To pass parameters to scripts, you can use value references. With their help, you can pass to script any property values of the AD object, on which the operation is performed.

For example, you can enter the following: cscript.exe registerUser.vbs -name:%username% . The value reference %username% in this line will be replaced with the value of the samAccountName of the AD object, on which the operation is performed.

Context is a pre-defined variable of the ExecuteScriptContext* type. With the help of this variable, PowerShell scripts can determine whether a property was modified during the operation, get the value entered by the user for this property, modify this value, cancel the operation, update the operation Execution Log, etc.

To cancel the current operation, you can use the Cancel(message) method.

For example:

if ($isValueInvalid)
{
   $Context.Cancel("The value is invalid.");
   return;
}

To check if the current operation modifies a property, you can use the IsPropertyModified(propertyName) method, and to get a new value of this property - the GetModifiedPropertyValue(propertyName) method. To change this value, you can use the SetModifiedPropertyValue(propertyName, propertyValue) method.

For example:

if ($Context.IsPropertyModified("samAccountName"))
{
   $newValue = $Context.GetModifiedPropertyValue("samAccountName");
   # Modify value
   $newValue = $newValue = + "1";
   $Context.SetModifiedPropertyValue("samAccountName", $newValue);
}

To check if the current operation modifies user's password, you can use the IsPasswordChanged() method, and to get the new password - the GetNewPassword() method.

For example:

if ($Context.IsPasswordChanged())
{
   $newPassword = $Context.GetNewPassword();
   ...
}

To update the Execution Log of the current operation, you can use the LogMessage(message, messageType) method. The argument messageType can take the following values: "Information", "Warning" and "Error".

For example:

$Context.LogMessage("Username has been changed, as it was not unique.", "Information");

For more details on how to use the Context variable, see Adaxes SDK*.

The following example checks whether the username of a new user is unique. If the username is not unique a digit is added in the end of it. For example, if a new user with the username jdoe is going to be created, and a user with such username already exists, then the username of a new user will be set to jdoe1 (or jdoe2, if jdoe1 already exists, etc.). You can use this script in a Business Rule executed before creating a user to automaticaly handle non-unique usernames.

Import-Module Adaxes

function IsUserNameUnique($username)
{
   $user = Get-AdmUser $username -erroraction silentlycontinue
   return $user -eq $Null;
}

# Get the username
$username = $Context.GetModifiedPropertyValue("samAccountName");
# Check if the username is unique
if (IsUserNameUnique($username))
{
    return;
}
# If the username is not unique, generate a unique one
$uniqueUsername = $Null;
for ($i = 1; $True; $i++)
{
    $uniqueUsername = $username + $i;
    if (IsUserNameUnique($uniqueUsername))
    {
        break;
    }
}
$Context.SetModifiedPropertyValue("samAccountName", $uniqueUsername);
$Context.LogMessage("The specified username is not unique, it has been changed to " + $uniqueUsername + ".", "Information");

The following example checks the length of a user password that is going to be set. If the password is shorter than 5 characters the operation is canceled and the password in not modified. You can use this script in a Business Rule executed before changing/resetting a password to verify that all user have password at least 5 characters in length.

# Script parameters
$PasswordMinLength = 5;

# Get the password that is going to be set
$newPassword = $Context.GetNewPassword();

if ($newPassword.Length -lt $PasswordMinLength)
{
    $Context.Cancel("The password is too short.");
    return;
}