We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script repository

Password self-service enrollment statistics

March 22, 2023 Views: 579

The script generates a report containing Password self-service enrollment statistics. For information on creating reports, see the Create report tutorial.

Parameters:

  • $reportTypeParameterName - Specifies the name of the parameter identifying the type of report. The name should be specified with the param- prefix. Possible parameter values: Enrolled, Not enrolled or All users.
  • $enrolledColumnID - Specifies the identifier of the custom column that will contain user enrollment status. If enrolled, the column will also contain the name of the corresponding Password self-service policy. The column should be of Text type.
  • $effectivePolicyColumnID - Specifies the identifier of the custom column that will contain the name of the Password self-service policy effective for the user. The column should be of Text type.
  • $eventDateColumnID - Specifies the identifier of the custom column that will contain the date when the user was enrolled for Password self-service. The column should be of Date/time type.
  • $enrollmentInvitationColumnID - Specifies the identifier of the custom column that will contain the date when enrollment notification was sent to the user. The column should be of Date/time type.
  • To get the identifier of a custom column:
    1. In the Report-specific columns section, on the Columns tab, right-click the custom column.
    2. In the context menu, navigate to Copy and click Column ID.
    3. The column identifier will be copied to clipboard.
Edit Remove
PowerShell
$reportTypeParameterName = "param-ReportType" # TODO modify me
$enrolledColumnID = "{3ab5f68f-1643-433f-bdad-8458627afb71}" # TODO modify me
$effectivePolicyColumnID = "{dd53cbea-9dec-42dc-9e24-ec5ba3d63920}" # TODO modify me
$eventDateColumnID = "{b78319b3-adf1-4e7a-ae5b-52b79d609f16}" # TODO modify me
$enrollmentInvitationColumnID = "{1e16bd43-032a-4f49-a0f9-b3a9d93275ca}" # TODO modify me

# Get paramter values
$reportType = $Context.GetParameterValue($reportTypeParameterName)

# Bind to the 'Password Self-Service Statistics' container
$passwordSelfServiceStatisticsPath = $Context.GetWellKnownContainerPath("PasswordSelfServiceStatistics")
$passwordSelfServiceStatistics = $Context.BindToObject($passwordSelfServiceStatisticsPath)

# Get the enrollment report
$reportIsBeingGenerated = $True
do
{
    try
    {
        $report = $passwordSelfServiceStatistics.GetReport("ADM_PSSREPORTTYPE_ENROLLMENT")
    }
    catch [System.Runtime.InteropServices.COMException]
    {
        if ($_.Exception.ErrorCode -eq "-2147024875")
        {
            # Report is being generated. Wait 10 seconds
            Start-Sleep -Seconds 10
            continue
        }
        else
        {
            $reportIsBeingGenerated = $False
            $Context.LogMessage($_.Exception.Message, "Error")
            return
        }
    }
    
    if ($report.GenerateDate -lt [System.Datetime]::UtcNow.AddHours(-1))
    {
        $passwordSelfServiceStatistics.ResetReportCache("ADM_PSSREPORTTYPE_ENROLLMENT")
    }
    else
    {
        $reportIsBeingGenerated = $False
    }
}
while ($reportIsBeingGenerated)

# Build the report
$reportRecords = New-Object System.Collections.ArrayList
$records = $report.Records
for ($i = 0; $i -lt $records.Count; $i++)
{
    if ($Context.Items.Aborted)
    {
        return
    }
    
    $record = $records.GetRecord($i)
    
    # Get user information
    $userPath = $NULL
    $userDisplayName = $NULL
    $userParentCanonicalName = $NULL
    $userAccountIsEnabled = $NULL
    $userIsEnrolled = $NULL
    $userAccountIsExpired = $NULL
    $userInfo = $record.GetUserInfo([ref]$userPath, [ref]$userDisplayName, [ref]$userParentCanonicalName, 
        [ref]$userAccountIsEnabled, [ref]$userIsEnrolled, [ref]$userAccountIsExpired)
    
    if (($reportType -eq "Enrolled" -and !$userIsEnrolled) -or 
        ($reportType -eq "Not enrolled" -and $userIsEnrolled))
    {
        continue
    }
    
    # Get event date
    $eventDate = $record.EventDate
    if ($eventDate -eq [DateTime]::MinValue)
    {
        $eventDate = $NULL
    }
    
    # Get policy information
    $policyPath = $NULL
    $policyName = $NULL
    $policyInfo = $record.GetEnrollmentPolicyInfo([ref]$policyPath, [ref]$policyName)
    
    if ($userIsEnrolled)
    {
        $userIsEnrolled = "Yes ($policyName)"
    }
    else
    {
        $userIsEnrolled = "No"
    }
    
    # Get invitation info
    $successSendDate = New-Object System.Datetime 0
    $errorMessage = $NULL
    $record.GetSendInvitationInfo([ref]$successSendDate, [ref]$errorMessage)
    if ([System.String]::IsNullOrEmpty($errorMessage) -and $successSendDate -ne [Datetime]::MinValue)
    {
        $enrollmentInvitation = $successSendDate
    }
    else
    {
        $enrollmentInvitation = $errorMessage
    }
    
    # Get effective policy information
    $effectivePolicyPath = $NULL
    $effectivePolicyName = $NULL
    $record.GetEffectivePolicyInfo([ref]$effectivePolicyPath, [ref]$effectivePolicyName)
    
    # Add information to the report
    $user = $Context.BindToObject($userPath)
    $columnValues = @{
        $enrolledColumnID = $userIsEnrolled
        $effectivePolicyColumnID = $effectivePolicyName
        $eventDateColumnID = $eventDate
        $enrollmentInvitationColumnID = $enrollmentInvitation
    }
    
    $Context.Items.Add($user, $columnValues, $NULL)
}
Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers