• State Suggested Answer
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 62 subscribers
  • Views 3095 views
  • Users 0 members are here
Options
Related

ARS Script Module - Notify edsvaSecondaryOwners after creating users works but not after copying users!

a160v-activedirectory
over 4 years ago

Hi!

I am about to implement different script modules in our environment. All but one litle part works as expected.

If an administrator creates a user with a special kind of employeeType, i want the process to send the information to the selected SecondaryOwners (defined as a mandatory parameter, if SecondaryOwners is empty, it´s not possible to create a user with this special kind of employeeType).

Same behaviour should be recognized within the copying of any user-object. But thats the anoying thing...it doesn´t and i am getting angry Slight smile

Active Roles SDK tells me teh following about my chosen event handler: onPreCreate/onPostCreate: Object creation or copy requested/committed

This is the error i see in the eventlog of our Active Roles Server: At line: 27 char:1. You cannot call a method on a null-valued expression.

Line 27 is marked in cyan color in my script below:

############################################################

function onPostCreate($Request)
{

$Head = "<style>"
$Head +="BODY{background-color: #FFFFFF; font-family: Arial; font-size: 13px;}"
$Head +="</style>"

if ($Request.Class -ne "user") { return }
$EmployeeType = $Request.Get("employeeType")
if ($EmployeeType -like "Extern*") {

$SAMAccountName = $Request.Get("SAMAccountName")
$DN = $Request.Get("distinguishedName")
$AccountExpiresTEMP = Get-QADUser $SAMAccountName -IncludedProperties AccountExpires | Select-Object AccountExpires #$Request.Get("AccountExpires")
$AccountExpires = $AccountExpiresTEMP.AccountExpires


#edsvaSecondaryOwners join with ";" to split later.
$TEMPSecOwners = Get-QADUser $SAMAccountName -IncludedProperties @{Name=’edsvasecondaryowners’;Expression={[string]::join(“;”, ($_.edsvasecondaryowners))}} | Select-Object @{Name=’edsvasecondaryowners’;Expression={[string]::join(“;”, ($_.edsvasecondaryowners))}}

#All values saved in an array and split into rows
[ARRAY]$SecondaryOwners = $TEMPSecOwners.edsvasecondaryowners.ToString().split(";")

$Message = "<b>Blablabla</b>"
$Message += "<br><br>"
$Message += "<i><b>SamAccountName: </b></i>" + $SAMAccountName + "<br><br>"
$Message += "<i><b>DistinguishedName: </b></i>" + $DN + "<br><br>"

if($AccountExpires -eq $NULL){

$AccountExpires = "Kein Wert festgelegt / No defined value"

}

$Message += "<i><b>Ablaufdatum: </b></i>" + $AccountExpires + "<br><br>"

#There is no Object with more than 3 SecOwners, this is why 4 is more than enough values.
$Message += "<i><b>Manager: </b></i>" + $SecondaryOwners[0] + "<br>" + $SecondaryOwners[1] + "<br>" + $SecondaryOwners[2] + "<br>" + $SecondaryOwners[3] + "<br>"

$Body = ConvertTo-Html -Head $Head -body $Message

foreach($Verantwortlich in $SecondaryOwners){

$Empfaenger = $NULL
$Empfaenger = Get-QADUser $Verantwortlich -IncludedProperties mail -ErrorAction SilentlyContinue | Select-Object mail

#Mail versenden
$SmtpServer = "changed-for-forum@loughing.com"
$from = "masterofdesaster@fantasy.de"
$subject = "Ein Benutzerkonto (Benutzer-Typ Extern) wurde erstellt!"

$smtp = New-Object system.net.mail.smtpClient($SmtpServer)
$mail = New-Object System.Net.Mail.MailMessage
$mail.From = $from
#$mail.to.Add($add)
$mail.to.Add($Empfaenger.mail)
$mail.Subject = $subject
$Mail.IsBodyHtml = $true
$mail.Body = $Body
$smtp.Send($mail)

}
}
}

#####################################################

Why does it work while creating a user but not copying? Any ideas?

Greetings @all

Mike

  • 0 over 4 years ago

    Hi Mike,

    The onPostCreate and onPreCreate functions do run with both create and copy requests. The issue you're experiencing is that the secondary owners are not copied during a user copy. So your script is erroring out because your ".toString()" method is on the $TEMPSecOwners.edsvasecondaryowners which is NULL because the copied user's secondary owners is empty.

  • 0 over 4 years ago

    Use this script sample from the Active Roles SDK to detect if a Copy operation is being performed. You can then get the desired Active Roles Virtual Attribute values from the source object and copy them to the target object:

    function onPreCreate($Request)
{
	# Verify the type of the request
	If([int]Request.Parameter("Type") -eq $Constants.EDST_REQ_COPY)
	{
		# Object copying requested
		# Binding to the original object
		$ADsPath = $Request.Parameter("LdapServer") + "/" + $Request.GetInControl($Constants.EDS_CONTROL_SOURCE_OBJECT_DN)
		$obj = Get-QADObject $ADsPath
		#
		# Here goes your code that uses the original object
		#
	}
}

  • 0 over 4 years ago in reply to Nick.Dollimount

    Hi Nick,

    thanks for your answer but thats not the problem. As mentioned, i configured the process that way other admins can`t finish creating/copying user-objects without filling edsvaSecondaryOwners and employeeType. It works perfectly when creating a new one without any error message, all SecOwners we fill in receive a mail when clicking "finish" but not if a user was copied.

    Right now i am trying to find a way with AR Policy Workflow. This way it works also if we copy a user but it does not if the users attribute "accountExpires" is empty.

    there's always something else that gets in the way. Disappointed

    But thanks again for your time!

  • 0 over 4 years ago in reply to JohnnyQuest

    Hi Johnny!

    Interesting KB, we can use this for some other attributes, thanks.

    For edsvaSecondaryOwners ther is no need to be copied, its just the issue that the filled in persons does not receive a message if we copy a user but if we use the wizard to create one, that is what makes no sense. We finish the same steps:

    create or copy user-object - fill in names -> "next",

    fill in password -> "next",

    fill in attributtes edsvaSecondaryOwners and employeeType -> "next",

    summary -> "next" -> "finish".

    Selected people in edsvaSecondaryOwners receive a mail only if it was the creation process but not the copy process.

  • 0 over 4 years ago in reply to Terrance.Crombie

    Hey Terrance,

    I have already tried a solution like this. Why are you trying to use an INT? -> If([int]Request.Parameter("Type")

    I tried using $Request.Parameter("InterestingRequestType").

    Solution has been found! As mentioned in my answer on Nicks proposal when using workflow it works except for the case if accountExpires attribute is empty. I implemented an if-statement to handle accountExpires attribute and there we go!

    Now i have the result i was looking for.

    Many thanks again for your ideas @all!!!