Programmatically (PowerShell) checking user objects for policy violations

Are there any examples in PowerShell to programmatically check certain user objects for policy compliance?

A few dozen policies are applied to user object during the provisioning process through Active Roles in our environment. How to identify objects which may have been created outside of Active Roles that are not in compliance with the same set of policies?

0 srinivas baradwaja 13 days ago

I will attempt to rephrase this question with more details:

We have an environment where most if not all user accounts are provisioned through Active Roles Web UI where a couple of dozen well-defined policies (including PowerShell scripts) are applied during the provisioning process. However, some user objects do get created outside of Active Roles directly in Active Directory which is unavoidable. Due to this, we now have a requirement to capture such user objects (which live in the same OU as the Active Roles-provisioned users but are easily identifiable), check if they are compliant with the defined user provisioning policies, and report anomalies. The manual process equivalent to this requirement is how one would select a user object from the console, right-mouse click and select "Check Policy", but this needs to be done periodically and programmatically.

I have looked through all of QAD CmdLets and did not see anything that I found useful. I have also tried to modify such user accounts using Set-QADUser hoping that would internally apply the defined policies but to no avail; the changes were successful, yet the user object remained non-compliant with the policies.

Any help would be greatly appreciated.

Thank you.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel