0 votes

Hello dear ADAXES community,

what i wanted to do is, to have a custom report which does the following:

  • get every group in a specific OU (the OU comes from an adaxes custom attribute)
  • then get all members from every group

my simple trying was to iterate over every group in a given OU with a script like this:

$Groups = Get-ADGroup -Filter * -SearchBase "OU=,OU=,OU=,DC=,DC=,DC="

foreach( $Group in $Groups ){ #looks for members in each group and stores them in Results
    Get-ADGroupMember -Identity $Group | Select distinguishedName | foreach {
        [pscustomobject]@{
            GroupName = $Group.Name
            Name = $_
        }
        $Context.Items.Add($Group.name)
    }
}

is this possible in such a way? thank you for your help

by (200 points)

1 Answer

0 votes
by (3.6k points)

Hello,

There is no need to use scripts. Adaxes has a built-in Members of groups report which does what you are looking for. To include only members of groups from a specific OU, whose Distinguished Name (DN) is stored in a custom attribute of a user generating the report, you need to add a new scope to the report.

For details about report scopes, please take a look at step 3 of this tutorialĀ https://www.adaxes.com/tutorials_ActiveDirectoryManagement_CreateReport.htm.

On step 1 of the New Scope Item wizard, select Objects in a specific AD location. On step 3, select Specific location and enter a value reference to the custom attribute where the DN of the Organizational Unit is stored, for example: scope-item.png If this is not what you are looking for, please describe the desired workflow in all possible details. Screenshots and live examples would be much appreciated.

0

Hello Support4, thank you very much. This is exactly what i searched for!

Just one problem left with the scope in the specific location:

image.png

we already use value references with LDAP filters for the webform. this is dynamically created for every user.

so if a user has rights to one ore more OUs, our script will creaty the "adm-customattributetext10" automatically.

for example: image.png

this works fine in the webform, but not in the report! image.png

DN '(|(distinguishedName=OU=XXX,OU=XXX,OU=XXX,DC=xxx,DC=xxx,DC=xxxt))' is invalid.

is there a way we can use the same ldap search filter for the report?

0

Unfortunately, there is no way to make use of the LDAP filter stored in adm-CustomAttributeText10 to define the report scope. The custom attribute has to contain just the distinguished name of a single OU. As a workaround, you can modify your script which generates the LDAP filter and stores it in adm-CustomAttributeText10 to also store the distinguished name of the OU in another custom attribute. Please note, that this approach will work only if the LDAP filter generated by the script contains the DN of one and only one OU.

If there can be more than one OU a user has rights to, your script should be modified to store the DNs of these OUs in a multi-valued attribute, for example, adm-CustomAttributeTextMultiValue11. In this case, the Members of groups report script also has to be severely modified to accommodate for the fact that it has to look for groups in several OUs.

For us to help you implement the desired workflow, please, post here or send us (support[at]adaxes.com) the script that generates the LDAP filter and stores it in adm-CustomAttributeText10.

Related questions

0 votes
1 answer

Is there a way to get all Exchange Groups and its members in specific OUs? letĀ“s say the it coordinator of a specific OU wants to get a report of all his exchange groups and ... ! I need this for a scheduled report, but i found nothing. can you help me here?

asked Sep 29, 2020 by m_st (200 points)
0 votes
1 answer

I have to do a weekly Inactiviy Report for Accounts that have not logged in for 30 days or more. 1 of the reports is for Internal users BUT there is an Account ... Adaxes and working on the product, and i need to get all my reporting done through Adaxes

asked Nov 14, 2022 by dtorannini (80 points)
0 votes
0 answers

I'd like to implement an architecture whereby all Domain Users can request membership in any domain security group. I'd also like to allow the OU Owners to have ... from their groups without granting them the ability to remove users from all security groups?

asked Mar 25, 2020 by sirslimjim (480 points)
0 votes
1 answer

Is it possible to create a business unit and have it auto populate with group owners in a specific OU. I've tried a few scripts to get propertie adm-managedbylist but none have worked so far.

asked Nov 18 by C27 (20 points)
0 votes
1 answer

Hi there, I've created a Delete User feature in the Web Interface Configurator. I am trying to restrict object selection via a User Criteria. Need to exclude Service ... won't appear when selecting target user for the 'Delete User' feature. Thanks, David

asked Sep 19 by dshortall (80 points)
3,589 questions
3,278 answers
8,303 comments
548,129 users