################################################################################################################################
# Intellectix Inc. - SCRIPT - POWERSHELL #
# NAME: SSPR_Reporting.ps1 #
# #
# AUTHOR: Matt Brooks, Intellectix Inc. #
# DATE: 11 March 2016 #
# EMAIL: matthew.brooks@intellectix.com #
# #
# COMMENT: # This script allows for the collection of data related to FIM SSPR and has the following capabilities: #
# 1 - Reports on the first name, last name, account name etc. of users who have not registered for SSPR. #
# 2 - Reports on the number of users who have successfully reset their password or unlocked their account in the past 30 days. #
# 3 - Reports on the number of users who have not registered for SSPR, the number of users who have registered. #
# 4 - Outputs data to CSV files and saves to file store. #
# 5 - Sends an HTML formated mail message containging the same data. #
# #
# VERSION HISTORY #
# 1.0 03.11.2016 Initial Version. #
# #
################################################################################################################################
# Set the FIM Resource Management Service address. The PowerShell script connects to FIM at this location
set-variable -name URI -value "http://localhost:5725/resourcemanagementservice" -option constant
# Ensure the FIM PowerShell snapin is loaded
If(@(Get-PSSnapin | Where-Object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {Add-PSSnapin FIMAutomation}
# Get ObjectID for 'Password Reset AuthN Workflow' WF
$AuthN_Filter = "/WorkflowDefinition[DisplayName='Password Reset AuthN Workflow']"
$AuthN_Export = export-fimconfig -uri $URI –onlyBaseResources -customconfig ($AuthN_Filter) -ErrorVariable Err -ErrorAction SilentlyContinue
$AuthN_ObjectID = (($AuthN_Export.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq "ObjectID"}).value).split(":")[2]
# Get ObjectID for '_Standard Users' Set
$StandardUser_Filter = "/Set[DisplayName='_Standard Users']"
$StandardUser_Export = export-fimconfig -uri $URI –onlyBaseResources -customconfig ($StandardUser_Filter) -ErrorVariable Err -ErrorAction SilentlyContinue
$StandardUser_ObjectID = (($StandardUser_Export.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq "ObjectID"}).value).split(":")[2]
# Get ObjectID for 'Anonymous users can reset their password' MPR
$ResetPasswordMPR_Filter = "/*[DisplayName='Anonymous users can reset their password']"
$ResetPasswordMPR_Export = export-fimconfig -uri $URI –onlyBaseResources -customconfig ($ResetPasswordMPR_Filter) -ErrorVariable Err -ErrorAction SilentlyContinue
$ResetPasswordMPR_ObjectID = (($ResetPasswordMPR_Export.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq "ObjectID"}).value).split(":")[2]
# Establish filters for objects that will be queried
$RegisteredUsers_Filter = "/Person[AuthNWFRegistered = '$AuthN_ObjectID']"
$NotRegisteredUsers_Filter = "/Person[(ObjectID = /Set[ObjectID = '$StandardUser_ObjectID']/ComputedMember) and (not(AuthNWFRegistered = '$AuthN_ObjectID'))]"
$PasswordResetRequests_Filter = "/Request[ManagementPolicy='$ResetPasswordMPR_ObjectID'and RequestStatus='Completed']"
#Export Filtered FIM Config
$UsersRegistered_Export = export-fimconfig -uri $URI –onlyBaseResources -customconfig ($RegisteredUsers_Filter) -ErrorVariable Err -ErrorAction SilentlyContinue
$UsersNotRegistered_Export = export-fimconfig -uri $URI –onlyBaseResources -customconfig ($NotRegisteredUsers_Filter) -ErrorVariable Err -ErrorAction SilentlyContinue
$PasswordResetRequests_Export = export-fimconfig -uri $URI –onlyBaseResources -customconfig ($PasswordResetRequests_Filter) -ErrorVariable Err -ErrorAction SilentlyContinue
# Build a table of users containing Display Name, Account Name, and Account Type properties for users who have NOT registered for SSPR
[array]$UsersNotRegistered = $Null
foreach($Object in $UsersNotRegistered_Export)
{
$ResetPassNotRegistered = New-Object PSObject
$UserDisplayName = (($Object.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq "DisplayName"}).Value)
$UserAccountName = (($Object.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq "AccountName"}).Value)
$UserAccountType = (($Object.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq "AccountType"}).Value)
$UserEmployeeType = (($Object.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq "EmployeeType"}).Value)
$UserDepartment = (($Object.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq "Department"}).Value)
$UserEmail = (($Object.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq "Email"}).Value)
$ResetPassNotRegistered | Add-Member NoteProperty "Display Name" $UserDisplayName
$ResetPassNotRegistered | Add-Member NoteProperty "Account Name" $UserAccountName
$ResetPassNotRegistered | Add-Member NoteProperty "Account Type" $UserAccountType
$ResetPassNotRegistered | Add-Member NoteProperty "Employee Type" $UserEmployeeType
$ResetPassNotRegistered | Add-Member NoteProperty "Department" $UserDepartment
$ResetPassNotRegistered | Add-Member NoteProperty "Email" $UserEmail
$UsersNotRegistered += $ResetPassNotRegistered
}
# Export a list of users who have NOT registered for SSPR to a CSV file
$TodaysDate = Get-Date -uformat "%Y_%m_%d_%H_%M"
$FileNameNotRegistered = "SSPR_NotRegistered_" + $TodaysDate + ".csv"
$CSV_Location_UsersNotRegistered = "C:\FIM_SSPR_Reporting\Reports\" + $FileNameNotRegistered
$UsersNotRegistered | export-csv -NoTypeInformation -path $CSV_Location_UsersNotRegistered
# Export the count of users registered and NOT registered for SSPR as well as the number of successful password resets in the last 30 days and appends the output as a row to an existing CSV file
$CSV_Location_Count = "C:\FIM_SSPR_Reporting\Reports\SSPR_UserCounts.csv"
new-object PSObject -Property @{ Not_Registered = $UsersNotRegistered_Export.Count ; Registered = $UsersRegistered_Export.Count ; ResetRequestsLast30Days = $PasswordResetRequests_Export.count ; Date = $TodaysDate } | export-csv $CSV_Location_Count -NoTypeInformation -append
# HTML Style formatting for Email
$a = ""
$SMTP = "corpdc01.corp.local"
$to = "mbrooks@corp.local"
$From = "NoReply@corp.local"
$Subject = "FIM SSPR Report"
$DateForEmail = get-date -DisplayHint Date
$DateForEmailTrimmed = ($DateForEmail | Out-String).Trim()
$Body = "FIM SSPR Report
"
$Pre = "This email report contains both metric and end user data related to FIM SSPR as of " + "$DateForEmailTrimmed." + "
" + `
"Number of users registered for SSPR: " + $UsersRegistered_Export.count + "
" + `
"Number of users not registered for SSPR: " + $UsersNotRegistered_Export.count + "
" + `
"Number of password resets or account unlocks in the last 30 days: " + $PasswordResetRequests_Export.count + "
" + `
"The table below lists all users who have not registered for SSPR. There are two CSV files attached to this email. One contains the same data found " + `
"in the table below and the other contains the historical metric data for trend analysis. " + `
"All reports are stored on the FIM Sync Server at C:\FIM_SSPR_Reporting\Reports." + "
" | out-string
$BodyHTML = $UsersNotRegistered | ConvertTo-Html -Head $a -PreContent $Pre -Body $Body
$BodyString = $BodyHTML | out-string
# Send mail
send-MailMessage -SmtpServer $SMTP -To $To -From $From -Subject $Subject -Body $BodyString -BodyAsHtml -Attachments $CSV_Location_UsersNotRegistered, $CSV_Location_Count
# Out to HTML File for Testing
$bodystring | Out-File c:\temp\out.html