Get-QARSOperation
From PowerGUI Wiki
Retrieve operation records from ActiveRoles Server. Each operation record represents a certain change request, whether pending or completed, in ActiveRoles Server.
This cmdlet is part of the Quest ActiveRoles Server product. Use Get-QARSProductInfo to view information about ActiveRoles Server.
Contents |
Syntax
Get-QARSOperation [[-TargetObject] <IdentityParameter[]>] [-AttributesChanges <hashtable>] [-ChangedAttributes <string[]>] [-CompletedAfter <DateTimeParameter>] [-CompletedBefore <DateTimeParameter>] [-CompletedOn <DayParameter>] [-CompletedRecently <RelativeDateTimeParameter>] [-Connection <ArsConnection>] [-ConnectionAccount <string>] [-ConnectionPassword <SecureString>] [-Credential <PSCredential>] [-InitiatedAfter <DateTimeParameter>] [-InitiatedBefore <DateTimeParameter>] [-InitiatedBy <IdentityParameter[]>] [-InitiatedByMe] [-InitiatedOn <DayParameter>] [-InitiatedRecently <RelativeDateTimeParameter>] [-OperationID <string[]>] [-OperationStatus <OperationStatus[]>] [-OperationType <OperationType[]>] [-ParentContainer <IdentityParameter[]>] [-Proxy] [-Service <string>] [-SizeLimit <int>] [-TargetObjectType <string[]>] [-UseGlobalCatalog] [<CommonParameters>]
Detailed Description
Use this cmdlet to retrieve information about requests to make changes to directory data using ActiveRoles Server. Each request causes an operation record to be created in the ActiveRoles Server Management History data store. The cmdlet provides access to operation records, allowing you to examine:
Change History Information on changes that were made to particular pieces
of directory data (directory objects and their attributes)
using ActiveRoles Server.
User Activity Information on directory data changes that were made
by particular users.
For a discussion of the Management History feature, see "Management History" in the ActiveRoles Server Administrator Guide.
An operation record may represent a change request that is waiting for approval in ActiveRoles Server. Such operation records are created whenever the requested changes require approval in accord with the ActiveRoles Server approval rules, and include information about the associated approval tasks. Once all approval tasks associated with an operation are completed, the respective operation record is marked completed and the requested changes are either applied or denied depending the approvers' resolutions on the approval tasks (Approve or Reject). For more information about the change approval function, see "Approval Workflow" in the ActiveRoles Server Administrator Guide.
The objects returned by this cmdlet represent operation records that meet the search conditions specified, allowing you to access information about the respective change requests. You can discover what changes were requested, when and by whom change requests were initiated, when the requested changes were applied, as well as get identities of operation records for further processing such as retrieval and accomplishment of approval tasks.
The cmdlet has optional parameters that determine the server and the security context for the operation. The connection parameters could be omitted since a connection to a server is normally established prior to using this cmdlet. In this case, the server and the security context are determined by the Connect-QADService cmdlet.
If you do not use Connect-QADService and have no connection established prior to using a cmdlet, then the connection settings, including the server and the security context, are determined by the connection parameters of the first cmdlet you use. Subsequent cmdlets will use those settings by default.
Note that this cmdlet requires a connection to the ActiveRoles Server Administration Service, so the Proxy parameter must be used to establish a connection.
