We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script repository

Remove actions with empty groups from custom commands, business rules and scheduled tasks

September 05, 2023 Views: 1304

The script removes all the Add to group and Remove from group actions that do not have a group specified from all custom commands, business rules and scheduled tasks. Such situations can happen if the group specified in an action was removed. The script also sends an email notification containing a record like the following for each removed action if at least one action was removed:

Removed action with blank group from Deprovision Custom Command

To run the script, create a scheduled task configured for the Domain-DNS object type and add a managed domain to the Activity Scope of the task.

Parameters:

  • $to - Specifies the email address to which the script will send the notification.
  • $subject - Specifies the subject of the email notification.
Edit Remove
PowerShell
# Email settings
$to = "recipient@domain.com" # TODO: modify me
$subject = "Report" # TODO: modify me

function SearchObjects($path, $objectType)
{
    # Search parameters
    $searcher = $Context.BindToObject($path)
    $searcher.Criteria = New-AdmCriteria $objectType
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"

    try
    {
        # Execute search
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()
        
        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

# A hashtable with types of configuration objects and their aliases.
$configurationObjectInfos = @{
    "BusinessRules" = "adm-BusinessRule", "Business Rule";
    "CustomCommands" = "adm-CustomCommand", "Custom Command";
    "ScheduledTasks" = "adm-ScheduledTask", "Scheduled Task";}

$report = New-Object "System.Text.StringBuilder"
foreach ($alias in $configurationObjectInfos.Keys)
{
    $configurationContainerPath = $Context.GetWellKnownContainerPath($alias)
    $objectType = $configurationObjectInfos[$alias][0]
    $objectTypeDisplayName = $configurationObjectInfos[$alias][1]
    $searchresults = SearchObjects $configurationContainerPath $objectType
    
    # Search actions for the specified string.
    foreach ($searchresult in $searchresults)
    {
        # Bind to the business rule, custom command or scheduled task.
        $object = $Context.BindToObject($searchresult.AdsPath)
        $objectName = $object.Get("Name")
        
        # Perform search actions.
        for ($i = $object.ConditionedActions.Count - 1; $i -ge 0; $i--)
        {
            # Check actions
            $actionsAndConditionsSet = $object.ConditionedActions.GetObject($i)
            for ($j = $actionsAndConditionsSet.Actions.Count - 1; $j -ge 0; $j--)
            {
                $action = $actionsAndConditionsSet.Actions.GetObject($j)
                if ($action.Class -ne "adm-ChangeGroupMembershipAction")
                {
                    continue
                }
                    
                $actionObject = $action.GetAction()
                if (![System.String]::IsNullOrEmpty($actionObject.GroupDnTemplate))
                {
                    continue
                }
                
                $groupGuid = [Guid]$action.Get("adm-GroupGuid")
                try
                {
                    $group = $Context.BindToObject("Adaxes://<Guid=$groupGuid>")
                }
                catch
                {
                    # Remove action
                    $actionsAndConditionsSet.Actions.Remove($action)
                    [void]$report.AppendLine("Removed action with blank group from $objectName $objectTypeDisplayName")
                }
            }
    
            if ($actionsAndConditionsSet.Actions.Count -eq 0)
            {
                $object.ConditionedActions.Remove($actionsAndConditionsSet)
            }
        }
    }
}

# No actions foound, exit.
if ($report.Length -eq 0)
{
    return
}

# Send mail
$Context.SendMail($to, $subject, $report.ToString(), $NULL)
Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers