• State Not Answered
  • Replies 2 replies
  • Subscribers 62 subscribers
  • Views 1222 views
  • Users 0 members are here
Options
Related

$Request Output

JackO2
over 2 years ago

I would like to create some Windows Events for our Powershell Scripts.

One event we would like to create is when creating an AD object. Idea would be to create an event in onpostcreate. For this I would like to output the $Request in general if all infos are contained there. ( I know there are AR specific Windows Events)

Is the data from the created object present in the request in the onpostcreate function?
How to output a $Request user friendly? Goal would be to see all Attributes that where used in the creation of an AD Object

For Request Output i tried this 

function onPostCreate($Request)
{
	# Erstellung von Create Events
	$InitiatorSam = ""
	$InitiatorDistinguishedName = ""
	$Request.WhoAmi([ref]$InitiatorSam, [ref]$InitiatorDistinguishedName)
		
	$Event = @{
			Source    = 'CreateServiceUser'
			EventID   = 21
			EntryType = 'Information'
			Message   = $Request
			InitiatorSam = $InitiatorSam
			Category  = 1003
		}
		
	Log $Event
}

function log()
{
	if ($Event.ContainsValue("Information"))
	{
		[string]$Message = ($Event.Message.Attributes | Format-Table | Out-String)
	}
	Write-EventLog -Category $Event.Category -LogName "Active Roles Custom Scripts" -source $Event.Source -EventId $Event.EventID -EntryType $Event.EntryType -Message $Message
}

output

Attributes                                                       PropertyCount
----------                                                       -------------
{objectClass, description, userPrincipalName, sAMAccountName...}            18

and to convert to json

if ($Event.ContainsValue("Information"))
	{
		[string]$Message = ($Event.Message | Format-Table | ConvertTo-Json)
	}

Output

[
    {
        "pageHeaderEntry":  null,
        "pageFooterEntry":  null,
        "autosizeInfo":  null,
        "shapeInfo":  {
                          "hideHeader":  false,
                          "tableColumnInfoList":  "Microsoft.PowerShell.Commands.Internal.Format.TableColumnInfo Microsoft.PowerShell.Commands.Internal.Format.TableColumnInfo Microsoft.PowerShell.Commands.Internal.Format.TableColumnInfo Microsoft.PowerShell.Commands.Internal.Format.TableColumnInfo Microsoft.PowerShell.Commands.Internal.Format.TableColumnInfo Microsoft.PowerShell.Commands.Internal.Format.TableColumnInfo Microsoft.PowerShell.Commands.Internal.Format.TableColumnInfo Microsoft.PowerShell.Commands.Internal.Format.TableColumnInfo Microsoft.PowerShell.Commands.Internal.Format.TableColumnInfo Microsoft.PowerShell.Commands.Internal.Format.TableColumnInfo",
                          "ClassId2e4f51ef21dd47e99d3c952918aff9cd":  "e3b7a39c089845d388b2e84c5d38f5dd"
                      },
        "groupingEntry":  null,
        "ClassId2e4f51ef21dd47e99d3c952918aff9cd":  "033ecb2bc07a4d43b5ef94ed5a35d280"
    },
    {
        "shapeInfo":  null,
        "groupingEntry":  null,
        "ClassId2e4f51ef21dd47e99d3c952918aff9cd":  "9e210fe47d09416682b841769c78b8a3"
    },
    {
        "formatEntryInfo":  {
                                "formatPropertyFieldList":  "Microsoft.PowerShell.Commands.Internal.Format.FormatPropertyField Microsoft.PowerShell.Commands.Internal.Format.FormatPropertyField Microsoft.PowerShell.Commands.Internal.Format.FormatPropertyField Microsoft.PowerShell.Commands.Internal.Format.FormatPropertyField Microsoft.PowerShell.Commands.Internal.Format.FormatPropertyField Microsoft.PowerShell.Commands.Internal.Format.FormatPropertyField Microsoft.PowerShell.Commands.Internal.Format.FormatPropertyField Microsoft.PowerShell.Commands.Internal.Format.FormatPropertyField Microsoft.PowerShell.Commands.Internal.Format.FormatPropertyField Microsoft.PowerShell.Commands.Internal.Format.FormatPropertyField",
                                "multiLine":  false,
                                "ClassId2e4f51ef21dd47e99d3c952918aff9cd":  "0e59526e2dd441aa91e7fc952caf4a36"
                            },
        "outOfBand":  false,
        "writeStream":  0,
        "ClassId2e4f51ef21dd47e99d3c952918aff9cd":  "27c87ef9bbda4f709f6b4002fa4af63c"
    },
    {
        "groupingEntry":  null,
        "ClassId2e4f51ef21dd47e99d3c952918aff9cd":  "4ec4f0187cb04f4cb6973460dfe252df"
    },
    {
        "groupingEntry":  null,
        "ClassId2e4f51ef21dd47e99d3c952918aff9cd":  "cf522b78d86c486691226b40aa69e95c"
    }
]

  • 0 over 2 years ago

    Have you looked at the events that are already being logged into the Active Roles Administrative Service event log?

    You might just be able to mine the information you need from those rather than deconstructing $Requests.

    Since it sounds like you are already executing your scripts "through" the Active Roles server, one thing I would suggest to enhance the information in the existings events is to add an "Operation Reason".  Here's a simple example:

    Set-QADUser -proxy -identity $MyUser -Description "A new description"  -control @{'OperationReason'="This change was done by ChangeUser.ps1"}

  • 0 over 2 years ago in reply to JohnnyQuest

    yes we only use web gui with AR Scripts, I was hoping I could build something similar to the AR events and get the needed data out of the $Request. I see that OperationReason would actually show up in the Events from AR. Of course i could just pull the data with $Request.Get but i dont know much about the request object and this methode doesnt seem very dynamically. 

    For example to pull all Operation data and than maybe loop over the part were the Attributes and values from the request are stored to add them into a message.

    This is more for backend logging / monitoring the scripts, so you dont have to turn on debugging on scripts and we can still write some information to log and do some troubleshooting in case somethings went wrong. 

    Operation request has been submitted to Active Roles Administration Service 
Operation ID:  
Operation GUID: caedd7aa-cacb-47a7-a79f-220cbfa2961f 
Operation: Create Object 
Object name: xxxx
Object parent container: xxxx
Object type: user 
Object GUID:  
Initiator: xxxx
Operation reason:  
Details:  
	Attributes:
		objectClass
			user
		co
			xxxx
		company
			xxxx
		edsaAccountIsDisabled
			False
		edsaAccountIsSensitiveAndCannotBeDelegated
			False
		edsaAccountIsTrustedForDelegation
			False
		edsaDoNotRequireKerberosPreauthentication
			False
		edsaPassword
			********
		edsaPasswordNeverExpires
			False
		edsaSmartCardIsRequired
			False
		edsaStorePasswordUsingReversibleEncryption
			False
		edsaUseDESEncryptionTypesForThisAccount
			False
		edsaUserCannotChangePassword
			False
		edsvaUserExternalADMSV
			True
		edsvaUserExternalAnsprechpartner
			CN=xxxx
		edsvaUserExternalDescription
			xxxx
		edsvaUserExternalNameGenerator
			xxxx
		edsvaUserExternalTicketID
			xxxx
		edsvaUserMustChangePasswordAtNextLogon
			True
		facsimileTelephoneNumber
			xxxx
		givenName
			xxxx
		l
			xxxx
		mail
			hrtgi.de
		postalCode
			456
		sn
			W
		streetAddress
			Par
		telephoneNumber
			+445