We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script repository

Recently deleted users with initiator

November 07, 2024 Views: 616

The script generates a report of recently deleted users with initiator. If a user was deleted outside of Adaxes, the initiator column will be empty. For information on creating reports, see the Create report tutorial.

The report requires a scope. When generating the report, only a domain or Everywhere can be selected to search in.

Parameters:

  • $whenDeletedColumnID - Specifies the identifier of the custom column that will contain the date when a user was deleted. The column should be of the Date/Time type.
  • $initiatorColumnID - Specifies the identifier of the custom column that will contain the user who deleted the corresponding account. The column should be of the Directory object type.
  • $daysParameterName - Specifies the name of the parameter used to determine the period (in days) to retrieve deleted users for. The name should be specified with the param- prefix.
  • $parentToCheckParameterName - Specifies the name of the parameter used to determine the last known OU of the deleted users. The name should be specified with the param- prefix. The parameter must of the Directory object picker type.
Edit Remove
PowerShell
# Custom column identifiers.
$whenDeletedColumnID = "{e148141d-755f-4bc8-bf40-6e5f1cfc44ad}" # TODO: modify me
$initiatorColumnID = "{d69bd562-5ba2-4302-90da-02d27d4bd8a7}" # TODO: modify me
$daysParameterName = "param-days" # TODO: modify me
$parentToCheckParameterName = "param-lastParent" # TODO: modify me

# Get parameter values.
$days = $Context.GetParameterValue($daysParameterName)
$parentDNToCheck = $Context.GetParameterValue($parentToCheckParameterName)

# Build search criteria.
$endDate = Get-Date
$threshold = (Get-Date).AddDays(- $days)
$thresholdGeneralizedTime =
    [Softerra.Adaxes.Utils.Transform]::ToGeneralizedTime($threshold.ToUniversalTime())

$criteria = New-AdmCriteria "User" -Expression {whenChanged -gt $thresholdGeneralizedTime -and isDeleted -eq $true}

# Append the search criteria.
$Context.DirectorySearcher.AddCriteria($criteria)

# Search in deleted objects.
$Context.DirectorySearcher.Tombstone = $True

# Add properties necessary to restore objects.
$Context.DirectorySearcher.SearchParameters.PropertiesToLoad.Add("msDS-LastKnownRDN")
$Context.DirectorySearcher.SearchParameters.PropertiesToLoad.Add("lastKnownParent")
$Context.DirectorySearcher.SearchParameters.PropertiesToLoad.Add("whenChanged")

# Generate the report
try
{
    $searchIterator = $Context.DirectorySearcher.ExecuteSearch()
    while ($Context.MoveNext($searchIterator))
    {
        $searchResult = $searchIterator.Current
        
        $lastKnownParent = $searchResult.GetPropertyByName("lastKnownParent").Values[0]
        if ($parentDNToCheck -ne $NULL -and $lastKnownParent -ne $parentDNToCheck)
        {
            continue
        }
        
        # Get Modification Log for the object.
        $obj = $Context.BindToObjectBySearchResult($searchResult)
        $modificationLog = $obj.GetModificationLog()
        $modificationLog.StartDateTime = $threshold
        $modificationLog.EndDateTime = $endDate
        $log = $modificationLog.Log
        $records = $log.GetPage(0)
        
        # Add log records to the report.
        $noRecords = $True
        foreach ($record in $records)
        {
            if ($Context.Items.Aborted)
            {
                return
            }
            
            $operationTypes = $record.GetOperationTypes()
            if ($operationTypes -notcontains "delete")
            {
                continue
            }
            
            $clonedSearchResult = $searchResult.Clone($False)
            $Context.Items.Add($clonedSearchResult, @{ $initiatorColumnID = $record.Initiator.AdsPath; $whenDeletedColumnID = $record.CompletionTime }, $NULL )
        }
    }
}
finally
{
    # Release resources.
    if ($searchIterator) { $searchIterator.Dispose() }
}
Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers