An efficient way is required to extract policy object details to analyse them.
RESOLUTION:
Script 1: The following script will provide all the details for ARS policy called "New User Creation", including the APEList (Access Policy Entry List) details located within attribute edsaapelistxml:
Connect-QADservice -Proxy | Out-Null
Get-QADObject -SearchRoot "CN=New User Creation,CN=Custom,CN=Administration,CN=Policies,CN=Configuration" -Type edsPolicyObject -includedProperties edsaAPEListXML
Script 2: The following script enlists all the policy descriptions (id 57) for ARS policy called "New User Creation":
Connect-QADservice -Proxy | Out-Null
$Policy=Get-QADObject -SearchRoot "CN=New User Creation,CN=Custom,CN=Administration,CN=Policies,CN=Configuration" -Type edsPolicyObject -includedProperties edsaAPEListXML
$APElist = [xml]$Policy.edsaAPEListXML
# Policy description
$APElist.APEList.APE | ForEach-Object { $_.parameter } | Where-Object { $_.id -eq 57 }
Script 3: The following script shows all policy descriptions (id 57) and their pattern used to generate properties (id 196):
Connect-QADservice -Proxy | Out-Null
$Policies = Get-QADObject -SearchRoot 'CN=Policies,CN=Configuration' -Type edsPolicyObject -includedProperties edsaAPEListXML
foreach ($Policy in $Policies) {
$Name = $policy.Name
$APElist = [xml]$Policy.edsaAPEListXML
# Policy
$APElist.APEList.APE | ForEach-Object { $_.parameter } | Where-Object { $_.id -eq 57 }
# pattern used to generate the value, if present
$APElist.APEList.APE | ForEach-Object { $_.parameter } | Where-Object { $_.id -eq 196 }
}
See below some id values and their meaning:
1- Error message for policy
4 - GUID of the edsScriptModule policy refers to
57 - Policy Description
196 - Pattern used to generate property (ex.: %<givenName>.%<sn>)
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center