Using value references in membership rules

The following code sample includes the user's manager and excludes the user themselves from a business unit.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the business unit
$businessUnitsPath = $service.Backend.GetConfigurationContainerPath(
    "BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
    $businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
    "CN=My Unit")
$myBusinessUnit = $service.OpenObject($myBusinessUnitAdsPath, $null, $null, 0)

$rules = $myBusinessUnit.GetMembershipRules()

# Include the user's manager
$includeRule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$includeRule.ObjectDnTemplate = "%manager%"
$includeRule.Exclude = $false
$rules.Add($includeRule)

# Exclude the user's account
$excludeRule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$excludeRule.ObjectDnTemplate = "%distinguishedName%"
$excludeRule.Exclude = $true
$rules.Add($excludeRule)

$myBusinessUnit.SetMembershipRules($rules)

$myBusinessUnit.SetInfo()

The following code sample includes members of the group with the name consisting of the user's department plus 'Managers' (e.g. HRManagers), located in container Users into a business unit.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the business unit
$businessUnitsPath = $service.Backend.GetConfigurationContainerPath(
    "BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
    $businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
    "CN=My Unit")
$myBusinessUnit = $service.OpenObject($myBusinessUnitAdsPath, $null, $null, 0)

$rules = $myBusinessUnit.GetMembershipRules()

$groupDnTemplate = "CN=%department%Managers,CN=Users,DC=domain,DC=com"

# Include group members
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_GROUP")
$rule.GroupDnTemplate = $groupDnTemplate
$rule.Exclude = $false
$rule.IncludeDirectMembersOnly = $false
$rules.Add($rule)

$myBusinessUnit.SetMembershipRules($rules)

$myBusinessUnit.SetInfo()

The following code sample includes objects contained in the organizational unit with name My OU located in the user's organizational unit into a business unit.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the business unit
$businessUnitsPath = $service.Backend.GetConfigurationContainerPath(
    "BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
    $businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
    "CN=My Unit")
$myBusinessUnit = $service.OpenObject($myBusinessUnitAdsPath, $null, $null, 0)

$rules = $myBusinessUnit.GetMembershipRules()

$ouDnTemplate = "OU=My OU,%adm-ParentDN%"

# Include OU children
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER")
$rule.ContainerDnTemplate = $ouDnTemplate
$rule.Exclude = $false
$rule.Scope = "ADS_SCOPE_SUBTREE"
$rules.Add($rule)

$myBusinessUnit.SetMembershipRules($rules)

$myBusinessUnit.SetInfo()

The following code sample includes user accounts located in the user's organizational unit whose manager is the same as the manager of the user into a business unit.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the business unit
$businessUnitsPath = $service.Backend.GetConfigurationContainerPath(
    "BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
    $businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
    "CN=My Unit")

$myBusinessUnit = $service.OpenObject($myBusinessUnitAdsPath, $null, $null, 0)

$rules = $myBusinessUnit.GetMembershipRules()

# Include users by Query Rule
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY")
$rule.BaseObjectDnTemplate = "%adm-ParentDN%"
$rule.Exclude = $false
$rule.Scope = "ADS_SCOPE_SUBTREE"
$criteria = New-AdmCriteria "user" {manager -eq "%manager%"}
$rule.SetCriteria($criteria)
$rules.Add($rule)

$myBusinessUnit.SetMembershipRules($rules)

$myBusinessUnit.SetInfo()

See also