使用本節中的指令碼,針對指派給環境中預先定義角色的使用者,自動執行建立稽核報表的程序,以及 (選擇性) 透過電子郵件寄送給收件者。
此稽核報表顯示自上次產生報表以來,指派給已變更預先定義角色或群組的使用者。若要建立每日稽核報表,請每天執行此指令碼。
複製下列指令碼以建立 provisioningAuditReport.bat
。此包裝函式批次指令碼會呼叫 PowerShell 指令碼 provisioningAuditReport.ps1
,原始程式碼在本案例的稍後部分提供。
註:
provisioningAuditReport.bat
,可用的輸入參數包括:username
、password
或 password_file
、service_url
和 report_email_to_address
(選擇性,只有您想要將報表傳送至電子郵件地址才需要)。@echo off set paramRequiredMessage=Syntax: provisioningAuditReport.bat USERNAME PASSWORD/PASSWORD_FILE URL [REPORT_EMAIL_TO_ADDRESS] if "%~1" == "" ( echo User Name is missing. echo %paramRequiredMessage% exit /b 1 ) if "%~2" == "" ( echo Password or Password_File is missing. echo %paramRequiredMessage% exit /b 1 ) if "%~3" == "" ( echo URL is missing. echo %paramRequiredMessage% exit /b 1 ) PowerShell.exe -File provisioningAuditReport.ps1 %*
provisioningAuditReport.bat
會呼叫您複製下列指令碼來建立的 provisioningAuditReport.ps1
。
provisioningAuditReport.ps1
會建立稽核報表。請放置在 provisioningAuditReport.bat
所在的相同目錄中。
$username=$args[0] $password=$args[1] $url=$args[2] $reportemailtoaddress=$args[3] $date=$(get-date -f dd_MM_yy_HH_mm_ss) $datedefaultformat=$(get-date) $logdir="./logs/" $logfile="$logdir/epmautomate-provisionauditreport-" + $date + ".log" $reportdir="./reports/" $provisionreport="provreport-audittest-" + $date + ".csv" $provisionreporttemp="./provreport-audittest-temp.csv" $provisionreportunique="./provreport-audittest-unique.csv" $provisionreportbaselineunique="./provreport-audittest-baseline-unique.csv" function EchoAndLogMessage { $message=$args[0] echo "$message" echo "$message" >> $logfile } function Init { $logdirexists=Test-Path $logdir if (!($logdirexists)) { mkdir $logdir 2>&1 | out-null } $logfileexists=Test-Path $logfile if ($logfileexists) { rm $logfile 2>&1 | out-null } $reportdirexists=Test-Path $reportdir if (!($reportdirexists)) { mkdir $reportdir 2>&1 | out-null } } function PostProcess { rm $provisionreporttemp mv -Force $provisionreportunique $provisionreportbaselineunique } function ProcessCommand { $op=$args echo "EPM Automate operation: epmautomate.bat $op" >> $logfile epmautomate.bat $op >> $logfile 2>&1 if ($LASTEXITCODE -ne 0) { echo "EPM Automate operation failed: epmautomate.bat $op. See $logfile for details." exit } } function RunEpmAutomateCommands { EchoAndLogMessage "Running EPM Automate commands to generate the provisioning report." ProcessCommand login $username $password $url ProcessCommand provisionreport $provisionreport ProcessCommand downloadfile $provisionreport ProcessCommand deletefile $provisionreport ProcessCommand logout } function CreateProvisionReportTempFile { # Loop through iteration csv file and parse Get-Content $provisionreport | ForEach-Object { $elements=$_.split(',') echo "$($elements[0]),$($elements[2])" >> $provisionreporttemp } } function CreateUniqueElementsFile { gc $provisionreporttemp | sort | get-unique > $provisionreportunique } function CheckBaselineAndCreateAuditReport { $provisionreportbaselineuniqueexists=Test-Path $provisionreportbaselineunique if (!($provisionreportbaselineuniqueexists)) { EchoAndLogMessage "No existing provisioning report, so comparison with a baseline is not possible. Audit report will be created at the next test run." } else { CreateAuditReport } } function EmailAuditReport { $auditreport=$args[0] $elements=$auditreport.split('/') $auditreportname=$elements[2] if (${reportemailtoaddress} -match "@") { EchoAndLogMessage "Emailing audit report" ProcessCommand login $username $password $url ProcessCommand uploadFile $auditreport ProcessCommand sendMail $reportemailtoaddress "Provisionining Audit Report" Body="Provisioning Audit Report is attached." Attachments=$auditreportname ProcessCommand deleteFile $auditreportname ProcessCommand logout } } function CreateAuditReport { $auditreport=$reportdir + "auditreport-"+ $date + ".txt" $additions = @() $deletions = @() EchoAndLogMessage "Comparing previous provisioning report with the current report." $compare=compare-object (get-content $provisionreportunique) (get-content $provisionreportbaselineunique) $compare | foreach { if ($_.sideindicator -eq '<=') { $additions += $_.inputobject } elseif ($_.sideindicator -eq '=>') { $deletions += $_.inputobject } } echo "Provisioning Audit Report for $datedefaultformat" > $auditreport echo "------------------------------------------------" >> $auditreport if ($additions.count -ne 0) { echo " " >> $auditreport echo "Additions:" >> $auditreport foreach($element in $additions) { echo "$element" >> $auditreport } } if ($deletions.count -ne 0) { echo " " >> $auditreport echo "Deletions:" >> $auditreport foreach($element in $deletions) { echo "$element" >> $auditreport } } if (($additions.count -eq 0) -and ($deletions.count -eq 0)) { echo " " >> $auditreport echo "No changes from last audit report." >> $auditreport } EchoAndLogMessage "Provisioning audit report has been generated: $auditreport." EmailAuditReport $auditreport } Init EchoAndLogMessage "Starting EPMAutomate provisioning audit reporting" RunEpmAutomateCommands CreateProvisionReportTempFile CreateUniqueElementsFile CheckBaselineAndCreateAuditReport PostProcess EchoAndLogMessage "EPMAutomate provisioning audit reporting completed"