Retrieve the list of users from a policy

Information

You can download the script for retrieving the list of users from an Axidian policy from this link.

Prerequisites

• The Active Directory module for PowerShell installed on Windows Server.
• A working Axidian Access server.
• The user on whose behalf the script will be run must have the minimal global Inspector rights.

How the script works

The script exports the list of users from the specified policy in CSV format. The user attributes UserPrincipalName and displayName are exported.

1. The script iterates over the policy identifiers from the array in the configuration file Config.ps1.
2. Using the /api/v5/policy/get method, information about the policy is requested.
3. From the scope property, information about the configured objects is requested using the /api/v5/userCatalog/getObjects method.
4. From the obtained objects, users are requested:
   • Using the Get-ADGroup cmdlet in the getUsersCN function of the file Base/AdditionalFunctions/GetUsers.ps1 for an Active Directory group.
   • Using the Get-ADUser cmdlet in the getUsersOU function of the file Base/AdditionalFunctions/GetUsers.ps1 for an Active Directory organizational unit.
   • Using the Get-ADUser cmdlet in the getADUser function of the file Base/AdditionalFunctions/GetUsers.ps1 for an Active Directory user.
5. Using the addDataForUserInPolicyReportCsv function of the file Scenarios/Reports/CsvReport.ps1, a table in CSV format is assembled.

Configuration

1. In the file Config.ps1, in the $serverUrl variable, specify the address of the Axidian Access server in the format https://axidian.access.local/.
2. In the $logServerUrl variable, specify the address of the Log Server in the format https://axidian.access.local/.
3. In the $policyIds variable, specify the identifier of the target policy in the format @('2fc7eeec-5adf-4a50-bad3-ba04585c76cd'). You can specify several separated by a comma @('2fc7eeec-5adf-4a50-bad3-ba04585c76cd','7436daa7-abf7-437b-991f-0e89cc9f1b9b').

Tip

You can find the policy identifier in the Management Console. Open the desired policy; the identifier is contained in the browser address bar in the policyId variable.

The file with the exported users is saved in the directory $ScriptDirectory\Reports\UserInPolicyReport. If you want to save the file in another location, specify the path in the $pathReportUserInPolicyReport variable in the file Config.ps1.

To run the script, execute the file Start.ps1 using PowerShell.