Parameters
| Name | Description | Required? | Pipeline Input | Default Value |
|---|---|---|---|---|
| AttributesChanges | Retrieve records relating to requests for changing the specified attributes to the specified values. You can use this parameter to limit your search based on particular changes requested or made to particular attributes. Parameter value is an associative array that specifies the attributes and values you want. Array syntax:
@{attr1='val1';attr2='val2';...} In this syntax, each of the key-value pairs is the LDAP display name of an attribute and the value set on the attribute in accord with the change request. Examples: @{description="Text"} Search for requests that change Description to the text specified. @{description="Text*"} Search for requests that change Description to any value that begins with the text specified. @{description="$null"} Search for requests that clear Description. When multiple attributes are specified, the search returns the records that involve changes to all those attributes (the search conditions are combined using a logical AND operator). For information about associative arrays, type the following command at the PowerShell command-prompt: help about_associative_array | false | false | |
| ChangedAttributes | Retrieve records relating to change requests targeted at the attribute specified. Parameter value can be an array of strings, with each string representing the LDAP display name of an attribute (such as 'description' or 'sAMAccountName'). You can use this parameter to limit your search based on any changes requested or made to particular attributes. When multiple attributes are specified, the search returns the records that involve changes to any of those attributes (the search conditions are combined using a logical OR operator). | false | false | |
| CompletedAfter | Retrieve operation records for the change requests that were completed after the date specified. Parameter value can be a DateTime object or a string that specifies the date you want. Thus, you can supply "Today" as a parameter value. | false | false | |
| CompletedBefore | Retrieve operation records for the change requests that were completed before the date specified. Parameter value can be a DateTime object or a string that specifies the date you want. Thus, you can supply "Today" as a parameter value. | false | false | |
| CompletedOn | Retrieve operation records for the change requests that were completed within the date specified. Parameter value can be a DateTime object or a string that specifies the date you want. Thus, you can supply "Today" as a parameter value. | false | false | |
| CompletedRecently | Retrieve operation records for the change requests that were completed during the recent time period specified. Parameter value is a TimeSpan object that specifies the time period you want. For example, if you supply a time span of 3 days, the cmdlet searches for the change requests completed during the last 3 days. | false | false | |
| Connection | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| ConnectionAccount | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| ConnectionPassword | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Credential | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| InitiatedAfter | Retrieve operation records for the change requests that occurred after the date specified. Parameter value can be a DateTime object or a string that specifies the date you want. Thus, you can supply "Today" as a parameter value. | false | false | |
| InitiatedBefore | Retrieve operation records for the change requests that occurred before the date specified. Parameter value can be a DateTime object or a string that specifies the date you want. Thus, you can supply "Today" as a parameter value. | false | false | |
| InitiatedBy | Retrieve operation records for the changes that were requested by the security principal (such as a user) specified. Parameter value can be an array of strings, with each string representing the Distinguished Name (DN), Canonical Name, Domain\Name, User Principal Name, SID or GUID of a security principal object in Active Directory. You can use this parameter to retrieve information about changes to directory data made by a particular person (user activity). | false | false | |
| InitiatedByMe | Retrieve operation records for the changes that were requested by the security principal (such as a user) in whose security context the cmdlet is currently running. | false | false | |
| InitiatedOn | Retrieve operation records for the change requests that occurred within the date specified. Parameter value can be a DateTime object or a string that specifies the date you want. Thus, you can supply "Today" as a parameter value. | false | false | |
| InitiatedRecently | Retrieve operation records for the change requests that occurred during the recent time period specified. Parameter value is a TimeSpan object that specifies the time period you want. For example, if you supply a time span of 3 days, the cmdlet searches for the records regarding change requests that occurred during the last 3 days. | false | false | |
| OperationID | Retrieve an operation record by ID. Parameter value is the string ID of the operation to retrieve (you can view operation ID in the Approval section of the ActiveRoles Server Web Interface). | false | false | |
