0 votes

I know I got this code to check for a unique email address from you guys, just can't find where

Import-Module Adaxes

if ($Context.IsPropertyModified("mail"))
{
    $value = $Context.GetModifiedPropertyValue("mail");

    if ((Get-AdmUser -filter 'mail -eq $value') -ne $NULL)
    {
        $Context.Cancel("Email address is already in use.  Please verify that account is not being duplicated");
        return;
    }

}

Does get-AdmUser check through the multiple domains that are set up in Adaxes? When I run get-AdmUser via powershell with a filter on something that I know is in multiple domains, I only get one. If it only checks the one, is there a way to have it check all the targeted type of objects under Adaxes' purview?

Thanks again for the help!!!

by (1.2k points)

1 Answer

0 votes
by (216k points)

Hello,

The Get-AdmUser cmdlet can search in one domain only. By default, this is the current domain. You can force a search in another domain that is not the current domain by specifying the -Server parameter.

If you want to perform a search in all domains managed by Adaxes, you need to use Adaxes ADSI provider, in particular, the IAdmDirectorySearcher interface. If you want, we can modify the script to search in all domains managed by Adaxes.

0

I would really appreciate that. We are going to be needing to use this script in our environment to check for unique email addresses and samaccountnames. Any help and advise on this is greatly appreciated

edit** Let me add one more thing. In one of the domains, we have a business rule for after the user is created that looks at the company name and creates a email address with the firstname.lastname@dependingoncompanyname.com. What will the effect of $Context.Cancel line on the business rule. I like the effect the user has via the webpage, but want to know how the rule will react and if there is some advise to that.

Thanks

0

Hello,

Here's the modified version of the script that should do the job:

if ($Context.IsPropertyModified("mail"))
{
    # Get Email address
    $mail = $Context.GetModifiedPropertyValue("mail");

    # Check whether the email address is empty
    if ([System.String]::IsNullOrEmpty($mail))
    {
        return
    }

    # Search all users 
    $searcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher" $NULL, $False
    $searcher.SearchParameters.PageSize = 500
    $searcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.SearchParameters.Filter = "(&(objectCategory=user)(mail=$mail))"
    $searcher.VirtualRoot = $True

    $result = $searcher.ExecuteSearch()
    $users = $result.FetchAll()
    $result.Dispose()

    # Check if the Email address is unique
    if($users.Count -ne 0)
    {
        $Context.Cancel("Email address is already in use. Please verify that account is not being duplicated");
    }
}

As to checking for unique SAMAccountNames, take a look at Example 2 in step 5 of the Validate/Modify User Input Using a Script Tutorial. It contains an example on how you can handle the task.

As to the effect of the $Context.Cancel line on a Business Rule that is triggered after user creation, the Business Rule will not be triggered. The Rule is set to be executed after user creation, and since $Context.Cancel cancels user creation, the event that should trigger the Rule will not occur.

Related questions

0 votes
1 answer

Hi According to your SDK for Get-AdmUser, you can use criteria for filtering if the adaxes service is specified, can you please give an example of how this is done? I've tried ... is ObjectTypes {user} but I can't find a way to expand the results. Thanks Matt

asked Aug 10, 2023 by chappers77 (2.0k points)
0 votes
1 answer

Hello, How it works if I have multiple accounts in one domain, and other accounts in others domains managed by Adaxes ? Thank you. Regards. Pierre

asked Jun 9, 2021 by pierre.saucourt (40 points)
0 votes
1 answer

This is the logic I ham useing. $criteria = New-AdmCriteria -Type "User" -Expression {customAttributeBoolean6 -eq $true} $usersC = Get-AdmUser -Filter $criteria -properties * - ... there a better way to get the list of users into this variable? error;

asked Dec 14, 2023 by mightycabal (1.0k points)
0 votes
1 answer

I am getting the following error... The type initializer for 'System.Management.Automation.PSCredential' threw an exception. The term 'Get-AdmUser' is not recognized as the ... working for months and then suddenly... BOOM! They started throwing this error.

asked Sep 2, 2016 by rmedeiros (380 points)
0 votes
1 answer

Hi, I know there probably better places for this question but since I need to use Get-AdmUser I was wondering if you could help me build a Filter to find all ... automatically send a report every month but we need to narrow it down Thanks in advance Ingemar

asked Sep 15, 2015 by ijacob (960 points)
3,548 questions
3,238 answers
8,232 comments
547,814 users