'*********************************************************************************
' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
' WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
'
' IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,
' PLEASE CONTACT ONE IDENTITY PROFESSIONAL SERVICES.
'*********************************************************************************
'===========================================================================
' IsObjectClassRequested
'===========================================================================
' This function determines if the request was issued for the specified
' object class. It can be useful to force the script policy event handler
' to be triggered for the specified object class only.
'
' Parameters
' strClassName - string with object class name. It can be in any cases,
' for example "User", "GROUP", "computer"
' Request - the Request object. Please see the Active Roles SDK for details about this
' object
' Return value
' True - When operation target object type equals to strClassName
' False - When operation target object type does not equal to strClassName
' Remarks
' This function is applicable to any event handlers
'
Function IsObjectClassRequested(ByVal strClassName, ByRef Request)
IsObjectClassRequested = (LCase(Request.Class) = LCase(strClassName))
End Function '-- IsObjectClassRequested
'===========================================================================
' IsAttributeModified
'===========================================================================
' This function determines if modification for the specified attribute
' is requested. It can be useful to force the script policy event handler
' to be triggered for the specified attribute modification only.
'
' Parameters
' strAttributeName - string with attribute name. It can be in any cases,
' for example "edsvaMyAttribute", "EDSVAMYATTRIBUTE"
' Request - the Request object. Please see the Active Roles SDK for details about this
' object
' Return value
' True - When specified by strAttributeName attribute is modified during
' request
' False - When specified by strAttributeName attribute is not modified
' during request
' Remarks
' This function is applicable to onPreCreate, onPostCreate, onPreModify,
' onPostModify, and onCheckPropertyValues event handlers.
'
Function IsAttributeModified (ByVal strAttributeName, ByRef Request)
Dim objEntry, nControlCode, boolResult
IsAttributeModified = False
Set objEntry = Request.GetPropertyItem(strAttributeName, ADSTYPE_CASE_IGNORE_STRING)
If (objEntry Is Nothing) Then Exit Function
If (objEntry.ControlCode = 0) Then Exit Function
IsAttributeModified = True
End Function '-- IsAttributeModified
'===========================================================================
' GetAttribute
'===========================================================================
' This function returns a value of the specified attribute of
' the specified object. It can be useful to prevent an error
' rising when the attribute has no value.
'
' Parameters
' strAttributeName - string with attribute name. It can be in
' any cases, for example "edsvaMyAttribute", "EDSVAMYATTRIBUTE"
' Request - the Request object. Please see the Active Roles SDK for details
' about this object
' Return value
' Integer, string, boolean value, or array of values - When specified by
' strAttributeName attribute has any values
' Empty value - specified by strAttributeName attribute has no value
' Remarks
' This function is applicable to onPreGet, onPostGet, onPreCreate,
' onPostCreate, onPreModify, onPostModify, and onCheckPropertyValues
' event handlers.
'
Function GetAttribute (ByVal strAttributeName, ByRef Request)
GetAttribute = Empty
On Error Resume Next
GetAttribute = Request.Get(strAttributeName)
On Error GoTo 0
End Function '-- GetAttribute
'===========================================================================
' GetAttributeEx
'===========================================================================
' This function returns an array of values of the specified attribute of
' the specified object. It can be useful to prevent an error rising when
' the attribute has no value.
'
' Parameters
' strAttributeName - string with attribute name. It can be in any cases,
' for example "edsvaMyAttribute", "EDSVAMYATTRIBUTE"
' Request - the Request object. Please see the Active Roles SDK for details about this
' object
' Return value
' Array of integer, string, or boolean values - When specified by
' strAttributeName attribute has any values
' Empty value - When specified by strAttributeName attribute has no value
' Remarks
' This function is applicable to onPreGet, onPostGet, onPreCreate,
' onPostCreate, onPreModify, onPostModify, and onCheckPropertyValues
' event handlers.
'
Function GetAttributeEx (ByVal strAttributeName, ByRef Request)
GetAttributeEx = Empty
On Error Resume Next
GetAttributeEx = Request.GetEx(strAttributeName)
On Error GoTo 0
End Function '-- GetAttributeEx
'===========================================================================
' GetInControl
'===========================================================================
' This function returns a value of the specified Active Roles input control of
' the Request object. It can be useful to prevent an error rising when the
' input control has no value.
