We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script repository

Users Blocked for Password Self-Service

February 18, 2021 Views: 2179

The below scripts can be used to export reports on users blocked for Password Self-Service. The reports can be delivered in 2 different formats: an HTML-formatted report sent by e-mail and a PDF file.

Note: To schedule the report, create a scheduled task configured for the Domain-DNS object type that runs the script and assign it over any of your AD domains. To add the script to a scheduled task, use the Run a program or PowerShell script action.

HTML Report

This script creates and emails the report in the HTML format.

Parameters:

  • $to - Specifies a comma separated list of recipients of the report.
  • $subject - Specifies the email message subject.
  • $reportHeader - Specifies the email message header. In the header, the {0} placeholder will be replaced with the date when the report was generated.
  • $reportFooter - Specifies the email message footer.
Edit Remove
PowerShell
$to = "recipient@domain.com" # TODO: modify me
$subject = "Users Blocked for Self-Service" # TODO: modify me
$reportHeader = @"
<b>Users Blocked for Self-Service. Report generated on: {0} </b><br/><br/>
<table border="1">
    <tr>
        <th>Name</th>
        <th>Parent</th>
        <th>Policy</th>
        <th>Date/Time</th>
    </tr>
"@ # TODO: modify me
$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me

# Bind to the container for Password Self-Service Statistics
$passwordSelfServiceStatisticsPath = $Context.GetWellKnownContainerPath("PasswordSelfServiceStatistics")
$passwordSelfServiceStatistics = $Context.BindToObject($passwordSelfServiceStatisticsPath)

# Regenerate the Blocked Users Report
$passwordSelfServiceStatistics.ResetReportCache("ADM_PSSREPORTTYPE_BLOCKEDUSERS")
$reportIsBeingGenerated = $True

# Get the report
do 
{
    try
    {
        $report = $passwordSelfServiceStatistics.GetReport("ADM_PSSREPORTTYPE_BLOCKEDUSERS")
        $reportIsBeingGenerated = $False
    }
    catch [System.Runtime.InteropServices.COMException]
    {
        if ($_.Exception.ErrorCode -eq "-2147024875")
        {
            # Report is being generated. Wait 10 seconds
            Start-Sleep -Seconds 10
        }
        else
        {
            $reportIsBeingGenerated = $False
            $Context.LogMessage($_.Exception.Message, "Error")
            return
        }
    }
}
while ($reportIsBeingGenerated)

# Add the date when the report was generated
$reportHeader = $reportHeader -f $report.GenerateDate

# Add the report entries
$records = $report.Records
for ($i = 0; $i -lt $records.Count; $i++)
{
    $record = $records.GetRecord($i)
    
    # Get user information
    $userPath = $NULL
    $userDisplayName = $NULL
    $userParentCanonicalName = $NULL
    $userAccountIsEnabled = $NULL
    $userIsEnrolled = $NULL
    $userAccountIsExpired = $NULL
    $userInfo = $record.GetUserInfo([ref]$userPath, [ref]$userDisplayName, [ref]$userParentCanonicalName, 
        [ref]$userAccountIsEnabled, [ref]$userIsEnrolled, [ref]$userAccountIsExpired)
    $eventDate = $record.EventDate
    
    # Get Password Self-Service Policy information
    $policyPath = $NULL
    $policyName = $NULL
    $policyInfo = $record.GetEnrollmentPolicyInfo([ref]$policyPath, [ref]$policyName)

    $reportHeader += "<td>$userDisplayName</td><td>$userParentCanonicalName</td>$isSuccessfull<td>$policyName</td><td>$eventDate</td></tr>"
}

# Build the report
$reportHeader += "</table>"
$htmlBody = $reportHeader + $reportFooter

# Send the report
$Context.SendMail($to, $subject, $NULL, $htmlBody)

PDF Report

This script creates a PDF file with the report on a certain file share.

Parameters:

  • $pdfFilePath - Specifies a UNC path to the CSV file that will be created by the script.
  • $reportHeader - Specifies the email message header. In the header, the {0} placeholder will be replaced with the date when the report was generated.
Note: The script relies on a third-party PowerShell module Out-PTSPDF PDF File Generator for generating PDF files. Download and install it on the computer where Adaxes service runs before running the script.
Edit Remove
PowerShell
Import-Module PDFTools

$pdfFilePath = "\\Server\share\Report.pdf" # TODO: modify me
$header = "Users Blocked for Self-Service Password Reset. Report generated on: {0}" # TODO: modify me

# Bind to the container for Password Self-Service Statistics
$passwordSelfServiceStatisticsPath = $Context.GetWellKnownContainerPath("PasswordSelfServiceStatistics")
$passwordSelfServiceStatistics = $Context.BindToObject($passwordSelfServiceStatisticsPath)

# Regenerate the Blocked Users Report
$passwordSelfServiceStatistics.ResetReportCache("ADM_PSSREPORTTYPE_BLOCKEDUSERS")
$reportIsBeingGenerated = $True

# Get the Blocked Users Report
do 
{
    try
    {
        $report = $passwordSelfServiceStatistics.GetReport("ADM_PSSREPORTTYPE_BLOCKEDUSERS")
        $reportIsBeingGenerated = $False
    }
    catch [System.Runtime.InteropServices.COMException]
    {
        if ($_.Exception.ErrorCode -eq "-2147024875")
        {
            # Report is being generated. Wait 10 seconds
            Start-Sleep -Seconds 10
        }
        else
        {
            $reportIsBeingGenerated = $False
            $Context.LogMessage($_.Exception.Message, "Error")
            return
        }
    }
}
while ($reportIsBeingGenerated)

# Add the date when the report was generated
$header = $header -f $report.GenerateDate

# Add the report entries
$records = $report.Records
$report = @()
for ($i = 0; $i -lt $records.Count; $i++)
{
    $record = $records.GetRecord($i)
    
    # Get user information
    $userPath = $NULL
    $userDisplayName = $NULL
    $userParentCanonicalName = $NULL
    $userAccountIsEnabled = $NULL
    $userIsEnrolled = $NULL
    $userAccountIsExpired = $NULL
    $userInfo = $record.GetUserInfo([ref]$userPath, [ref]$userDisplayName, [ref]$userParentCanonicalName, 
        [ref]$userAccountIsEnabled, [ref]$userIsEnrolled, [ref]$userAccountIsExpired)
    $eventDate = $record.EventDate
    
    # Get Password Self-Service Policy Information
    $policyPath = $NULL
    $policyName = $NULL
    $policyInfo = $record.GetEnrollmentPolicyInfo([ref]$policyPath, [ref]$policyName)

    $reportEntry = New-Object PSObject
    $reportEntry | Add-Member -Name Name -Value $userDisplayName -MemberType NoteProperty
    $reportEntry | Add-Member -Name Parent -Value $userParentCanonicalName -MemberType NoteProperty
    $reportEntry | Add-Member -Name Policy -Value $policyName -MemberType NoteProperty
    $reportEntry | Add-Member -Name "Date/Time" -Value $eventDate -MemberType NoteProperty
    
    $report += $reportEntry
}

# Create PDF file
$report | Out-PTSPDF -Path $pdfFilePath -AutoSize -FontSize 12 -Wrap -HeaderText $header -IncludeHeader

Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers