Skip to main content

Create reports

Information

You can download the script for creating reports from this link.

Prerequisites

  • The Active Directory module for PowerShell installed on Windows Server.
  • A working Axidian Access server.
  • The user on whose behalf the script will be run must have the minimal global Inspector rights in the Axidian Access system.

How the script works

The script generates reports according to prepared scenarios. The Axidian Access Core API and Axidian Access Log Server are used to create the reports.

The script supports configuring filtering for generating a report:

  • selection from a user catalog container,
  • selection by a specific user,
  • selection by date.

Filters

The Container field

The field is intended for selecting the organizational units in the domain in which the search for users will be performed. The value Entire Catalog means that the root catalog with the user catalog used by the Axidian Access server is selected.

The search for organizational units from the user catalog is performed using the searchContainers method in the corresponding function in the file Base/AMAPI/UserCatalog.ps1.

Note

The export of containers is performed from the user catalog. The value in the field is not editable.

The name of the root user catalogs specified in the Core Server configuration file is not displayed.

To select the required organizational unit from the catalog, do the following:

  1. Click the Select button.

  2. In the drop-down list of the Containers window, select a container and click Ok.

The Groups field

The field is intended for searching for groups in the domain or in the organizational unit that was selected in the Container field. Default value Not set.

The search for the user is performed using the searchGroups method in the corresponding function in the file Base/AMAPI/UserCatalog.ps1.

The preparation of the request using the specified filters is performed in the searchGropsUseFilters function in the file Scenarios/Reports/SearchUseFilters.ps1.

The Active Directory Name parameter is taken into account in the search.

To search for a group, select a container if necessary and enter the group name. If no data is specified, then all groups from the user catalog will be found.

The User or initiator field

The field is intended for searching for a user in the domain; in the organizational unit that was selected in the Container field; the group from the Groups field. Default value Not set.

The search for the user is performed using the searchUsers method in the corresponding function in the file Base/AMAPI/UserCatalog.ps1.

The preparation of the request using the specified filters is performed in the searchUsersUseFilters function in the file Scenarios/Reports/SearchUseFilters.ps1.

The following parameters are taken into account in the search:

  • ContainerId — identifier of the container in which the search for the user will be performed. The parameter is used if an organizational unit was selected in the Container field.
  • FirstName, MiddleName, LastName, PrincipalName, Name — the corresponding values of the user's attributes from Active Directory.
Note

All parameters are used with the logical operation OR.

To search for users, you can click the Select button and select all the users found.

To search for a user, you can specify part of the name; at the end of the specified part, add the * character.

Configuration

For the script to work, you need to configure the Config.ps1 file, which is located in the root of the folder with the script.

Important!

This section describes the general configuration of the script. Individual reports may require additional configuration.

In the file:

  • $domainName — the domain name is specified. Required parameter.
  • $eventsCount — limit on the export of events. Optional parameter. By default, the number of events received is not limited, the parameter is commented out.
  • $serverUrl — URL of the Axidian Access server. Required parameter.
  • $logServerUrl — URL of the Axidian Access Log Server. Required parameter.
  • $logsOnFile — enabling\disabling logging to a file. Required parameter. Enabled by default.
  • $logsOnConsole — enabling\disabling logging to the console. Required parameter. Disabled by default.
  • $apiVersion — version of the API used in the script. Required parameter.

Creating a report with the number of authentications by the specified providers

In this report, a table is generated with the number of a user's authentications by an array of authenticators in a specific Axidian application, specified in the Config.ps1 file.

The creation of the report is performed in the createLogonsByProviderReport function in the file Create-reports/Scenarios/Reports/CreateReports.ps1.

Configuration

Important!

This section describes the settings for a specific report. Before starting work, you need to perform the basic configuration described in the Configuration section.

To configure, open the Config.ps1 file and do the following:

  1. In the AuthForReport variable, specify the identifier of the Axidian provider and the name for the report:

    • The values must be specified in the format Axidian provider GUID=Name for the report.

    • The GUID values of the providers can be found in the Authentication method identifiers section.

    • The name for the report can be arbitrary. This name will be used when creating the table.

      Example of configuration with domain password and fingerprint
      $AuthForReport          = @{
          'CF189AF5-01C5-469D-A859-A8F2F41ED153' = 'Password'
          'A0EF00AD-1EEB-4D48-8BCF-06E19CD5585F' = 'Fingerprint'
      }

  2. In the ApplicationId variable, the name of the Axidian integration module is specified. The list of modules can be found in the Application identifiers section.

    Example of configuration for the Windows Logon application
    $ApplicationId="Windows Logon"

  3. You can specify the format in which the report will be exported. CSV and HTML formats are supported. You can export the report in two formats simultaneously. If both variables are undefined, this will cause an export error.

    To export the report to CSV, set the CsvReport variable to true.

    $CsvReport = 'true'

    To export the report to HTML, set the HtmlReport variable to true.

    $HtmlReport = 'true'

  4. In the pathReportLogonsByProvider variable, the path to the folder where the report will be saved is specified. By default, the root of the folder with the script is used.

    $pathReportLogonsByProvider="$ScriptDirectory\Reports\LogonsByProvider"

Example of execution

  1. To start working with the script, open the PowerShell snap-in, go to the folder with the script and run the Start.ps1 file via the .\Start.ps1 command.
  2. If necessary, configure the script filters and click the Report of number of logins by providers button.
  3. After the script finishes, an HTML-format table will be generated at the path specified during configuration.