The script removes all the Add to group and Remove from group actions that do not have a group specified from all custom commands, business rules and scheduled tasks. Such situations can happen if the group specified in an action was removed. The script also sends an email notification containing a record like the following for each removed action if at least one action was removed:
Removed action with blank group from Deprovision Custom Command
To run the script, create a scheduled task configured for the Domain-DNS object type and add a managed domain to the Activity Scope of the task.
Parameters:
- $to - Specifies the email address to which the script will send the notification.
- $subject - Specifies the subject of the email notification.
PowerShell
# Email settings
$to = "recipient@domain.com" # TODO: modify me
$subject = "Report" # TODO: modify me
function SearchObjects($path, $objectType)
{
# Search parameters
$searcher = $Context.BindToObject($path)
$searcher.Criteria = New-AdmCriteria $objectType
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
try
{
# Execute search
$searchResultIterator = $searcher.ExecuteSearch()
$searchResults = $searchResultIterator.FetchAll()
return ,$searchResults
}
finally
{
# Release resources
if ($searchResultIterator){ $searchResultIterator.Dispose() }
}
}
# A hashtable with types of configuration objects and their aliases.
$configurationObjectInfos = @{
"BusinessRules" = "adm-BusinessRule", "Business Rule";
"CustomCommands" = "adm-CustomCommand", "Custom Command";
"ScheduledTasks" = "adm-ScheduledTask", "Scheduled Task";}
$report = New-Object "System.Text.StringBuilder"
foreach ($alias in $configurationObjectInfos.Keys)
{
$configurationContainerPath = $Context.GetWellKnownContainerPath($alias)
$objectType = $configurationObjectInfos[$alias][0]
$objectTypeDisplayName = $configurationObjectInfos[$alias][1]
$searchresults = SearchObjects $configurationContainerPath $objectType
# Search actions for the specified string.
foreach ($searchresult in $searchresults)
{
# Bind to the business rule, custom command or scheduled task.
$object = $Context.BindToObject($searchresult.AdsPath)
$objectName = $object.Get("Name")
# Perform search actions.
for ($i = $object.ConditionedActions.Count - 1; $i -ge 0; $i--)
{
# Check actions
$actionsAndConditionsSet = $object.ConditionedActions.GetObject($i)
for ($j = $actionsAndConditionsSet.Actions.Count - 1; $j -ge 0; $j--)
{
$action = $actionsAndConditionsSet.Actions.GetObject($j)
if ($action.Class -ne "adm-ChangeGroupMembershipAction")
{
continue
}
$actionObject = $action.GetAction()
if (![System.String]::IsNullOrEmpty($actionObject.GroupDnTemplate))
{
continue
}
$groupGuid = [Guid]$action.Get("adm-GroupGuid")
try
{
$group = $Context.BindToObject("Adaxes://<Guid=$groupGuid>")
}
catch
{
# Remove action
$actionsAndConditionsSet.Actions.Remove($action)
[void]$report.AppendLine("Removed action with blank group from $objectName $objectTypeDisplayName")
}
}
if ($actionsAndConditionsSet.Actions.Count -eq 0)
{
$object.ConditionedActions.Remove($actionsAndConditionsSet)
}
}
}
}
# No actions foound, exit.
if ($report.Length -eq 0)
{
return
}
# Send mail
$Context.SendMail($to, $subject, $report.ToString(), $NULL)