Checking the uniqueness of a property

Description

This script checks an attribute value, it ensures the value will be unique.

Script

#*********************************************************************************

# THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,

# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED

# WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.

#

# IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,

# PLEASE CONTACT ONE IDENTITY PROFESSIONAL SERVICES.

#*********************************************************************************

 

function onCheckPropertyValues($Request)

{

$objectClass = [string]$PolicyEntry.Parameter("Object class LDAP name")

if ($Request.Class -ne $objectClass) { return }

 

$attrName = [string]$PolicyEntry.Parameter("Attribute LDAP name")

$scope = [string]$PolicyEntry.Parameter("Uniqueness Scope")

 

$attrValue = $Request.Get($attrName)

if ($attrValue -eq $null) { return }

 

$founds = Get-QADObject -SearchRoot $scope -SearchAttributes @{$attrName=$attrValue;"objectClass"=$objectClass}

if ($founds -eq $null) { return}

if ($founds.DN -eq $Request.Name) { return } # found only self

 

$names=""

$founds | %{ $names+= "`n" + $_.CanonicalName }

$Request.SetPolicyComplianceInfo($attrName,

$constants.EDS_POLICY_COMPLIANCE_ERROR,

"The value '$attrValue' was found in objects:$names",$false)

}

 

function onInit($context)

{

$par1 = $Context.AddParameter("Attribute LDAP name")

$par1.MultiValued = $False

$par1.Description = "Attribute LDAP name to check value is unique."

$par1.Defaultvalue = ""

 

$par2 = $Context.AddParameter("Object class LDAP name")

$par2.MultiValued = $False

$par2.Description = "Object class which attribute values should be check for uniqueness."

$par2.Defaultvalue = "user"

 

$par3 = $Context.AddParameter("Uniqueness Scope")

$par3.MultiValued = $False

$par3.Description = "Domain, Organizational Unit or other scope in Active Directory where" +

" the value for the attribute should be unique."

$par3.Defaultvalue = "CN=Active Directory"

$par3.Syntax = "DN"

 

}

#***** END OF CODE ***************************************************************

Related
Recommended