Query to find user with specific virtual attributes empty and send by email on a schedule

The below is an OOTB way of doing it, without any requirement to write any code (PowerShell, VBScript etc)

1. Navigate to Configuration | Policies | Workflows, then in to a container of choice within Workflow (In my case the container I created called “Community”)
2. Right click the container you want to created you workflow in, and select New | Workflow

3. Click Next on the “Welcome to the New Workflow Wizard” page (if prompted)

4. Enter a Name and Description for your Workflow on the “Name and Description” page of the wizard, then click Next

5. On the “Workflow Type” page, select “On user demand or on a schedule basis (automation workflow)” as you want this to be run on a schedule, then click Next

6. Then click Finish

7. Double click on the newly created workflow to open up the editor

8. This will display a blank automation workflow

9. Drag a Search activity step onto the workflow

10. Double click the Search for objects step on the workflow to open its properties, change the Name and set a description

11. Click on the Scope and filter tab, and set the search conditions, IE:
    1. Change Find from “All objects” to “Users”

1. Change In from “Active Directory” to the search root to OU where all your are located (or a parent OU)

1. Change the search scope from “Retrieve only immediate child objects of the Organizational Unit and container” to “Retrieve any objects held in the Organizational Unit or container)

1. Within the Search options under the Filter category you’ll need to define in a “OR” group, the attributes you’re looking for which are blank

1. To change the default “AND” group to an “OR” group, click on the green text (not the Green Add icon)

1. Select Convert Condition group to | OR group

• Then for each attribute you want to check against a user (repeat for each)
  1. Add a condition to the group by clicking the green Add Icon

2. Click “Configure condition to evaluate”

3. Select the attribute you want to use (if its not list choose More Choices, then select from the list)

4. Click on “Equals”, and change from “equals” to “is empty”

5. The filter condition will appear like the below either of the below screenshots

6. Repeat these steps for each attribute you wish to check from step iii

1. Click ok

1. From the list of basic activities, add a “Add Report Section” activity step within search activity step.

1. Double click Add report section step

1. Ener a name and section

1. Click Define in the header of the report section and select text string

1. Define your text string with username, and each attribute (this is the headers)
2. For each of the attributes added to the header section of the report, each attribute represented should be added in the same order in the body section, repeat the below steps for each attribute
   1. Click Add Text, then select Property of object from workflow data context

1. Click the Click to choose option next to target object, and select more choices

• Select Found Object, and select your search activity and click Ok

1. Click the Click to choose next to Target Property, and select more choice

1. Select the require attribute and click ok

1. Click Ok

• Repeat from i for any remaining attributes

1. Click Ok once all attributes have been added, please also add a semi colon entry between each attribute

12. Drag the notification activity steps on to the workflow after the search activity step

13. Double click the Notification rule to open the properties

14. Set the Name and Description

15. Click on the Notification Tab and click Add

16. Define whom should receive the email notification

17. Click on the Notification Message tab and select Attach a report of the workflow execution to notification message (you may also want to change the message done via the modify screen, but this is not covered here), then click ok

18. Click Ok

19. Click Save Changes

20. To test the workflow click Run Workflow, once complete the run history will be displayed on screen

21. Also the recipient defined above will get a copy of the run history attached to an email:

There are other options available, this is just one possibility.

My personal preferred/option would be to script it then run the script in the automation workflow.

Do you know the cause of these attributes being blank? Is it some sync that’s not adding these values, or updating via native tools (ADUC for example)?

If they are being left blank on user creation, or cleared in the ARS client tools (Console, Web Interface, ARS PowerShell or ARS ADSI Provider), then it might be worth looking into Administration Policies, and setting rules where those attributes must be populated.

The below is an OOTB way of doing it, without any requirement to write any code (PowerShell, VBScript etc)

1. Navigate to Configuration | Policies | Workflows, then in to a container of choice within Workflow (In my case the container I created called “Community”)
2. Right click the container you want to created you workflow in, and select New | Workflow

3. Click Next on the “Welcome to the New Workflow Wizard” page (if prompted)

4. Enter a Name and Description for your Workflow on the “Name and Description” page of the wizard, then click Next

5. On the “Workflow Type” page, select “On user demand or on a schedule basis (automation workflow)” as you want this to be run on a schedule, then click Next

6. Then click Finish

7. Double click on the newly created workflow to open up the editor

8. This will display a blank automation workflow

9. Drag a Search activity step onto the workflow

10. Double click the Search for objects step on the workflow to open its properties, change the Name and set a description

11. Click on the Scope and filter tab, and set the search conditions, IE:
    1. Change Find from “All objects” to “Users”

1. Change In from “Active Directory” to the search root to OU where all your are located (or a parent OU)

1. Change the search scope from “Retrieve only immediate child objects of the Organizational Unit and container” to “Retrieve any objects held in the Organizational Unit or container)

1. Within the Search options under the Filter category you’ll need to define in a “OR” group, the attributes you’re looking for which are blank

1. To change the default “AND” group to an “OR” group, click on the green text (not the Green Add icon)

1. Select Convert Condition group to | OR group

• Then for each attribute you want to check against a user (repeat for each)
  1. Add a condition to the group by clicking the green Add Icon

2. Click “Configure condition to evaluate”

3. Select the attribute you want to use (if its not list choose More Choices, then select from the list)

4. Click on “Equals”, and change from “equals” to “is empty”

5. The filter condition will appear like the below either of the below screenshots

6. Repeat these steps for each attribute you wish to check from step iii

1. Click ok

1. From the list of basic activities, add a “Add Report Section” activity step within search activity step.

1. Double click Add report section step

1. Ener a name and section

1. Click Define in the header of the report section and select text string

1. Define your text string with username, and each attribute (this is the headers)
2. For each of the attributes added to the header section of the report, each attribute represented should be added in the same order in the body section, repeat the below steps for each attribute
   1. Click Add Text, then select Property of object from workflow data context

1. Click the Click to choose option next to target object, and select more choices

• Select Found Object, and select your search activity and click Ok

1. Click the Click to choose next to Target Property, and select more choice

1. Select the require attribute and click ok

1. Click Ok

• Repeat from i for any remaining attributes

1. Click Ok once all attributes have been added, please also add a semi colon entry between each attribute

12. Drag the notification activity steps on to the workflow after the search activity step

13. Double click the Notification rule to open the properties

14. Set the Name and Description

15. Click on the Notification Tab and click Add

16. Define whom should receive the email notification

17. Click on the Notification Message tab and select Attach a report of the workflow execution to notification message (you may also want to change the message done via the modify screen, but this is not covered here), then click ok

18. Click Ok

19. Click Save Changes

20. To test the workflow click Run Workflow, once complete the run history will be displayed on screen

21. Also the recipient defined above will get a copy of the run history attached to an email:

There are other options available, this is just one possibility.

My personal preferred/option would be to script it then run the script in the automation workflow.

Do you know the cause of these attributes being blank? Is it some sync that’s not adding these values, or updating via native tools (ADUC for example)?

If they are being left blank on user creation, or cleared in the ARS client tools (Console, Web Interface, ARS PowerShell or ARS ADSI Provider), then it might be worth looking into Administration Policies, and setting rules where those attributes must be populated.