• State Not Answered
  • Replies 5 replies
  • Subscribers 63 subscribers
  • Views 390 views
  • Users 0 members are here
Options
Related

onPostModify Is there a way to retrieve a list of all attributes that were NOT modified?

carl chevalier
1 month ago

When I modify a user object, I want my script to do certain validations.. to set my AD account category (virtual attribute). Account categorization is set according to certain attribute values (let's say Givenname, title and department).

On PreModify, I am checking to see if any of these three attributes (Givenname, title or department) were changed. If so, I know I must reevaluate my account category.

Is there a way I can get the current unchanged value of my attributes without having to run a get-qaduser ? Out of $Request, I only see modified attribute properties.

Thank you for you help on this.

  • 0 1 month ago

    The $Request only contains changes.  The simplest way to obtain the pre-change values is to do a Get-QADUser within your PreModify handler as you have been doing.

  • 0 1 month ago in reply to JohnnyQuest

    All right. I was hoping for an approach where I could prevent running a get-qaduser. 
    Thanks for your reply. 

  • 0 1 month ago

    I did something similar but it was just for simple logging. 

    On PreModify Get the value and use an In Control (it's a way to store data through a request)

    $request.PutInControl("PreMoveDN", $DSTYPE_CASE_IGNORE_STRING, $Request.DN )

    Then after the request starts, OnPostModify for example you can get the control value

    $OriginalLocation = $request.GetInControl("PreMoveDN")

    Now you can compare

    If($OriginalLocation -ne $NewLocation){do your magic}

    ################################################
    if you want to do a list of attributes, I keep a list and start out like this:

    #Go through list of attributes and add them to the $Request 
    foreach($Attribute in $Request.Attributes.Attributes.Name)
    {

    try
    {

    #Get the existing value of the Attribute
    $Value = $DirObj.get($attribute)
    ........ to the end of whatever...

    Maybe too much info, but worth a shot. 

  • 0 1 month ago in reply to jacob maloney_32702

    That sounds like a great alternative. I think I will give it a try !

    Following JohnnyQuest's response, I took to approach of using get-qaduser to obtain the original values. I was just worried that the command would be "costly" in terms of IO but limiting the number of returned attributes with "-IncludedProperties" seams not too bad.

    Thanks for your response 

  • 0 1 month ago

    The $Request only contains changes.  The simplest way to obtain the pre-change values is to do a Get-QADUser within your PreModify handler as you have been doing.