• State Suggested Answer
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 62 subscribers
  • Views 1515 views
  • Users 0 members are here
Options
Related

Pull a value out of policy or enforce a policy on one user.

mpemba
over 2 years ago

My goal is to look at the policy applied to an object and pull a value the policy would set.

Specifically, I'd like to pull homePath and homeDirectory out of the Home Folder and AutoProvisioning Policy applied to a user object.


This looks close to what I'm trying to do. Not sure what ]$PolicyRule is supposed to be in this situation, is it the name of the policy?

 #===========================================================================
# ExecutePolicyRule
#===========================================================================
# This function generates a value in accordance with a PVG generation rule
#
# Parameters
# $PolicyRule - string with PVG geneartion rule
# $Request - the Request object. Please see ARS SDK for details about this
# object
# Return value
# String with generated value
# Remarks
# This function is applicable to onPreCreate, onPostCreate, onPreModify,
# onPostModify, and onCheckPropertyValues event handlers.
#
function ExecutePolicyRule ([string]$PolicyRule , $Request)
{
$value = $PolicyRule
$rex = [regex]'(?:%<(?<name>.+?)>)'
$neededAttributes = $rex.Matches($PolicyRule) | %{ $_.Groups['name'].Value }
$neededAttributes | %{ $value = $value -replace ('%<' + $_ + '>'),(GetActualAttribute $_ $Request) }
return $value
} #-- ExecuteGenerationRule

I would also be OK with an enforce policy option.

Parents
  • 0 over 2 years ago

    Thank you both.  This gets me where I need to go. I should be able to figure it out with this help.

    I figured out how to pull the value out of the policy if I know the DN of the policy. I have been pretty good about how I name policies so I might be able to cheat and use this in a pinch. 

    $DN = "CN=User Provisioning,CN=Administration,CN=Policies,CN=Configuration"

    $obj = [ADSI] "EDMS://$DN"

    $PVGName = "Provisions users with home folders and home shares"

    $PVGPolicy = $obj._NewEnum | where {$_.Name -eq $PVGName}

    $PVGsetting10 = $PVGpolicy | where {$_.SettingID -eq 10}

    $PVGsetting22 = $PVGpolicy | where {$_.SettingID -eq 22}

    $PVGsetting22.value

    $PVGsetting10.Value

    H:

    \\server\path\%username%

Reply
  • 0 over 2 years ago

    Thank you both.  This gets me where I need to go. I should be able to figure it out with this help.

    I figured out how to pull the value out of the policy if I know the DN of the policy. I have been pretty good about how I name policies so I might be able to cheat and use this in a pinch. 

    $DN = "CN=User Provisioning,CN=Administration,CN=Policies,CN=Configuration"

    $obj = [ADSI] "EDMS://$DN"

    $PVGName = "Provisions users with home folders and home shares"

    $PVGPolicy = $obj._NewEnum | where {$_.Name -eq $PVGName}

    $PVGsetting10 = $PVGpolicy | where {$_.SettingID -eq 10}

    $PVGsetting22 = $PVGpolicy | where {$_.SettingID -eq 22}

    $PVGsetting22.value

    $PVGsetting10.Value

    H:

    \\server\path\%username%

Children
No Data