• State Verified Answer
  • Replies 4 replies
  • Subscribers 62 subscribers
  • Views 2431 views
  • Users 0 members are here
Options
Related

Setting a Virtual Attribute Triggered from DirSync Change

Nap
over 3 years ago

Hi...

I'm trying to update an ARS virtual attribute based on change made native tools by monitoring DirSync.  In this particular instance, I assuming I need to get the object value since it's not in the request object, but not sure if I need to use $DirObj or some other method to set, but as it currently stands, I'm not getting an update.  Not sure what I'm missing here, or if there's a more efficient way to code this.  Any input would be appreciated!

function onPostModify($Request)
{
if($Request.Class -ne "user"){return}


$attrValue = $Request.Get("description")
if($attrValue -ne $null){
  #set compliance TRUE if a value exists
  #$Request.Put("edsvaIsExportCompliant", $true)
  $User = get-qaduser $Request.Name
  $DirObj.Put("edsvaIsExportCompliant", $true)
  $DirObj.SetInfo
 }
if($attrValue -eq $null){
  #set compliance to FALSE is a value in the attribute does not exist
  #$Request.Put("edsvaIsExportCompliant", $false)
  $User = get-qaduser $Request.Name
  $DirObj.Put("edsvaIsExportCompliant", $false)
  $DirObj.SetInfo
  }

}

Parents
  • +1 over 3 years ago

    Using the DirSync Control can cause a lot of extra overhead on the Active Roles instance so be mindful of this. Also, the logic should do as much checking as possible at the beginning of the code to exit out as soon as possible. See if this example works for you.

    function onPostModify($Request)
{
   if($Request.Class -ne "user") {return}

   $AttrInRequest = $false
   
   #Loop through modified attributes
   for ($i = 0; $i -lt $Request.PropertyCount; $i++) {
      #Get the current item element from the array
      $item = $Request.item($i)
      
      # Switch on the attribute name being modified
      switch ($item.Name) {
         'Description' {
            $AttrInRequest = $true
         }
      }
      
      if ($AttrInRequest -eq $true) {
         # Break out of For Loop if desired attribute is in the request
         break
      }
   }
   
   # Exit function if desired attribute is not in the request at all, meaning no change was made to it
   if ($AttrInRequest -ne $true) {return}
   
   $attrValue = $Request.Get("description")
   
   if(($attrValue -eq $null) -OR ($attrValue -eq "")){
      #set compliance to FALSE if a value in the attribute does not exist
      $DirObj.Put("edsvaIsExportCompliant", $false)   
      $DirObj.SetInfo()
   }
   else {
      #set compliance TRUE if a value exists
      $DirObj.Put("edsvaIsExportCompliant", $true)
      $DirObj.SetInfo()
   }
   
}

  • +1 over 3 years ago in reply to Richard.Lambert

    You can check if the attribute was modified using this function:

    function IsAttributeModified ([string]$AttributeName, $Request)
    {
    $objEntry = $Request.GetPropertyItem($AttributeName, $Constants.ADSTYPE_CASE_IGNORE_STRING)
    if ($objEntry -eq $null) { return $false }
    if ($objEntry.ControlCode -eq 0) { return $false }
    return $true
    } #-- IsAttributeModified

Reply
  • +1 over 3 years ago in reply to Richard.Lambert

    You can check if the attribute was modified using this function:

    function IsAttributeModified ([string]$AttributeName, $Request)
    {
    $objEntry = $Request.GetPropertyItem($AttributeName, $Constants.ADSTYPE_CASE_IGNORE_STRING)
    if ($objEntry -eq $null) { return $false }
    if ($objEntry.ControlCode -eq 0) { return $false }
    return $true
    } #-- IsAttributeModified

Children