We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script repository

Deny all pending requests initiated by a user or scheduled task

September 24, 2021 Views: 825

The script denies all pending requests initiated by a specific user or scheduled task. The script should be executed in Windows PowerShell on the computer where Adaxes service is installed. When prompted, specify the credentials of the Adaxes service account.

In the script, the $requestorDN variable specifies the distinguished name (DN) of a user or scheduled task that initiated the requests to be denied. For information on how to get the DN, see Get the DN of a directory object.

Edit Remove
PowerShell
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$requestorDN = "CN=MyTask,CN=Scheduled Tasks,CN=Configuration Objects,CN=Adaxes Configuration,CN=Adaxes" # TODO: modify me

# Prompt for credentials.
$credential = Get-Credential

# Connect to the Adaxes service
$admNS = New-Object("Softerra.Adaxes.Adsi.AdmNamespace")
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to the 'Approval Requests' container
$containerPath = $admService.Backend.GetConfigurationContainerPath(
    "ApprovalRequests")
$container = $admService.OpenObject($containerPath.ToString(),
    $credential.UserName, $credential.GetNetworkCredential().Password, 0)

# Get all pending approval requests
$requests = $container.GetApprovalRequests("ADM_APPROVALSTATE_PENDING")

# Get requestor GUID
$requestor = $admService.OpenObject("Adaxes://$requestorDN",
    $credential.UserName, $credential.GetNetworkCredential().Password, 0)
$requestorToCheckGuid = [Guid]$requestor.Get("objectGUID")

# Deny the requests
foreach ($requestID in $requests)
{
    # Bind to the approval request
    $guid = New-Object "System.Guid" (,$requestID)
    $guid = $guid.ToString("B")
    $requestPath = "Adaxes://<GUID=$guid>"
    $request = $admService.OpenObject($requestPath, $credential.UserName, $credential.GetNetworkCredential().Password, 0)
    $requestorGuid = [Guid]$request.Get("adm-ApprovalRequestorGuid")

    if ($requestorGuid -eq $requestorToCheckGuid)
    {
        # Deny the request
        $request.Deny("The request is denied")
    }
}
Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers