Password self-service enrollment statistics

The script generates a report containing Password self-service enrollment statistics. For information on creating reports, see the Create report tutorial.

Parameters:

$reportTypeParameterName - Specifies the name of the parameter identifying the type of report. The name should be specified with the param- prefix. Possible parameter values: Enrolled, Not enrolled or All users.
$enrolledColumnID - Specifies the identifier of the custom column that will contain user enrollment status. If enrolled, the column will also contain the name of the corresponding Password self-service policy. The column should be of Text type.
$effectivePolicyColumnID - Specifies the identifier of the custom column that will contain the name of the Password self-service policy effective for the user. The column should be of Text type.
$eventDateColumnID - Specifies the identifier of the custom column that will contain the date when the user was enrolled for Password self-service. The column should be of Date/time type.
$enrollmentInvitationColumnID - Specifies the identifier of the custom column that will contain the date when enrollment notification was sent to the user. The column should be of Date/time type.
To get the identifier of a custom column:
1. In the Report-specific columns section, on the Columns tab, right-click the custom column.
2. In the context menu, navigate to Copy and click Column ID.
3. The column identifier will be copied to clipboard.

Edit Remove

PowerShell

$reportTypeParameterName = "param-ReportType" # TODO modify me
$enrolledColumnID = "{3ab5f68f-1643-433f-bdad-8458627afb71}" # TODO modify me
$effectivePolicyColumnID = "{dd53cbea-9dec-42dc-9e24-ec5ba3d63920}" # TODO modify me
$eventDateColumnID = "{b78319b3-adf1-4e7a-ae5b-52b79d609f16}" # TODO modify me
$enrollmentInvitationColumnID = "{1e16bd43-032a-4f49-a0f9-b3a9d93275ca}" # TODO modify me

# Get paramter values
$reportType = $Context.GetParameterValue($reportTypeParameterName)

# Bind to the 'Password Self-Service Statistics' container
$passwordSelfServiceStatisticsPath = $Context.GetWellKnownContainerPath("PasswordSelfServiceStatistics")
$passwordSelfServiceStatistics = $Context.BindToObject($passwordSelfServiceStatisticsPath)

# Get the enrollment report
$reportIsBeingGenerated = $True
do
{
    try
    {
        $report = $passwordSelfServiceStatistics.GetReport("ADM_PSSREPORTTYPE_ENROLLMENT")
    }
    catch [System.Runtime.InteropServices.COMException]
    {
        if ($_.Exception.ErrorCode -eq "-2147024875")
        {
            # Report is being generated. Wait 10 seconds
            Start-Sleep -Seconds 10
            continue
        }
        else
        {
            $reportIsBeingGenerated = $False
            $Context.LogMessage($_.Exception.Message, "Error")
            return
        }
    }
    
    if ($report.GenerateDate -lt [System.Datetime]::UtcNow.AddHours(-1))
    {
        $passwordSelfServiceStatistics.ResetReportCache("ADM_PSSREPORTTYPE_ENROLLMENT")
    }
    else
    {
        $reportIsBeingGenerated = $False
    }
}
while ($reportIsBeingGenerated)

# Build the report
$reportRecords = New-Object System.Collections.ArrayList
$records = $report.Records
for ($i = 0; $i -lt $records.Count; $i++)
{
    if ($Context.Items.Aborted)
    {
        return
    }
    
    $record = $records.GetRecord($i)
    
    # Get user information
    $userPath = $NULL
    $userDisplayName = $NULL
    $userParentCanonicalName = $NULL
    $userAccountIsEnabled = $NULL
    $userIsEnrolled = $NULL
    $userAccountIsExpired = $NULL
    $userInfo = $record.GetUserInfo([ref]$userPath, [ref]$userDisplayName, [ref]$userParentCanonicalName, 
        [ref]$userAccountIsEnabled, [ref]$userIsEnrolled, [ref]$userAccountIsExpired)
    
    if (($reportType -eq "Enrolled" -and !$userIsEnrolled) -or 
        ($reportType -eq "Not enrolled" -and $userIsEnrolled))
    {
        continue
    }
    
    # Get event date
    $eventDate = $record.EventDate
    if ($eventDate -eq [DateTime]::MinValue)
    {
        $eventDate = $NULL
    }
    
    # Get policy information
    $policyPath = $NULL
    $policyName = $NULL
    $policyInfo = $record.GetEnrollmentPolicyInfo([ref]$policyPath, [ref]$policyName)
    
    if ($userIsEnrolled)
    {
        $userIsEnrolled = "Yes ($policyName)"
    }
    else
    {
        $userIsEnrolled = "No"
    }
    
    # Get invitation info
    $successSendDate = New-Object System.Datetime 0
    $errorMessage = $NULL
    $record.GetSendInvitationInfo([ref]$successSendDate, [ref]$errorMessage)
    if ([System.String]::IsNullOrEmpty($errorMessage) -and $successSendDate -ne [Datetime]::MinValue)
    {
        $enrollmentInvitation = $successSendDate
    }
    else
    {
        $enrollmentInvitation = $errorMessage
    }
    
    # Get effective policy information
    $effectivePolicyPath = $NULL
    $effectivePolicyName = $NULL
    $record.GetEffectivePolicyInfo([ref]$effectivePolicyPath, [ref]$effectivePolicyName)
    
    # Add information to the report
    $user = $Context.BindToObject($userPath)
    $columnValues = @{
        $enrolledColumnID = $userIsEnrolled
        $effectivePolicyColumnID = $effectivePolicyName
        $eventDateColumnID = $eventDate
        $enrollmentInvitationColumnID = $enrollmentInvitation
    }
    
    $Context.Items.Add($user, $columnValues, $NULL)
}

Script repository

Parameters:

Got questions?