0 votes

This is what I need to accomplish. Day one, I perform an export of the following four attributes for all Users in AD - DN, employeeID, telephoneNumber, location. Day 2, I want to export the same four attributes, but for only the records in which one of them has changed. It possible to achieve this using a scheduled task?

by (270 points)
0

Hello,

Yes, something like this is possible. For this purpose, you can make use of Adaxes virtual attributes. Such attributes are not stored in Active Directory, but can be used the same as any other attributes of AD objects.

Thus, on Day 1, the Scheduled Task will export the values of the required properties and will also save them to a certain virtual attribute of each user. For example, you can use a multivalued attribute, like CustomAttributeTextMultiValue1, and save the proeprties in the following format:

Value 1: DN: <DN_Value>
Value 2: employeeID: <employeeID_Value>

...

On Day 2, the task will compare the current values to the values stored in the virtual attribute and export only those ones that have changed. Also, the Task will update the virtual attribute, if necessary.

To achieve this, the task will need to run a PowerShell script.

If you are OK with such a solution, we can provide you the necessary script. What should be the export format? Will a CSV files be OK (1 CSV file for each user)?

0

Ahhh! I wasn't aware that the Custom Attributes are virtual. This is wonderful! It WILL work for one of the exports I need to do, I have several.

CSV is what we'll be using, but only one CSV should be generated by a scheduled task which runs with the domain or business unit as its activity scope. We will have various scheduled tasks running daily, but each will produce a separate file (Task1...csv1, Task2...csv2, etc).

For another of the exports, what I can do to achieve the results I want is, as part of the processing for the data about which I want to capture changes, I'll assign a custom attribute as the container for a flag so that whenever Field A is modified, I also set a flag in the custom attribute field (I'll abbreviate as 'CA_a') as well. Then I would query for that flag and if the flag is set, export the attributes. I would just need to clear the flag after exporting it so it wouldn't export thereafter.

Another one is a little more involved. If Field B is modified, then custom attribute B (I'll abbreviate as 'CA_b') has a modification timestamp noting when Field B was modified. This scheduled task should query all Users who've been modified since last run or within a specified timeframe - last 24 hours or, say, last 2 days. For each result if CA_b's timestamp is within range of specified timeframe (see bold above), export the selected attributes to the CSV.
So here's what should happen...when it runs on day 1, if CA_b for Users 1, 2 & 4 is timestamped, the CSV will contain the select attributes for the three Users. If on day 2 the query finds Users 2, 5 & 7 have been modified but only the timestamp in CA_b for Users 5 & 6 is within the specified time range, the CSV will contain the select attributes for Users 5 & 6 (not 2).

Hope that helps clarify what I'm trying to accomplish.

1 Answer

0 votes
by (216k points)

Hello,

I'll assign a custom attribute as the container for a flag so that whenever Field A is modified, I also set a flag in the custom attribute field (I'll abbreviate as 'CA_a') as well. Then I would query for that flag and if the flag is set, export the attributes. I would just need to clear the flag after exporting it so it wouldn't export thereafter.

Do you need our help in implementing this or will you cope yourself?

Another one is a little more involved. If Field B is modified, then custom attribute B (I'll abbreviate as 'CA_b') has a modification timestamp noting when Field B was modified. This scheduled task should query all Users who've been modified since last run or within a specified timeframe - last 24 hours or, say, last 2 days. For each result if CA_b's timestamp is within range of specified timeframe (see bold above), export the selected attributes to the CSV.

This is also possible. Among Adaxes virtual attributes, you can find attributes for storing date/time values, e,g, CustomAttributeDate1. You can use them for storing the timestamp.

For example, a Business Rule as follows triggered after updating a user will store the date and time when the Description property was last changed in the CustomAttributeDate1 property:

In your Scheduled Task that creates the CSV export, you can compare the date/time stored in the CustomAttributeDate1 property to the current date and time.

0

You asked...

Do you need our help in implementing this or will you cope yourself?

I should be able to manage this piece.

What I do need help with is...
Where do I find documentation about customizing the custom attribute names? I assume we can only modify the 'friendly name' (I found that documentation). and not the actual stored attribute name 'CustomAttributeText1'. If it's possible to modify the stored attribute name, please direct me to that documentation.

0

Hello,

Every Adaxes virtual attribute has a LDAP display name (e.g. adm-CustomAttributeText1) and the default name under which it appears in Adaxes (e.g. CustomAttributeText1). The LDAP display name is defined in the schema of the ADAM or AD LDS instance that is used as Adaxes backend. It cannot be simply changed because it is referenced everywhere in Adaxes code.

What you can change is the name under which a virtual property appears in Adaxes. Actually, it should be sufficient, because you only need to use the LDAP display name when writing scripts or doing certain configuration tasks in Adaxes. Most of your users will see only this name, and not the LDAP display name. For information on how to change it, see Customizing Display Names for AD Properties.

0

I understand the limitation, I was hoping to make it easier for those of us writing code for the interfaces to be able to make the code more readable. I guess we'll have to be sure everyone comments their code well.

0

Hello,

Currently, this is impossible. By the way, in the future, we are planning to provide the possibility of adding your own virtual attributes. When implementing this feature, we'll think on how to take your request into account.

Related questions

0 votes
1 answer

We're needing to add some input masking for values. One such value is a date that must be in the format "YYYY-MM-DD HH:MM:SS" and a phone number that must be "(000) ... 't find one. Any ideas? I appologize if this is already somewhere but I couldn't find it.

asked Mar 15, 2021 by jordan (110 points)
0 votes
1 answer

Is there a way to set this setting to show then end user multiple OUs?

asked May 4, 2023 by mightycabal (1.0k points)
0 votes
1 answer

In order to create an Entra, cloud only account, is the only requirement to connect Adaxes to my Entra domain so that Adaxes can manage it?

asked Sep 6 by cewilson (190 points)
0 votes
1 answer

Hi: I am trying to create a business rule that will stop a value change based on the existing value. For example, if the telephonenumber is 1234 for a group and has to ... the value it uses is the incoming value of the change, not the existing value. Thanks!

asked Jun 3, 2022 by crobitaille (80 points)
0 votes
1 answer

Hi, I try to make a report for our SAM to show all users with a specific license. But I fail to even find anything. I tried, among many ... .DirectorySearcher.AppendFilter("(adm-O365AccountLicenses=POWER_BI_STANDARD)") But I get nothing. Please advice.

asked May 20, 2021 by KristofferJ (80 points)
3,588 questions
3,277 answers
8,303 comments
548,082 users