• Products
    • View all products
    • Free trials
  • Solutions
    • All Solutions
    • All Integrations
  • Resources
    • All Resources
    • Learning Hub
  • Trials
  • Support
    • Support Home
    • By Product
      • All Products
      • Active Roles
      • Authentication Services
      • Cloud Access Manager
      • Defender
      • Identity Manager
      • Password Manager
      • Safeguard
      • Starling Identity Analytics & Risk Intelligence
      • Starling Two-Factor Authentication
      • TPAM Appliance
    • Contact Support
      • Overview
      • Customer Service
      • Licensing Assistance
      • Renewal Assistance
      • Technical Support
    • Download Software
    • Knowledge Base
    • My Account
      • My Products
      • My Service Requests
      • My Licenses
      • My Groups
      • My Profile
    • Policies & Procedures
    • Professional Services
    • Technical Documentation
    • One Identity University
    • User Forums
    • Video Tutorials
  • Partners
    • Overview
    • Partner Circle Log In
    • Become a Partner
    • Find a Partner
    • Partner Community
  • Communities
    • Home
    • Blogs
      • Blogs A to Z
      • One Identity Community
      • AD Account Lifecycle Management
      • Cloud
      • Identity Governance & Administration
      • Privileged Access Management
      • syslog-ng Community
    • Forums
      • All Product Forums
      • Active Roles
      • Identity Manager
      • Password Manager
      • Safeguard
      • Unix Access Management
    • Social Networks
      • Facebook
      • LinkedIn
      • Twitter
      • YouTube
One Identity Community
One Identity Community
  • Site
  • User
  • Site
  • Search
  • User
Active Roles Community
Active Roles Community
Wiki Policy incompliance reporting & fixing for specified policy
  • Forum
  • Ideas
  • Wiki
  • More
  • Cancel
  • New
  • -Active Roles Script Center
    • +Active Roles Script Policy Best Practices
    • Active Roles SDK
    • +C#
    • +JavaScript
    • +PowerShell
    • -VBScript
      • VBScript Library source code
      • -VBScript samples
        • A Managed Unit with users which have not logged on for last 90 days
        • Adjust the case of usernames to title case (first letter of each part of the name)
        • Advanced group creation/provision
        • Advanced shared folder creation
        • Bulk policy incompliance fixing
        • Check unique value of an attribute
        • +Computer management
        • +Exchange management
        • Function that converts regular date into integer8 format
        • Get effective policy info list
        • +Group management
        • How to find a request source in script policy
        • How to send emails based on scripts policy parameters and Virtual Attribute values
        • +Permissions Management
        • Policy incompliance reporting & fixing for specified policy
        • Populate values from a SQL database to an AD Attribute
        • Prevent copying an attribute on user copy
        • Prohibite a permission propagation to AD
        • Prohibite an AD native security editing
        • Read large integer date attributes and display them in date and time readable format
        • Read XML Node text or attribute value
        • Read XML Node with Children into DictionaryObject
        • Standalone script that requests built-in password generation policy
        • +User management
        • Validate moving operations
        • +VBScript: Approval

Policy incompliance reporting & fixing for specified policy

DESCRIPTION

Policy incompliance reporting & fixing for the specified policy. This action will be provided entire management environment. Caution: This script may run for a long time.

SCRIPT

'*********************************************************************************

' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,

' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED

' WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.

'

' IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,

' PLEASE CONTACT ONE IDENTITY PROFESSIONAL SERVICES.

'*********************************************************************************

Option Explicit

'===========================================================================

' Constants

'===========================================================================

Const strActiveDirectoryDN = "CN=Active Directory"

'===========================================================================

Const EDS_CONTROL_FIX = 4

Const EDS_CONTROL_CHECK_POLICY_COMPLIANCE = 5

'******************************************************************************

'*** Multi-page MsgBox

'******************************************************************************

Function MultiMsgBox(ByVal strOut)

Dim i, n, strPart

Do While (strOut <> "")

n = 0

For i = 1 To 21

n = InStr(n+1, strOut, vbCrLf)

If (n <= 0) Then

n = Len(strOut)+1

Exit For

End If

Next

strPart = Left(strOut, n-1)

strOut = Mid(strOut, n+2)

MsgBox (strPart)

Loop

End Function

'===========================================================================

' DoARSSearchRaw

'===========================================================================

Function DoARSSearchRaw (ByVal strCommand, ByVal strSortList)

Dim objConn, objCmd

Set objConn = CreateObject("ADODB.Connection")

objConn.Open "Provider=ADSDSOObject;Data Source=ADs Provider;"

Set objCmd = CreateObject("ADODB.Command")

Set objCmd.ActiveConnection = objConn

If (strSortList <> "") Then

objCmd.Properties("Size Limit") = 10

objCmd.Properties("Sort On") = strSortList

End If

objCmd.CommandText = strCommand

Set DoARSSearchRaw = objCmd.Execute

End Function ' Do ARSSearchRaw

'===========================================================================

' DoARSSearch

'===========================================================================

Function DoARSSearch (ByVal strStartingNodeDN, ByVal strLdapQuery, ByVal strAttrList, ByVal strDepth)

Dim strCommand

strCommand = "<EDMS://" & strStartingNodeDN & ">;" & strLdapQuery & ";" & strAttrList & ";" & strDepth

Set DoARSSearch = DoARSSearchRaw(strCommand, "")

End Function ' Do ARSSearch

'===========================================================================

' GetObjectGUID

'===========================================================================

Function GetObjectGUID (ByVal strADObjectDN)

Dim objADObject, objOctetString

On Error Resume Next

Set objADObject = GetObject("EDMS:" & strADObjectDN)

Set objOctetString = CreateObject("AelitaEDM.EDMOctetString")

Call objOctetString.Set(objADObject.GUID)

GetObjectGuid = objOctetString.GetGuidString()

On Error Goto 0

End Function ' GetObjectGUID

'===========================================================================

' ReportAndFixPolicyIncompliance

'===========================================================================

Sub ReportAndFixPolicyIncompliance (ByVal strContainerDN, ByVal strPolicyDN, ByVal boolFix)

Dim objADObject, objRS

Dim objPP, objPP1, objPP2

Dim strPolicyGUID, strOut, strOut2

strPolicyGUID = GetObjectGUID(strPolicyDN)

' Give the rowset object with attributes

Set objRS = DoARSSearch (strContainerDN, "(objectClass=*)", "distinguishedName", "SubTree")

strOut = ""

Do While (Not objRS.EOF)

Set objADObject = GetObject("EDMS://" & objRS("distinguishedName"))

objADObject.Control(EDS_CONTROL_FIX) = strPolicyDN

If (boolFix) Then

objADObject.Control(EDS_CONTROL_CHECK_POLICY_COMPLIANCE) = strPolicyDN

End If

Set objPP = objADObject.CheckPropertyValues()

strOut2 = ""

For Each objPP1 in objPP

For Each objPP2 in objPP1

strOut2 = strOut2 & PP2.PropertyName & " " & CStr(PP2.Status) & " " & PP2.Message & vbCrLf

Next

Next

If (strOut2 <> 0) Then

strOut = strOut & objRS("distinguishedName") & vbCrLf & _

"--------" & vbCrLf & _

strOut2 & vbCrLf

End If

objRS.MoveNext

Loop

MultiMsgBox (strOut)

End Sub ' ReportAndFixPolicyIncompliance

'===========================================================================

'== MAIN ROUTINE

'===========================================================================

' 1st param - DN of container to check,

' please specify DN value (sample: "OU=Sales,DC=foo,DC=com"), or use the strActiveDirectoryDN constant

' 2nd param - DN of policy object

' 3rd param - True -or-False, fix the policy incompliance -or- not

Call ReportAndFixPolicyIncompliance(strActiveDirectoryDN, "CN=SomePolicy1,CN=Policy Objects,CN=Configuration", True)

'***** END OF CODE ***************************************************************

  • Share
  • History
  • More
  • Cancel
Related
Recommended
  • Company
    • About Us
    • Buy
    • Careers
    • Contact Us
    • News
  • Resources
    • Blogs
    • Customer Stories
    • Documents
    • Events
    • Videos
  • Support
    • Professional Services
    • Renew Support
    • Technical Support
    • One Identity University
    • Support Service
  • Social Networks
    • Facebook
    • Instagram
    • LinkedIn
    • Twitter
    • YouTube
  • © 2025 One Identity LLC. ALL RIGHTS RESERVED.
  • Legal
  • Terms of Use
  • Privacy
  • Community Feedback & Support
  • Cookie Preference Center