0 votes
  1. Every role-based-group starts with "arbg-"
  2. Users should only be in 1 arbg- group

To enforce this, on any user change I would like to remove them from any "arbg-" group they are currently in and re-add them based on the original logic (department number, Job title, etc)

In effect this is the powershell command Get-ADPrincipalGroupMembership -Identity <SamAccount> | Select Name | Where-Object {$_.Name -Like 'ARBG*'}

by (20 points)

1 Answer

0 votes
by (228k points)

Hello,

It can be done using a business rule triggering After adding a member to a group and the below PowerShell script. The rule will look like the following: image.png

$filterPart = [Softerra.Adaxes.Ldap.FilterBuilder]::Create("distinguishedName", "%distinguishedName%")

$searcher = $Context.BindToObject("Adaxes://%member%")
$searcher.SearchFilter = "(&(objectCategory=group)(name=arbg-*)(!$filterPart))"
$searcher.SearchScope = "ADS_SCOPE_BASE"
$searcher.PageSize = 500
$searcher.AttributeScopeQuery = "memberOf"

try
{
    # Execute search
    $searchIterator = $searcher.ExecuteSearch()
    $searchResults = $searchIterator.FetchAll()

    if ($searchResults.Length -eq 0)
    {
        return
    }

    foreach ($searchResult in $searchResults)
    {
        $group = $Context.BindToObjectBySearchResult($searchResult)
        $group.Remove("Adaxes://%member%")
    }
}
finally
{
    # Release resources
    if ($searchIterator){ $searchIterator.Dispose() }
}

Related questions

0 votes
1 answer

In the de-provisioning process, I need to remove all users from all Office 365 groups (UnifiedGroups). I tried to adapt this script but unsuccessfully. https://www.adaxes.com/script-repositor ... -s360.htm Is there any way to do this?

asked Sep 22, 2019 by flaviodouglas (70 points)
0 votes
1 answer

HI Support, I'm looking for a business Rule that remove a user from a couple of groups after the User is added to a group. ie 1. The User MaxMi is added to the ... not able to create a powershell scripts for removing the added user from the other Groups. Thx,

asked Jan 4, 2016 by Napoleon (700 points)
0 votes
1 answer

Hi Guys, I'm trying to clean all users from Local Group test_group, and next new bunch of users form TXT fiel, by executing the following script as a scheduled task Import-Module ... .txt I have only 600 users. Do you have any idea how to improve this script?

asked Feb 27, 2015 by axmaster (510 points)
0 votes
1 answer

Our adaxes service account is able to create the mailbox when running our create user business rule, but cannot change any settings like disable OWA. What level of security will it need?

asked Apr 6, 2021 by bstone (50 points)
0 votes
1 answer

Currently, when I disable a user account in Adaxes, the group memberships of the user remain intact. I'd like to automate the removal of group memberships such as distribution ... a list of groups/DL that the user was previously in and removed from. Thanks!

asked Nov 3, 2021 by jayden.ang (20 points)
2,803 questions
2,537 answers
6,609 comments
63,114 users