

        $groupDN = $searchResult.GetPropertyByName("distinguishedName").Values[0]

        # Get GUIDs of the group members
        $group = $Context.BindToObjectBySearchResult($searchResult)
        try
        {
            $memberGuids = $group.GetEx($membersPropertyName)
        }
        catch  [System.Runtime.InteropServices.COMException]
        {
            if ($_.Exception.ErrorCode -eq 0x8000500D) # E_ADS_PROPERTY_NOT_FOUND
            {
                # The group doesn't have any members
                $columnValues = @{ $groupColumnID = $groupDN; }
                if ($styleNoMembers -eq $NULL)
                {
                    $styleNoMembers = $Context.Items.CreateItemStyle("#3d3d3d", $NULL,
                        "ADM_LISTITEMFONTSTYLE_REGULAR")
                }
                $Context.Items.Add(-1, "<Keine Mitglieder>", "Information", $columnValues, $styleNoMembers)
                continue
            }
            else
            {
                throw $_.Exception
            }
        }

        # Add group members to the report

        $guidsToSearch = $NULL
        # Add already found objects
        foreach ($memberGuid in $memberGuids)
        {
            if (-not $memberGuidToSearchResult.Contains($memberGuid))
            {
                if ($guidsToSearch -eq $NULL)
                {
                    $guidsToSearch = New-Object System.Collections.ArrayList
                }
                $guidsToSearch.Add($memberGuid)
            }
            else
            {
                $memberSearchResult = $memberGuidToSearchResult[@(,$memberGuid)][0]
                $clonedSearchResult = $memberSearchResult.Clone($False)
                $columnValues = @{ $groupColumnID = $groupDN; }
                $Context.Items.Add($clonedSearchResult, $columnValues, $NULL)
            }
        }

        if ($guidsToSearch -eq $NULL)
        {
            continue
        }

        # Search for members
        $memberSearcher = $Context.CreateGuidBasedSearcher($guidsToSearch)
        $memberSearcher.SetPropertiesToLoad($propertiesForMembers)
        $memberSearcher.AppendFilter($filterMembers)
        try
        {
            $memberSearchIterator = $memberSearcher.ExecuteSearch()
            while ($Context.MoveNext($memberSearchIterator))
            {
                $memberSearchResult = $memberSearchIterator.Current

                # Remember the search result
                $memberGuid = $memberSearchResult.GetPropertyByName("objectGuid").Values[0]
                $memberGuidToSearchResult[$memberGuid] = $memberSearchResult.Clone($False)

                # Add the object to the report
                $columnValues = @{ $groupColumnID = $groupDN; }
                $Context.Items.Add($memberSearchResult, $columnValues, $NULL)
            }
        }
        finally
        {
            if ($memberSearchIterator) { $memberSearchIterator.Dispose() }
        }
    }
}
finally
{
    if ($searchIterator) { $searchIterator.Dispose() }
}

The Result of this Report is exactly the same when executed in Adaxes Management Console and in the Web-Portal.
I modified the script so that not the Property "distinguishedName" but the Property "cn" or "name" is used.

The Result when executed inside the Management Console is as expected.
When executed inside the Web Portal than there is only one group "unspecified" with alle the users inside.

What am i doing wrong here?

Comments

Hello,

I modified the script so that not the Property "distinguishedName" but the Property "cn" or "name" is used.

Could you, please, clarify what exactly was changed? Screenshots would be very helpful. You can post them here or send to our support email: support[at]adaxes.com.

The Result when executed inside the Management Console is as expected.
When executed inside the Web Portal than there is only one group "unspecified" with alle the users inside.

Did you use the same user account to generate the report in Adaxes Administration Console and in Web Interface? For information on how to check\change the credentials used to logon to Adaxes service in Adaxes Administration Console, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.Man ... count.html.

How exactly do you generate the report in Adaxes Web Interface? Do you just select the report from the reports list or you added the report to the home page?

---

Hello,

Hello,

I modified the script so that not the Property "distinguishedName" but the Property "cn" or "name" is used.

Could you, please, clarify what exactly was changed? Screenshots would be very helpful. You can post them here or send to our support email: support[at]adaxes.com.

in the given script i changed the following lines:

Line 19: 
#original   $propertiesForGroups = @("objectClass", "objectGuid", "distinguishedName", "primaryGroupToken")
#modified   $propertiesForGroups = @("objectClass", "objectGuid", "cn", "primaryGroupToken") 

Line 41: 
#original   $groupDN = $searchResult.GetPropertyByName("distinguishedName").Values[0]
#modified   $groupDN = $searchResult.GetPropertyByName("cn").Values[0]

The Result when executed inside the Management Console is as expected.
When executed inside the Web Portal than there is only one group "unspecified" with alle the users inside.

Did you use the same user account to generate the report in Adaxes Administration Console and in Web Interface? For information on how to check\change the credentials used to logon to Adaxes service in Adaxes Administration Console, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.Man ... count.html.

How exactly do you generate the report in Adaxes Web Interface? Do you just select the report from the reports list or you added the report to the home page?

i tried both for both cases, using the adaxes service account, and my personal account.
The Results are the same.

Original Report: Working in Adaxes Administration Console and in the Web Interface (remaining unchanged after copy)

Modified Report: Working in Adaxes Administration Console but not in the Web Interface (modified lines seeing above)
There is another mismatch in the web interface: The group description column is for users empty.

Result inside Admin Console:

Result inside Web Interface:

Answer 1

Hello,

Thank you for the provided details.

This behavior occurs because the custom column Group is of Active Directory object type. To remedy the issue, you need to change the column type to Text. To do so:

1. Launch Adaxes Administration Console.
2. In the Console Tree, expand the service node.
3. Navigate to Reports\All reports\Groups\Membership.
4. Right-click the Members of groups report and then click Edit in the context menu.
   
5. In the dialog box that opens, activate the Columns tab.
6. In the Report-specific columns section, select Group and click Edit.
   
7. On the General tab, select Text and click OK twice.
   

Comments

Hello,

thanks for the reply. This worked like a charm for the grouping of the users.

The user description column unfortunately is still empty inside the web interface.
I tried to create a report-specific description column with column type text (like group is now) and in the valuation tab i used the template %description% but no success in the web interface (Admin Console works).

Do you have any idea for this too?

---

Hello,

As per our check, the report works just fine with the modification you made to the script and the Group custom column type set to Text. The Description column should not be affected. It looks like the behavior occurs because the account whose credentials were used to sign in to Adaxes Web Interface does not have the permissions to see the value of the Description property for the users. To check that, please, try to generate the report in Adaxes Web Interface when signed in with the credentials of the Adaxes service account (specified during Adaxes installation).

If the issue still persists could we, please, review your Adaxes configuration? Please, make a backup of your configuration and email it (support[at]adaxes.com) to us: https://www.adaxes.com/help/?HowDoI.Man ... ation.html.
To not include credentials, please, do not select the Back up credentials checkbox on step 2 of the wizard.