The script updates the specified boolean attribute with password self-service enrollment status for all users. To execute the script, create a scheduled task configured for the Domain object type and add a single managed domain to the Activity Scope. In the script, the $propertyName variable specifies the name (as it is specified in the directory schedma) of the boolean attribute to update.
PowerShell
$propertyName = "adm-CustomAttributeBoolean1" # TODO: modify me
# Bind to the 'Password Self-Service Statistics' container
$passwordSelfServiceStatisticsPath = $Context.GetWellKnownContainerPath("PasswordSelfServiceStatistics")
$passwordSelfServiceStatistics = $Context.BindToObject($passwordSelfServiceStatisticsPath)
# Get the enrollment report
$reportIsBeingGenerated = $True
do
{
try
{
$report = $passwordSelfServiceStatistics.GetReport("ADM_PSSREPORTTYPE_ENROLLMENT")
}
catch [System.Runtime.InteropServices.COMException]
{
if ($_.Exception.ErrorCode -eq "-2147024875")
{
# Report is being generated. Wait 10 seconds
Start-Sleep -Seconds 10
continue
}
else
{
$reportIsBeingGenerated = $False
$Context.LogMessage($_.Exception.Message, "Error")
return
}
}
if ($report.GenerateDate -lt [System.Datetime]::UtcNow.AddHours(-1))
{
$passwordSelfServiceStatistics.ResetReportCache("ADM_PSSREPORTTYPE_ENROLLMENT")
}
else
{
$reportIsBeingGenerated = $False
}
}
while ($reportIsBeingGenerated)
$records = $report.Records
for ($i = 0; $i -lt $records.Count; $i++)
{
$record = $records.GetRecord($i)
# Get user information
$userPath = $NULL
$userDisplayName = $NULL
$userParentCanonicalName = $NULL
$userAccountIsEnabled = $NULL
$userIsEnrolled = $NULL
$userAccountIsExpired = $NULL
$userInfo = $record.GetUserInfo([ref]$userPath, [ref]$userDisplayName, [ref]$userParentCanonicalName,
[ref]$userAccountIsEnabled, [ref]$userIsEnrolled, [ref]$userAccountIsExpired)
# Update user
$user = $Context.BindToObject($userPath)
$user.Put($propertyName, $userIsEnrolled)
$user.SetInfo()
}