Quantcast
Channel: Software Communities : Popular Discussions - ActiveRoles
Viewing all 1277 articles
Browse latest View live

Passing variables to Powershell

January 6, 2012, 2:35 pm
$
0
0

I am new to active roles but i am comfortible with power shell. I have a policy for new user creations that calls a powershell script. However i do not know how to pass the powershell script the values from the new hire window. Specifically i would like to modify the properties of the user account that is being created and to do this i obviously need to be able to reference the user account that i am creating from the Active Roles Admin page. Does anyone know how to accomplish this?

 

I see references examples that use " $Name =  GetValue $DirObj "DisplayName"" however that does not seem to work.

 

Below is an example of something i tried for testing.

 

 

$Name =  GetValue $DirObj "DisplayName"

Set-casmailbox -identity "$name" -imapenabled $false

Set-casmailbox -identity "$name" -popenabled $false

Search

Help with scripting of AD Computer object creation

October 31, 2012, 7:52 am
$
0
0

Greetings, I've spent a good bit of time researching how to script this, but am getting access denied when actually trying to join the server/desktop to the domain using the account I've delegated rights to.  I've confirmed the user account is in domain\group 1.  The computer account does get created in the OU I expect and the description is set properly.  Here is my script...

 

$csv = "c:\computers.csv"

Import-cvs $csv | % {New-QADComputer $_.Name -ParentContainer $_.ParentOU -samaccountname ($_.name + "$") -Description $_.Description1 -objectAttributes @{edsaJoinComputerToDomain=$_.Joiner}}

 

My computers.csv has the following syntax

 

Name,ParentOU,Description1,Joiner

Comp1,domain.com/laptops,Laptop1,domain\group 1

 

Thanks in advance!

Hide Tree in Web Interface

October 4, 2013, 8:50 am
$
0
0

Hi How do I hide the Tree and /or menu options in the Web Interface ? (see below)

 

activeroles1.JPG

Export edsvasecondaryowners

October 14, 2011, 5:23 am
$
0
0

Hello,

Looking for a way to dump a bunch of security groups and their secondary owners to a file from within powershell.  I can run a simple get-qaduser and select the group name and edsvasecondaryowners and it will display what I am looking for but when I take the same command and do an export-csv the edsvasecondaryowners always exports as System.Object[].  Pretty much every group has multiple owners if there was only one it exports the DN out fine but 95% of then have two or more owners. 

 

Any thoughts or ideas how to export or dump this out would be great.

 

Thanks,

Scott

get-QADUser -> Export-Csv -> "????" in result

November 14, 2011, 11:13 pm
$
0
0

Hi all!

 

Try to use smth like this:

get-QADUser -SearchRoot 'domain.com/People' -IncludeAllProperties | Select-Object Title,extensionAttribute1,extensionAttribute2 | Export-Csv C:\domain_Q_user.csv

In the result csv file i have got "???????" instead of non english chars...

 

with ConvertTo-CSV cmdlet all fine.

 

Any idea how can i fix it?

passing variable to -Ldapfilter

November 30, 2011, 2:09 pm
$
0
0

I am trying to write a script that looks for a phone extension in AD for a set of users supplied in a csv file.  The normal command, with hard coded values, would look like this for a query looking for users that have an extention of 6601 in either the telephone or ip phone field.

 

Get-QADUser -includeAllProperties -LdapFilter '(|(ipPhone=*6601)(telephoneNumber=*6601))' | Select-Object Name, samAccountName, telephoneNumber, ipPhone

 

However I can not get it to work with a varible in place of the extentions, like so:

 

Get-QADUser -includeAllProperties -LdapFilter '(|(ipPhone=*$phone)(telephoneNumber=*$phone))' | Select-Object Name, samAccountName, telephoneNumber, ipPhone

 

I have the proper values in the variables, I have tested that, I think I just need to get the syntax correct with respect to quotes or double quotes, becuase I think it is passing it along as a literal instead of the variable value

 

The code used for getting the data in from the csv looks like this:

 

$data = import-csv $args[0]

foreach ($i in $data)
          {
$error.clear()

$ext = $i.Extension.Trim()
$exportFile = "phone.query.csv"
Get-QADUser -includeAllProperties -LdapFilter '(|(ipPhone=*$ext)(telephoneNumber=*$ext))' | Select-Object Name, samAccountName, telephoneNumber, ipPhone | Export-csv -Path $exportFile

 

Any ideas?

How to Wipe an ActiveSync device using ActiveRoles Server

May 24, 2012, 6:13 am
$
0
0

The following script can be used via ARS to find and Wipe an ActiveSync device per a user.

 

A good example of using this script is to wipe a user's device when the user account is being deprovisioned (by calling this script via a Deprovisioning Policy).

 

PowerShell script:

 

function onPreDeprovision($Request)
{

Add-PSSnapin 'Microsoft.Exchange.Management.PowerShell.E2010'

$userdn = $Request.dn

$deviceIDparameter = (Get-ActiveSyncDeviceStatistics –Mailbox $userdn) | fl Identity

Clear-ActiveSyncDevice –Identity $userdn –Confirm:$false –NotificationEmailAddresses "target@domain.com"

}

 

This script grabs the target user's distinguishedname ($Request.dn), searches Exchange for the ActiveSync Identity and then sends a "Clear-ActiveSyncDevice" requrest to Exchange, which in turn wipes the device.

Installtion steps for Report Pack

September 27, 2012, 3:29 am
$
0
0

I reviewed the admin guide and on this documents here but i couldnt get any istall details for this.

I have used data collector to collect events and my objective is to do auditing/tracking object level changes via Active Roles.

Any help please...

Search

Manager can update membership flag does not set in ARS 6.0.4

July 20, 2009, 11:15 am
$
0
0

We just installed ARS 6.0.4 in our environment and we noticed that Manager can update membership flag is unchecked even though the permissions are set properly and this flag was checked in ARS 5.25.

If I go and check the flag in ARS 6.0.4 then the flag remains checked.

Does anyone know how this works? Do we have migrate any virtual attributes from ARS 5.25?


Thanks
Regards,
Faruq

Message was edited by: Faruq

EDMS ADSI Provider

August 17, 2009, 12:18 am
$
0
0
Hi,

I have a QARS client application that uses the EDMS ADSI Provider to bind to a QARS Server and manipulate objects in Active Directory.  Whenever the QARS Server is upgraded to a new version, I need to rebuild the client with the correct version of the client library for the new server.  This means I have to co-ordinate the client releases with each server upgrade.

So I'm trying to code a client that detemines the QARS server version dynamically at run-time, and then loads the correct version of the EDMS client library.  Although I think I can determine the server version, I've not been able to load more than one version of the library.  Does anyone know if this is possible?

Thanks in advance for any advice...

Retrieving edsa attributes in VBS

March 11, 2011, 2:51 am
$
0
0
Hi all.

I'm attempting to read the value of the 'edsaManagerCanUpdateMembershipList' attribute of a group in QARS 6.5. Looking at the attribute in the object properties in the QARS console it is set to 'True', but when I attempt to read it using VBS I receive the error 'The specified property 'edsaManagerCanUpdateMembershipList' cannot be found in the property cache. I can successfully retrieve other, non-edsa, attributes of the object.

The [simplified] code is as follows:

Set objGroup = GetObject("EDMS://" & strGroupDN)
strAccountName = objGroup.Get("samAccountName")
WScript.Echo strAccountName
bCanUpdate = objGroup.Get("edsaManagerCanUpdateMembershipList")
If bCanUpdate Then
  ' Do stuff
Else
  ' Do other stuff
End If

It successfully returns the samAccountName, but errors when it gets to the edsaManagerCanUpdateMembershipList line.

The script is running outside of QARS, but doesn't work either running directly on the QARS server or from another machine that has the QARS ADSI provider installed.

Any help would be much appreciated.

Thanks,

Nick.

Manager can update membership list

May 28, 2009, 6:51 am
$
0
0
I need to be able to check the check box manager can update membership list on the manage by tab for 3000 groups. I created ldap code that will set the acl in AD to check this check box since it is not a AD property but the setting does not get picked up by ARS. I then found out that there is a property in ARS that is boolen that allows you to set this value called edsaManagerCanUpdateMemberShipList. This value is boolen but I cannot set it via a script, each time that I try and set it states that the property does not exist.

Has anyone done this, I really need to get this working. Thanks

GpoAdmin + ADMX Central Store

October 18, 2013, 9:05 pm
$
0
0

Apologize in advance, could not fine a area for GPOAdmin questions.

 

Question:

If one implements GPOAdmin, is it still required/needed to create an AD Central Store for ADMX policies?

 

Thank You

webUI object multi-select menu - add-ons/doodads?

February 28, 2013, 5:39 am
$
0
0

Loving the multi object select feature of the 6.8 interface - but see ways that its usefulness can be extended - at least for the way our help desk operates.

 

A time-saver suggested by our help desk would be to have the search results for user accounts display a lock symbol over the accounts that are locked on the results page.  Instead of having to choose the user account link and then navigate to the page containing 'account lockout' checkbox - why not use the multi-select checkbox to pick the user you searched for and click unlock from the multi-select menu ... sounds like a winner to me.

 

Each admin user in our environment has a non-priv user account and one that is used to provide role-based privilege to resources. The CN for both accounts have the same root.  i.e. ME and MEadmin...   If we deProvision one, we want to deProvision the other.  You provided the ability to deProvision via multi-select - but not to undoDeProvision.  Possible?

 

I'm sure I've scratched the surface here ... but the big question is -

Can we modify the multi-select menu - at all - or easily - in a supported way

Quest ARS 6.8 - How do you change the admin account?

March 3, 2013, 7:22 pm
$
0
0

When you install Quest ARS, the default is that the local administrators group has full admin access to Quest ARS.  We now want to change this but cannot see a way of doing so?

 

How can I change this group to be more tightly controlled by an AD group instead?  I cannot see anywhere in the console where you set this AFTER the install?  The problem is that the local machine group basically gives anyone with access to that machine full domain privilages if they manage to edit the local admin group.  It is more secure to lock this down to a certain AD group only.

Search

Can we leverage ARS 6.9 to show AD password in “clear texts”?

November 26, 2013, 5:36 pm
$
0
0

Can we leverage ARS 6.9 to show AD password in “clear texts”? preferrably on the webconsole?

this needs to be only visible for authorized users?

Always problems with Bound Listboxes

August 3, 2009, 6:13 am
$
0
0
Hi, I can't seem to understand the bound listboxes feature.
I mean, it seems as though it behaves quite irradically and spontaneous.

I installed the bound listboxes on a fresh ARS Server, edited the two xml-files from the examples and loaded these in the Web Interface tool.
Then, I quit and restartet the ARS Console and also ran "iisreset" on the server.
Started IE and immediatly found "ExtensionAttribute1" to "15", just like the readme says.

However, I had custom names for two attributes (only specified two in the xml files), but somehow only ExtensionAttribute2 actually had the name I specified.
ExtensionAttribute1 was still called "Custom Attribute 1".

So, still having the Web Interface tool still up (without changing a single thing besides removing the recently added extension attributes from the web interface) I clicked "Undo" and looked over the xml files again. Didn't see anything wrong and tried to load the xml files in again.

Now, I can't find the attributes anywhere. Neither in "Add entry --> Select", nor "Add entry --> Create"
Previously I saw all attributes, even up to 15. Now I can't even see any of them.
And actually, when trying to insert them via "Add entry --> Create", I cannot even find ExtensionAttribute 1 and 2. But 3 and up to 15 is there.
I have also looked to see if the attributes are there but with my custom names. And they are not there.

Is this normal? These are my XML files:

Location.xml
[code]
<?xml version="1.0"?>
<WIConfig>
<Server name="">
<Customization Version="30">
<edsaWIEntries xmlns="arswi:customization-entries">
<Entries>
<FormEntry ID="LocationListData_1"
ResID="A"
Properties="extensionAttribute1"
EntryType="0"
FunctionAction="CE_EDS"/>
<FormEntry ID="LocationListData_2"
ResID="B"
Properties="extensionAttribute2"
EntryType="0"
FunctionAction="CE_EDS"/>
</Entries>
</edsaWIEntries>
<edsaWIStrings>
<Resources>
<Res ID="A" Value="LocationName"/>
<Res ID="B" Value="CompanyName"/>
</Resources>
</edsaWIStrings>
</Customization>
</Server>
</WIConfig>
[/code]
This is the LocationListData.xml:

[code]
<?xml version="1.0" encoding="utf-8" ?>
<Root>
<Configuration>
<Control name="extensionAttribute1"
values="Root/Data/Level1/@value">
<Control name="extensionAttribute2"
values="Root/Data/Level1[@value=extensionAttribute1]/Level2/@value">

</Control>
</Control>
</Configuration>
<Data>
<Level1 value="City1">
<Level2 value="Test1"/>
<Level2 value="Test2"/>
<Level2 value="Test3"/>
<Level2 value="Test4"/>
<Level2 value="Test5"/>
</Level1>
<Level1 value="City2">
<Level2 value="Test1"/>
<Level2 value="Test2"/>
<Level2 value="Test3"/>
<Level2 value="Test4"/>
<Level2 value="Test5"/>
</Level1>
</Data>
</Root>
[/code]
Can anyone see anything wrong with these files? Are there any pitfalls?

Number of Days since last logon.

March 15, 2011, 5:23 am
$
0
0
Hi List,

Looking at the account tab of a user account using the QARS Active Directory tool displays the last logon date, and the amount of days (as an integer) since the last logon.  Does anyone know if these, especially the latter, are accessible programatically, via VBScript or Powershell?

Thanks in Advance,



Message was edited by: BDS74

Script module not working after upgrade to 6.9

February 6, 2014, 1:24 pm
$
0
0

I have a script that triggers onGetEffectivePolicy.  After I upgraded from ARS 6.8 to 6.9, it appears that the script does not ever get called.  Has something changed with the handling of onGetEffectivePolicy?

The script is used to provide a drop-down list containing possible values for an attribute and a default value based upon the OU in which the user is being created.

I've removed the script from this discussion because the issue was with the managment shell, not the script.

Upload photo to AD via ARS

August 7, 2012, 9:02 am
$
0
0

Hi All,

 

I would like to allow users to upload their photo to AD via Active Roles Server web interface, i know there are several third party software that can be used but I would like to offer this via web interface even if it will be calling one of these programs in the background. Any assistance will be greatly appreciated and thanks in advance.

Viewing all 1277 articles
Browse latest View live
Search