Applies To:
GroupID 10 - Automate
Business Case:
We have many users in our Active Directory environment. Some of these users request the IT Helpdesk team to reset their passwords for them. For audit purposes, we want to create a Smart Group that contains all users whose passwords have been reset in the last 14 days. Is this achievable in GroupID Automate?
Solution:
This requirement can be achieved by using a script on the Smart Script tab of the Query Designer.
Steps:
-
Launch GroupID Management Console.
-
Click Automate > right-click All Groups > New > Smart Group.
-
In the New Smart Group wizard, set parameters as desired. On the Update Options page, select Update Later.
-
Complete the wizard to create the Smart Group.
-
Right-click the newly created Smart Group and select Modify Query. On the Query Designer, go to the Smart Script tab.
-
Click Edit Script.
-
On the new window, click Tools > Add Reference. Then click Browse, select Imanami.Automate.ActiveDirectoryTool.dll, and click OK.
-
Now go to line 17 and add these lines:
Imports System.IO.File
Imports System.directoryservices
-
Go to line 29 and replace the script till the end of the file with the following code:
Dim logFilePath As String = "C:\ManagerTestLogging.txt"
#Region " User-definable code "
Sub ATM_Startup(ByVal atmsource As Object, ByVal args As EventArgs) Handles ATM.Startup
' User-definable script goes here -----------------
' -------------------------------------------------
End Sub
Sub ATM_BuildQuery(ByVal atmsource As Object, ByVal args As QueryEventArgs) Handles ATM.BuildQuery
' User-definable script goes here -----------------
' -------------------------------------------------
End Sub
Sub ATM_MembershipUpdating(ByVal atmsource As Object, ByVal args As ScriptingEventArgs) Handles ATM.MembershipUpdating
' User-definable script goes here -----------------
Dim logFile As StreamWriter = AppendText(logFilePath)
'logFile.WriteLine("Entering TracingTest with argument " & logFilePath & ".")
Dim pwdLastSet as Object
'My.Application.Log.WriteEntry("OldDate" & oldDate & "." & "old Date Ticks:" & oldDateTicks)
Dim dn As String=String.Empty
Dim oroot As DirectoryEntry = ActiveDirectoryTool.BindToDirectoryEntry("LDAP://DC=bee,DC=local", "bee\administrator", "support123R")
Dim queriedMembers As ArrayList = args.stagingData(stagingAttribute.member)
Dim finalList As New ArrayList
Dim entry As DirectoryEntry
For Each member As Imanami.GroupID.DataTransferObjects.DataContracts.Services.Attribute In queriedMembers
Try
dn = member.AttributeCollection("distinguishedName")
'logFile.WriteLine("DN:" & dn & ".")
entry = ActiveDirectoryTool.BindToDirectoryEntry(dn)
pwdLastSet = entry.properties("pwdLastSet")(0)
dim pwdDate as DateTime
pwdDate = ConvertADObjectToDate(pwdLastSet)
'logFile.WriteLine(pwdDate.ToString())
Dim mem As New Imanami.GroupID.DataTransferObjects.DataContracts.Services.Attribute()
Dim days As Long = DateDiff(DateInterval.Day, pwdDate, DateTime.Now)
'logFile.WriteLine(days)
if (days < 14) then
mem.value = dn
finalList.add(mem)
logFile.WriteLine(mem.value)
else
end if
Catch ex as Exception
logFile.Write(ex.Message)
LogFile.Write(ex.Source)
End try
Next
' -------------------------------------------------
args.setStagingData(stagingAttribute.member, finalList)
logFile.WriteLine("I reached here")
logFile.close()
End SubSub ATM_MembershipUpdated(ByVal atmsource As Object, ByVal args As ScriptingEventArgs) Handles ATM.MembershipUpdated
' User-definable script goes here -----------------
' -------------------------------------------------
End Sub
Private Function ConvertADObjectToDate(ByVal Input As Object) As Date
Try
Dim Output As Date = "1601-01-01 08:00:00"
Dim low As Object = Input.GetType.InvokeMember("LowPart", Reflection.BindingFlags.GetProperty, Nothing, Input, Nothing)
Dim high As Object = Input.GetType.InvokeMember("HighPart", Reflection.BindingFlags.GetProperty, Nothing, Input, Nothing)
Dim J As Long = (Convert.ToInt64(high) << 32) + Convert.ToInt64(low)
Output = IIf(Convert.ToInt64(high) << 32 = -1 And Convert.ToInt64(low) = -1, Output, DateTime.FromFileTime(J))
Return Output
Catch ex As Exception
Throw ex
End Try
End Function
Sub ATM_UpdateCommitting(ByVal atmsource As Object, ByVal args As ScriptingEventArgs) Handles ATM.UpdateCommitting
' User-definable script goes here -----------------
' -------------------------------------------------
End Sub
Sub ATM_UpdateCommitted(ByVal atmsource As Object, ByVal args As ScriptingEventArgs) Handles ATM.UpdateCommitted
' User-definable script goes here -----------------
' -------------------------------------------------
End Sub
Sub ATM_UpdateFailed(ByVal atmsource As Object, ByVal args As ScriptingEventArgs) Handles ATM.UpdateFailed
' User-definable script goes here -----------------
' -------------------------------------------------
End Sub
Sub ATM_Shutdown(ByVal atmsource As Object, ByVal args As EventArgs) Handles ATM.Shutdown
' User-definable script goes here -----------------
' -------------------------------------------------
End Sub
#End Region
end module ' ImanamiExposedCode -
Now go to line 50; you will find the following line:
Dim oroot As DirectoryEntry = ActiveDirectoryTool.BindToDirectoryEntry("LDAP://DC=bee,DC=local", "bee\administrator", "support123R")
In this line, change the domain name, service account username, and password. -
On the toolbar, click Build > Compile Script.
-
Close the window and when prompted to save changes, click Yes.
-
Now update the Smart Group. During the update, you will see on a pop-up that it has found a number of users as per the criteria set in the Query Designer. However, when the update process completes and you view the membership of the Smart Group, it will only contain the users whose passwords have been reset during the last 14 days.
If you want to change the value from 14 days to X days, go to line 66 and there you will find "if (days < 14) then". Replace 14 with the required number of days and update the Smart Group.
Reference:
GroupID Online Help - Automate