IDN : AD After modify rule Query

Hi Folks -

We have a requirement to trigger a powershell script when an account’s attribute gets modified in AD.

I have created an after modify script which is working for ANY modification on user’s AD account. My question is -

1- Is there a way we can have after modify script trigger for a specific attribute only?

2- Also the script seems to trigger again for the same user base, is there a way to limit the script to NOT trigger if it has already done for a user?

Any advise would be highly appreciated.
Regards,
Adi

For #1, you could incorporate a check into the after script to verify whether the account request includes a particular attribute. If so, proceed with the action.

Thanks Sunny , account request does not seem to have that attribute even though its in AD -
After modify logs -

image1391×277 41.6 KB

User’s attribute in AD, FYI - I am looking for description field -

image1056×467 18.8 KB

Hi @AdiSharmaBupa,

AfterModify will trigger every time there is an update for a user. It will trigger for any attribute change or Group add/remove. I don’t think there is any way to restrict it for a particular attribute.

As mentioned by @sunnyajmera you can only restrict what the PS script would do once it starts execution.

May be the user base you have mentioned is having multiple updates (group updates + attribute updates) and that could be the reason the AfterModify is triggering multiple times.

Hey ADitya, you can do the following:

if ($requestString.Contains('value="*******"') -and $requestString.Contains('op="Add"') -and $requestObject.IsModify()) {
        
       /*DO WHATEVER /// call the script
            
    }    

that way the Script is going to trigger only if the options exist on the plan,

Cheers!

Thanks Ivan - I’ll give it a shot.