| OperationStatus | Retrieve operation records for the change requests that are completed (the changes are applied or rejected) or pending (awaiting approval). Parameter value can be one of the following:
Canceled Completed Denied Failed InProgress Pending If this parameter is omitted, operation records are retrieved for any requests. | false | false | |
| OperationType | Retrieve records for the change requests of the category specified. Valid parameter values are:
Create Delete Copy Modify GroupMembershipChange Move Rename Deprovision UndoDeprovision Parameter value can be any combination of the listed values, separated by commas. For example, 'Create,Modify' limits the search to the requests for changing attributes of existing objects or creation of new objects. If this parameter is omitted, records are retrieved regardless of the change request category. | false | false | |
| ParentContainer | Retrieve operation records for the change requests targeted at directory objects that reside in the container (such as an organizational unit) specified. Parameter value can be an array of strings, with each string representing the Distinguished Name (DN), Canonical Name, or GUID of a container object in the directory. You can use this parameter to retrieve information about changes made to directory object in a particular container. | false | false | |
| Proxy | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Service | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| SizeLimit | Set the maximum number of items to be returned by the cmdlet. Normally, the default size limit is 1000. You can view or modify this default setting by using the Get- or Set-QADPSSnapinSettings cmdlet, respectively. | false | false | |
| TargetObject | Retrieve operation records for the change requests targeted at the directory object specified. Parameter value can be an array of strings, with each string representing the Distinguished Name (DN), Canonical Name, Domain\Name, User Principal Name, SID or GUID of a directory object. You can use this parameter to retrieve information about changes made to a particular object in the directory (change history). | false | true (ByValue) | |
| TargetObjectType | Retrieve operation records for the change requests targeted at the directory objects of the object class specified. Parameter value can be an array of strings, with each string representing the LDAP display name of an object class (such as 'user' or 'organizationalUnit'). You can use this parameter to retrieve information about changes made to directory objects of a particular type. | false | false | |
| UseGlobalCatalog | For parameter description, see help on the Connect-QADService cmdlet. | false | false |
Examples
EXAMPLE 1
Get-QARSOperation -CompletedOn 'Today' -ParentContainer 'test.domain.com/container' -TargetObjectType 'user' -OperationType 'Modify' |
%{$_.TargetObjectInfo.DN} |
Group-Object |
%{$_.Name}
Description
List the user accounts from a particular container that were changed on the current date.
EXAMPLE 2
Get-QARSOperation -CompletedOn (get-date -year 2008 -month 9 -day 1) -ParentContainer 'test.domain.com/container' -TargetObjectType 'Group' -OperationType 'Create' |
%{$_.TargetObjectInfo.DN} |
Group-Object |
%{$_.Name}
Description
List the groups that were created in a particular container on September 1, 2008.
EXAMPLE 3
Get-QARSOperation -CompletedRecently ([TimeSpan]::FromDays(30)) -TargetObject 'domainName\groupName' -OperationType 'GroupMembershipChange' |
%{$_.InitiatorInfo.NTAccountName} |
Group-Object |
%{$_.Name}
Description
List the names of the security principals that added or removed members from a particular group during last month.
EXAMPLE 4
Get-QARSOperation -TargetObject 'domain\user' -OperationType 'Modify' -ChangedAttributes 'edsaPassword' |
%{$_.InitiatorInfo.NTAccountName} |
Group-Object |
select Name
Description
List the names of the security principals that changed or reset the password of a particular user account.
EXAMPLE 5
Get-QARSOperation -CompletedRecently ([TimeSpan]::FromDays(7)) -TargetObjectType user -ParentContainer 'test.domain.com/container' -InitiatedBy 'MyDomain\JSmith' |
%{$_.TargetObjectInfo.DN}
Description
List all user accounts from a particular container that were changed by the user 'MyDomain\JSmith' during last week.
EXAMPLE 6
Get-QARSOperation -TargetObject 'domain\user' -ChangedAttributes l,streetAddress -CompletedOn ((get-date).AddDays(-1)) |
%{$_.InitiatorInfo.NTAccountName} |
Group-Object |
select Name
Description
List the names of the security principals that changed the City (l) or Street Address (streetAddress) attribute on the account of a particular user account yesterday.
EXAMPLE 7
Get-QARSOperation -ParentContainer test.domain.com/container -TargetObjectType group -OperationType 'GroupMembershipChange' -CompletedAfter (get-date -year 2008 -month 9 -day 15 -hour 0 -minute 0 -second 0) -CompletedBefore (get-date -year 2008 -month 9 -day 30 -hour 23 -minute 59 -second 59) |
%{$_.TargetObjectInfo.DN} |
Group-Object |
%{$_.Name}
Description
List the groups from a particular container that had the membership list (Members attribute) changed during the time period from September 15, 2008 to September 30, 2008.