'
' Parameters
' strControlName - string with Active Roles input control name. It can be in any
' cases, for example "myControl", "MYCONTROL"
' Request - the Request object. Please see Active Roles SDK for details about this
' object
' Return value
' Integer, string, boolean value, or array of values - When specified by
' strControlName Active Roles input control has any values
' Empty value - When specified by strControlName Active Roles input control has no
' value
' Remarks
' This function is applicable to onPreGet, onPostGet, onPreModify,
' onPostModify, and onCheckPropertyValues event handlers.
'
Function GetInControl (ByVal strControlName, ByRef Request)
GetInControl = Empty
On Error Resume Next
GetInControl = Request.GetInControl(strControlName)
On Error GoTo 0
End Function '-- GetInControl
'===========================================================================
' IsAttributeGenerationRequested
'===========================================================================
' This function determines if a server-side generation for the specified
' attribute is requested.
'
' Parameters
' strAttributeName - string with attribute name. It can be in any cases,
' for example "edsvaMyAttribute", "EDSVAMYATTRIBUTE"
' Request - the Request object
' Return value
' True - When a server-side generation for specified by strAttributeName
' attribute is requested
' False - When a server-side generation for specified by strAttributeName
' attribute is not requested
' Remarks
' This function is applicable to onGetEffectivePolicy event handler only.
'
Function IsAttributeGenerationRequested (ByVal strAttributeName, ByRef Request)
Dim arrRequestedAttributes, strRequestedAttribute
IsAttributeGenerationRequested = False
arrRequestedAttributes = GetInControl(EDS_CONTROL_FULL_EFFECTIVE_POLICY_INFO, Request)
If (IsEmpty(arrRequestedAttributes)) Then Exit Function
If (Not IsArray(arrRequestedAttributes)) Then arrRequestedAttributes = Array(arrRequestedAttributes)
For Each strRequestedAttribute In arrRequestedAttributes
If (LCase(strRequestedAttribute) = LCase(strAttributeName)) Then
IsAttributeGenerationRequested = True
Exit Function
End If
Next
End Function '-- IsAttributeGenerationRequested
'===========================================================================
' DoARSSearch
'===========================================================================
' This function performs a search operation in desired Active Roles scope for
' AD objects by the specified query, and returns an ADO-rowset with
' the search results.
'
' Parameters
' strStartingNodeDN - DN string of starting node, for example
' "OU=Sales,DC=foo,DC=com"
' strLdapQuery - string with LDAP-query, for example "(givenName=*)"
' strAttributeList - comma-separated string with attributes list,
' for example "givenName,sn,sAMAccountName"
' strScope - string, possible values are "subTree", "oneLevel", "base".
' Please refer to MSDN for details about search scope
' Return value
' COM-object - ADO-rowset with results
' Remarks
' This function is applicable to any event handlers as well as can be
' used in an external script.
'
Function DoARSSearch (ByVal strStartingNodeDN, ByVal strLdapQuery, ByVal strAttributeList, ByVal strScope)
Dim objConnection, objCommand, strCommand
strCommand = "<EDMS://" & strStartingNodeDN & ">;" & strLdapQuery & ";" & strAttributeList & ";" & strScope
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADSDSOObject;Data Source=ADs Provider;"
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 100
objCommand.CommandText = strCommand
Set DoARSSearch = objCommand.Execute
End Function '-- DoARSSearch
' ****** END OF CODE **********************************************************
The PS script library code:
# *****************************************************************************
# THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
# WARRANTIES OF MERCHANTBILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE
#
# IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,
# PLEASE CONTACT QUEST PROFESSIONAL SERVICES OR CUSTOM DEVELOPMENT.
#
#===========================================================================
# IsAttributeModified
#===========================================================================
# This function determines if modification for the specified attribute
# is requested. It can be useful to force the script policy event handler
# to be triggered for the specified attribute modification only.
#
# Parameters
# strAttributeName - string with attribute name. It can be in any cases,
# for example "edsvaMyAttribute", "EDSVAMYATTRIBUTE"
# Request - the Request object. Please see the Active Roles SDK for details about this
# object
# Return value
# $true - When specified by strAttributeName attribute is modified during
# request
# $false - When specified by strAttributeName attribute is not modified
# during request
# Remarks
# This function is applicable to onPreCreate, onPostCreate, onPreModify,
# onPostModify, and onCheckPropertyValues event handlers.
#
function IsAttributeModified ($strAttributeName, $Request)
{
$objEntry = $Request.GetPropertyItem($strAttributeName, $Constants.ADSTYPE_CASE_IGNORE_STRING)
if ($objEntry -eq $null) { return $false}
$nControlCode = $objEntry.ControlCode
if ($nControlCode -eq 0) { return $false }
return $true
} #-- IsAttributeModified
# ****** END OF CODE **********************************************************