I've got a scheduled agent that is attempting to export data for updated employees. When an employee record is updated, we're setting the value of the LDAP custom attribute adm-CustomAttributeBoolean1 to true. A nightly scheduled task will search the domain for all users that have that attribute set to true. See the code snippet that shows the filter I'm using. I definitely have one record where the attribute is true, but the search doesn't return any rows. Any assistance would be greatly appreciated.

# Get AdsPath of target object
$targetObject = $Context.BindToObjectByDN("%distinguishedName%")
$targetObjectPath = $targetObject.ADsPath

$Context.LogMessage("Domain being searched is: " + $targetObjectPath, "Information")

# Search all users in the target OU
$userSearcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher" $NULL, $False
$userSearcher.SearchParameters.BaseObjectPath = $targetObjectPath
$userSearcher.SearchParameters.PageSize = 1000
$userSearcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
# Filter for User objects that are not disabled and employeeID doesn't contain zeros or 'NMU' or employeeID is not blank
$userSearcher.SearchParameters.Filter = "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(adm-CustomAttributeBoolean1=true))"
#$userSearcher.SearchParameters.Filter = "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(adm-CustomAttributeBoolean1=$True)(!(employeeID=000000))(!(employeeID=NMU))(employeeID=*))"
$properties = $eachFieldIn , "distinguishedName"

$sortOption = New-Object "Softerra.Adaxes.Adsi.AdmSortOption"
$sortOption.PropertyName = $sortBy
$sortOption.Direction = $sortDirection
$userSearcher.Sort = $sortOption

    $userResult = $userSearcher.ExecuteSearch()
    $sortedUsers = $userResult.FetchAll()
    $totalUserCount = $sortedUsers.Count

    # If no records returned, exit script
    if ($totalUserCount -eq 0) 
      $Context.LogMessage("No updates found to export.  Processing terminated.", "Information")
      # Release resources used by the search
The thing is that currently Adaxes custom attributes are not included in LDAP searches for performance considerations. To work around the issue, in your task, you can bind to each user one-by-one and check the value of the attribute. In our Script Repository, we have a script that does a very similar job: creates an HTML-formatted list of users who have a certain custom attribute assigned (not empty). See it here: http://www.adaxes.com/script-repository ... ty-s43.htm. You can use it as a starting point.


Thanks. I found that post and successfully used it as a basis for my scheduled task.

