0 votes

How can I check or run reports on an entire Property Pattern to ensure integrity?

I know I can run a check on an individual property, but this is really inefficient since I have already defined a Property Pattern for a specific object to abide by.

by (120 points)
0

Hello,

This can be done with the help of a PowerShell script. For example, you can use a script that creates a CSV file with all the objects the properties of which do not match Property Patterns. We've asked our script guys to write such a script for and will update you as soon as they come up with something.

1 Answer

0 votes
by (216k points)

Hello,

The script that you can find below creates a CSV file containing all existing AD objects that do not comply with the Property Patterns applied to them. To run the script:

  1. Save the script to a file with the .ps1 extension on the computer where your Adaxes service is installed.

  2. Launch Windows PowerShell. To do this:

    • Press Win+R.
    • Type powershell.exe and press Enter.
  3. In the PowerShell console, navigate to the folder where you saved the script. For example, if you saved it to C:\Scripts, type:

     cd C:\Scripts
  4. Run the script using the following command line:

     .\MyScript.ps1 <CSV file path> <username> <password>

    where

    • MyScript.ps1 - the name of the script file that you've created on step 1,
    • <CSV file path> - full path to the CSV file that will be created by the script,
    • <username>, <password> - credentials that will be used to access Adaxes service. These parameters are optional. If you omit them, credentials of the currently logged on user will be used. The minimum permissions required are the permissions to read all Property Patterns and the permissions to read all objects that you want to check against Property patterns.

The script:

Param([Parameter(Mandatory=$True,Position=1)]$csvFilePath, [Parameter(Mandatory=$False,Position=2)]$username, [Parameter(Mandatory=$False,Position=3)]$password)

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

function ReportRecord($objectDn, $propertyPatternName, $propertyName, $errorText)
{
    Write-Host "Object DN:'$objectDn' Property Pattern:'$propertyPatternName' Property Name:'$propertyName' Error Text:'$errorText'"    
    $reportRecord = new-object PSObject
    $reportRecord | add-member NoteProperty "Object DN" "$objectDn"
    $reportRecord | add-member NoteProperty "Property Pattern" "$propertyPatternName"
    $reportRecord | add-member NoteProperty "Property Name" "$propertyName"
    $reportRecord | add-member NoteProperty "Error Text" "$errorText"
    return $reportRecord
}

$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to the Property Patterns container
$propertyPatternsPath = $admService.Backend.GetConfigurationContainerPath("PropertyPatterns")
$propertyPatternsContainer = $admService.OpenObject($propertyPatternsPath, $username, $password, 0)

# Configure object searcher to search for all objects
$searcher = $admService.OpenObject("Adaxes://rootDSE", $username, $password, 0)
$searcher.SearchFilter = "(objectClass=*)"
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.VirtualRoot = $True
$searchResults = $searcher.ExecuteSearch()

# Get backend server name and port number
$backendServer = $admService.Backend.DnsHostName + ":" + $admService.Backend.PortNumber

$report = @()
While ($searchResults.MoveNext())
{
    # Bind to the AD object
    $object = $admService.OpenObject($searchResults.Current.ADsPath, $username, $password, 0)       

    # Get Distinguished Name
    $objectDN = $object.GetEx("distinguishedName")

    # Get effective Property Patterns
    $propertyPatterns = $propertyPatternsContainer.GetEffectivePropertyPatterns($object)

    foreach ($patternGuidByte in $propertyPatterns)
    {
        # Bind to the Property Pattern
        $patternGuid = New-Object "System.Guid" @(,$patternGuidByte)
        $patternPath = "Adaxes://$backendServer/<GUID=$patternGuid>" 
        $propertyPattern = $admService.OpenObject($patternPath, $username, $password, 0)

        # Get Property Pattern name
        $patternName = $propertyPattern.PatternName

        # Get Property Pattern items
        $patternItems = $propertyPattern.Items
        for ($patternItem = 0; $patternItem -lt $patternItems.Count; $patternItem++)
        {
            $item = $patternItems.GetObject($patternItem)            
            # Get the property name
            $propertyName = $item.PropertyName

            # Get the current value for the property
            $object.GetInfoEx(@($propertyName), $NULL)
            $propertyEntry = $NULL
            try
            {
                $propertyEntry = $object.Item($propertyName)
                $propertyEntry.ControlCode = "ADS_PROPERTY_UPDATE"
            }
            catch [Exception]
            {
                if ($item.IsPropertyRequired)
                {
                    # The object doesn't have a property that's required
                    $errorMessage = "The '$propertyName' property is required"
                    $report += ReportRecord $objectDN $patternName $propertyName $errorMessage
                }
                continue
            }
            # Get constraints for the property
            $constraints = $item.GetConstraints()
            foreach ($constraint in $constraints)
            {          
                $errorMessage = ""
                # Check the the property value against the constraint
                $isValid = $constraint.Check($propertyEntry, $object, [ref]$errorMessage)
                if ( -not $isValid)
                {
                    $report += ReportRecord $objectDN $patternName $propertyName $errorMessage
                }
            } 

        }
    }
}

$searchResults.Dispose()

#Write the report to the csv file
$report | Export-Csv $csvFilePath -NoTypeInformation
Report based on Property Pattern Value

Related questions

0 votes
0 answers

When I upgraded to the 2023 code from 2020.1 One of the issues that I saw was when I updated the UPN, the Logon Name also changed with the name change. This is ... attrutes get set the way we prefer as default but then be able to be changed indepentently?

asked 6 days ago by william.malone (80 points)
0 votes
1 answer

Hi team, I would like to update allowed values of a property pattern and found this script: https://www.adaxes.com/script-repository/add-new-allowed-property-value-to-a- ... multiple new values? I tried already a foreach around it, but not working properly :/

asked Sep 2, 2024 by wintec01 (1.6k points)
0 votes
0 answers

I'm troubleshooting a weird issue with the "Create User" form and the business rules behind it. The error that's being returned is that the "Company" property doesn't ... a hard time understanding why this one value would fail. Thoughts? Thank you, -Todd

asked Jul 10, 2023 by TAE (70 points)
0 votes
1 answer

Hello, We encoutered an issue with Adaxes in default configuration. We are mainly using Adaxes for its REST API, to automate identity lifecycle with our HRIS. We tried to update ... got enforced even on an API REST attribute change? If so how to disable it?

asked Aug 18, 2022 by ygini (240 points)
0 votes
1 answer

Is there an order of precendence for Property Patterns? If I set a property pattern at a level lower than another property pattern is set what happens? Will one work and the other won't?

asked Aug 18, 2020 by ComputerHabit (790 points)
3,606 questions
3,293 answers
8,343 comments
548,458 users