Hello,
Yes, it's possible. For this purpose, you'll need to create 2 Business Rules. One of the Business Rules will be triggered before updating the property, and the other one will be triggered after updating it.
The Business Rule triggered before the update will back up the values for the property you want to track to another multivalued property. For example, if you want to track changes in CustomAttributeTextMultiValue1, the Business Rule will back up the values of the property in CustomAttributeTextMultiValue10.
The Business Rule triggered after the update will compare the current values of the property (after the update) to the old values stored in the backup property, and will send the difference via mail.
To implement the above solution:
I. Business Rule for Current State Back Up
To create a Business Rule that backs up the current state of the property before the update:
-
Create a new Business Rule.
-
On the 2nd step of the Create Business Rule wizard, select User and Before Updating a User.
-
On the 3rd step, add the Run a program or PowerShell script action and paste the following script in the Script field:
$propertyToCheck = "adm-CustomAttributeTextMultiValue1" # TODO: modify me
$backupProperty = "adm-CustomAttributeTextMultiValue10" # TODO: modify me
if ($Context.IsPropertyModified($propertyToCheck))
{
# Get the current values
try
{
$values = $Context.TargetObject.GetEx($propertyToCheck)
}
catch
{
return # The property is empty
}
# Update the backup property with the current values
$Context.TargetObject.PutEx("ADS_PROPERTY_UPDATE", $backupProperty, $values)
# Save changes
$Context.TargetObject.SetInfo()
}
-
In the script, modify the following to match your requirements:
- $propertyToCheck - specifies the LDAP name of the property, changes in which you want to track,
- $backupProperty - specifies the LDAP name of the property that will be used for backing up the state of $propertyToCheck before the update.
-
Enter a short description for the script and click OK.
-
Now, you need to configure the Business Rule to be triggered only when $propertyToCheck is updated. For this purpose, you need to add a condition. Double-click Always.
-
Select the If <property> changed condition type.
-
Specify If CustomAttributeTextMultiValue1 has changed, where CustomAttributeTextMultiValue1 is the name of the property, changes in which you want to track.
-
Click OK and finish creation of the Business Rule.
II. Business Rule for Reporting
To create a Business Rule that reports changes in the property after the update:
-
Create a new Business Rule.
-
On the 2nd step of the Create Business Rule wizard, select User and After Updating a User.
-
On the 3rd step, add the Run a program or PowerShell script action and paste the following script in the Script field:
$propertyToCheck = "adm-CustomAttributeTextMultiValue1" # TODO: modify me
$backupProperty = "adm-CustomAttributeTextMultiValue10" # TODO: modify me
$to = "recipient@domain.com" # TODO: modify me
$subject = "Changes in property '$propertyToCheck' for '%fullname%'" # TODO: modify me
$htmlReportHeader = "<h2><b>Changes in property '$propertyToCheck' for '%fullname%':</b></h2><br/>" # TODO: modify me
$htmlReportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me
if (!($Context.IsPropertyModified($propertyToCheck)))
{
return
}
# Get the current values
try
{
$currentValues = $Context.TargetObject.GetEx($propertyToCheck)
}
catch
{
$currentValues = @()
}
$values = New-Object "System.Collections.Generic.HashSet[System.String]"
foreach ($value in $currentValues)
{
$values.Add($value) | Out-Null
}
# Get saved values
try
{
$savedValues = $Context.TargetObject.GetEx($backupProperty)
}
catch
{
if ($values.Count -eq 0)
{
return # No current or saved values
}
$savedValues = @() # The property was empty before the update
}
$removedValues = @()
foreach ($savedValue in $savedValues)
{
if ($values.Remove($savedValue))
{
continue
}
$removedValues += $savedValue
}
if (($values.Count -eq 0) -and ($removedValues.Length -eq 0))
{
return # No new or removed values
}
# Include the values that were added into the report
$addedValuesList = "<b>The following values have been added:</b><br /><ol>"
foreach ($value in $values)
{
$addedValuesList += "<li>$value</li>"
}
$addedValuesList += "</ol>"
# Include the values that were removed into the report
$removedValuesList = "<b>The following values have been removed:</b><br /><ol>"
foreach ($removedValue in $removedValues)
{
$removedValuesList += "<li>$removedValue</li>"
}
$removedValuesList += "</ol>"
# Build the report
$htmlReport = $htmlReportHeader + $addedValuesList + $removedValuesList + $htmlReportFooter
# Send mail
$Context.SendMail($to, $subject, $NULL, $htmlReport)
# Clear backup property
$Context.TargetObject.PutEx("ADS_PROPERTY_CLEAR", $backupProperty, $NULL)
$Context.TargetObject.SetInfo()
-
In the script, modify the following to match your requirements:
- $propertyToCheck - specifies the LDAP name of the property, changes in which you want to track,
- $backupProperty - specifies the LDAP name of the property that is used for backing up the state of $propertyToCheck before the update,
- $to - specifies the recipient of the e-mail notifications,
- $subject - specifies the subject of the e-mail notifications,
- $htmlReportHeader - specifies the report header,
- $htmlReportFooter - specifies the report footer.
-
Enter a short description for the script and click OK.
-
Now, you need to configure the Business Rule to be triggered only when $propertyToCheck is updated. For this purpose, you need to add a condition. Right-click the action that you've just added and click Add Condition.
-
Select the If <property> changed condition type.
-
Specify If CustomAttributeTextMultiValue1 has changed, where CustomAttributeTextMultiValue1 is the name of the property, changes in which you want to track.
-
Click OK and finish creation of the Business Rule.