Script Listing User Custom Active Directory field Values

Question

the following script works great to email a table list of ALL users indicating the appropriate value of the customer fields specified. The challenge is the export includes EVERY user in our AD. Is there a way to limit it to only those users that have a value for ANY of the fields requested. IE if everything other than DisplayName were blank - don't include that record in the output table. Thank you!

$email = "<somebody@mii.com>" # TODO: modify me  

$propertyNames = @("DisplayName",“MIIUSDenverProductionSQL”,”MIIUSDenverTestSQL”,”MIITopTeam”,”MIIMSDN”,”MIILabManager”,”MIIADN”,”MIITFS2”,”MIIUSTestTrack”,”MIIUSAegisTestTrack”,”MIINAmericaTestTrack”,”MIIUSRobbinsTestTrack”,”MIIUSEngineOneTestTrack”,”MIIUSTrencoTestTrack”,”MIISapphirePortalTestTrack”,”MIISapphireOEMTestTrack”,”MIIGlobalWebTestTrack”,”MIIUSTestTrackMiTekBAEApplications”,”MIIUSTestTrackMitekPortalsandAccessoryApps”,”MIIUSTestTrackWebandSWE”) # TODO: modify me  

$bodyBuilder = New-Object "System.Text.StringBuilder"  
$bodyBuilder.append("<html><head>") | Out-Null  
$bodyBuilder.append("<meta http-equiv=""Content-Type"" content=""text/html charset=UTF-8""></head>") | Out-Null  
$bodyBuilder.append("<body>") | Out-Null  
$bodyBuilder.append("Rob & Dave: This is an annual security review required by Berkshire Hathaway auditors. Please review the various security areas and those who have been authorized security to these areas. If you wish to modify any of the security options for an individual, please complete a security request appropriately. If you have any questions, please contact Michael Paul; otherwise you do not need to respond. Unless I hear from you, it is expected by default that you have completed the review and made any necessary security changes accordingly within 30 days of receiving this email report. Thank you!") | Out-Null  
$bodyBuilder.append("<table width=""100%%"" border=""1"">") | Out-Null  
$bodyBuilder.append("<tr>") | Out-Null  

foreach ($propertyName in $propertyNames)  
{  
 $bodyBuilder.append("<th>$propertyName</th>") | Out-Null  
}  

$bodyBuilder.append("</tr>") | Out-Null  

# Find all users under the target object  
$searcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher" $NULL, $False  
$searcher.SearchParameters.PageSize = 500  
$searcher.SearchParameters.SearchScope = "ADS\_SCOPE\_SUBTREE"  
$searcher.SearchParameters.BaseObjectPath = $Context.TargetObject.AdsPath  
$searcher.SearchParameters.Filter = "(&(objectCategory=person)(objectClass=user))"  
$searcher.SearchParameters.ReferralChasing = "ADS\_CHASE\_REFERRALS\_NEVER"  
$searcher.SetPropertiesToLoad($propertyNames)  
$searcherResult = $searcher.ExecuteSearch()  

# Iterate through search results and include them into the report  
foreach ($user in $searcherResult.FetchAll())  
{  
 $bodyBuilder.append("<tr>") | Out-Null  
 $resultPropertyCollection = $user.Properties  

 foreach ($propertyName in $propertyNames)  
 {  
 # If the property is not set for the user  
 if (!($resultPropertyCollection.Contains($propertyName)))  
 {  
 $bodyBuilder.append("<td> </td>") | Out-Null  
 continue  
 }  
 # include values for the property in the report  
 $values = ($resultPropertyCollection\[$propertyName\]).Values  

 $bodyBuilder.append("<td>")  
 foreach ($value in $values)  
 {  
 $bodyBuilder.append("$value")  
 }  

 $bodyBuilder.append("</td>")  
 }  
 $bodyBuilder.append("</tr>") | Out-Null  
}  
$searcherResult.Dispose()  

$bodyBuilder.append("</table>") | Out-Null  
$bodyBuilder.append("</body></html>") | Out-Null  

# Send mail  
$Context.SendMail($email, "Annual Required Security Audit: SWE", $null, $bodyBuilder.ToString())

asked Aug 20, 2014 by mpaul (360 points)

1 Answer

Related questions

0 votes

1 answer

How to create a custom pattern whose value can be found by searching the active directory

I want to make a custom field in which you can select a person from the active directory, is this possible? For example, as in the field manager

asked Nov 18, 2022 by Alvares (100 points)

0 votes

1 answer

Find Feature Does not work on custom Active Directory fields

The Advanced Search in the Domain Find(CTRL-F3) function allows you to select a custom Active Directory field(added by IT, not a windows default AD field). When you ... helpful to have a Contains, Does not Contain logical operator in the Find function. Thanks!

asked Oct 11, 2012 by mpaul (360 points)

0 votes

1 answer

Modify user - possible to clear the "thumbnailPhoto" attribute in Active Directory

Hello! Is there a way to clear the AD attribute "thumbnailPhoto" with a checkbox property? I wanted to implement a checkbox in the mask "Modify user" and if the box is checked, clear the attribute. How do I implement this? Much appreciated, Marco

asked Apr 21, 2022 by marco_jandl (60 points)

0 votes

1 answer

Can I manage the user that is user by Adaxes to connect to Active Directory with Privilege Access Management (PAM)?

Can I manage the user that is user by Adaxes to connect to Active Directory with Privilege Access Management (PAM)? Since this user can change user's password, ... would like to manage this user so that PAM can change/rotate the password periodically

asked Nov 18, 2021 by fachmi (170 points)

0 votes

1 answer

What Active Directory rights are needed for the Adaxes service user?

We originally installed Adaxes and assigned the Adaxes Service user to the Domain Admins group. We are now locking down that group and have removed the Adaxes Serivce from ... to do things. What rights does Adaxes Service need in order to administer users?

asked Jul 23, 2021 by cobaltcu (20 points)

Support · Answer 1 · 2014-08-20T09:43:24+0000

Hello again,

Here you are:

$email = "somebody@mii.com" # TODO: modify me

$propertyNames = @("DisplayName","MIIUSDenverProductionSQL","MIIUSDenverTestSQL","MIITopTeam","MIIMSDN","MIILabManager","MIIADN","MIITFS2","MIIUSTestTrack","MIIUSAegisTestTrack","MIINAmericaTestTrack","MIIUSRobbinsTestTrack","MIIUSEngineOneTestTrack","MIIUSTrencoTestTrack","MIISapphirePortalTestTrack","MIISapphireOEMTestTrack","MIIGlobalWebTestTrack","MIIUSTestTrackMiTekBAEApplications","MIIUSTestTrackMitekPortalsandAccessoryApps","MIIUSTestTrackWebandSWE") # TODO: modify me

$bodyBuilder = New-Object "System.Text.StringBuilder"
$bodyBuilder.append("<html><head>") | Out-Null
$bodyBuilder.append("<meta http-equiv=""Content-Type"" content=""text/html charset=UTF-8""></head>") | Out-Null
$bodyBuilder.append("<body>") | Out-Null
$bodyBuilder.append("Rob & Dave: This is an annual security review required by Berkshire Hathaway auditors. Please review the various security areas and those who have been authorized security to these areas. If you wish to modify any of the security options for an individual, please complete a security request appropriately. If you have any questions, please contact Michael Paul; otherwise you do not need to respond. Unless I hear from you, it is expected by default that you have completed the review and made any necessary security changes accordingly within 30 days of receiving this email report. Thank you!") | Out-Null
$bodyBuilder.append("<table width=""100%%"" border=""1"">") | Out-Null
$bodyBuilder.append("<tr>") | Out-Null

foreach ($propertyName in $propertyNames)
{
    $bodyBuilder.append("<th>$propertyName</th>") | Out-Null
}

$bodyBuilder.append("</tr>") | Out-Null

# Find all users under the target object
$searcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher" $NULL, $False
$searcher.SearchParameters.PageSize = 500
$searcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SearchParameters.BaseObjectPath = $Context.TargetObject.AdsPath
$searcher.SearchParameters.Filter = "(&(objectCategory=person)(objectClass=user))"
$searcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.SetPropertiesToLoad($propertyNames)

$searcherResult = $searcher.ExecuteSearch()
$users = $searcherResult.FetchAll()
$searcherResult.Dispose()
# Iterate through search results and include them into the report
foreach ($user in $users)
{
    $bodyBuilder.append("<tr>") | Out-Null
    $resultPropertyCollection = $user.Properties

    # Skip if none of the $propertyNames are set
    if (($resultPropertyCollection.Count -eq 0) -or (($resultPropertyCollection.Count -eq 1) -and ($resultPropertyCollection.Contains("DisplayName"))))
    {
        continue
    }

    foreach ($propertyName in $propertyNames)
    {
        # If the property is not set for the user
        if (!($resultPropertyCollection.Contains($propertyName)))
        {
            $bodyBuilder.append("<td>&nbsp</td>") | Out-Null
            continue
        }
        # include values for the property in the report
        $values = ($resultPropertyCollection[$propertyName]).Values

        $bodyBuilder.append("<td>")
        foreach ($value in $values)
        {
            $bodyBuilder.append("$value")
        }

        $bodyBuilder.append("</td>")
    }
    $bodyBuilder.append("</tr>") | Out-Null
}

$bodyBuilder.append("</table>") | Out-Null
$bodyBuilder.append("</body></html>") | Out-Null

# Send mail
$Context.SendMail($email, "Annual Required Security Audit: SWE", $null, $bodyBuilder.ToString())

Here's the portion of the script that skips a user if none of the properties are set:

    # Skip if none of the $propertyNames are set
    if (($resultPropertyCollection.Count -eq 0) -or (($resultPropertyCollection.Count -eq 1) -and ($resultPropertyCollection.Contains("DisplayName"))))
    {
        continue
    }

Script Listing User Custom Active Directory field Values

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Related questions