Block bulk updates

We've had a fun incident yesterday where someone accidentally used a Set cmdlet instead of Get and disabled approx. 70 accounts. Luckily it was all IT staff, so manageable once the initial panic was over and we worked out what had happened.

This has raised an interesting point though, is there a way to stop people from applying updates to multiple accounts?

I cannot think of anything as updates are applied one record at a time, but would be interested to hear if anyone has found a solution for this.

Top Replies

Stu.Pollock 8 days ago +1

Morning jody gilbert

Glad you managed to roll back the changes, and everyone's up and running again.

Potentially yes, you'd want a workflow. In the workflow, I'd have an If/Else branch activity step…

0 Stu.Pollock 8 days ago
Morning jody gilbert

Glad you managed to roll back the changes, and everyone's up and running again.

Potentially yes, you'd want a workflow. In the workflow, I'd have an If/Else branch activity step on the pre-operation part, where the IF condition calls a script, which checks if the administrator has made <x> number of changes in the last <y> period of time, if they have it would return true, otherwise false. In the True side of the branch, place a Stop/Break activity step.

You could also add a trigger condition, so that if the administrator has something set against their account, or is a member of a particular group, that the workflow doesn't fire, for those events when you do want to make bulk updates.

I've use the Get-QARSOperation commandlet to look at the number operations performed by the administrator, something like the below.

$samAccountName = ""; $DN = "" $Request.whoami([ref]$SamAccountName,[ref]$DN) $LimiationPeriod = -50 $MaxOperationsInPeriod = 10 $Operations = Get-QARSOperation -InitiatedBy $DN -InitiatedAfter (Get-Date).AddDays($LimiationPeriod) -Proxy If($Operations.Count -ge $MaxOperationsInPeriod) { Return $TRUE } Else { Return $FALSE }
Cancel
Up +1 Down

Reply

Verify Answer

Cancel