Groups with multiple Values are not found

Question

Hi,

the script is only working for groups like

A group with multiple values like here is not found:

How to change the script to find them as well? I want to find all groups where the extensionAttribute5 is used with the value Permanent.

Comments

Hello,

Sorry for the confusion, but we are not sure what exactly the issue is and the difference in criteria. Please, describe the desired and the actual behavior you are facing in all the possible details with live examples.

---

Hi,

based on the script shared previuosly I am able to find rule-based groups where (in my example) I look for extensionName5 is Permanent (1st screenshot).

However, the script is not finding a group where the value of property is Permanent or Apprenticeship.

---

Hello,

Sorry for the confusion, but we are not sure what exactly you mean. The criteria in both your screenshots are dedicated to users, not groups.

---

Hi, sorry, let me start from scratch

I have this report

Parameters

Script

$propertyName = "%param-PropertyName%"
$propertyValue = "%param-PropertyValue%"

try
{
    $groupCriteria = New-AdmCriteria -Type "group" -Expression {membershipType -eq "rule-based"}
    $Context.DirectorySearcher.AddCriteria($groupCriteria)

    $criteriaToCompare = New-AdmCriteria -Expression {$propertyName -eq $propertyValue}    
    $criteriaJsonToCompare = $criteriaToCompare.Item("*").Items.ToJson($null)
    $searchResultIterator = $Context.DirectorySearcher.ExecuteSearch()
    while ($Context.MoveNext($searchResultIterator))
    {
        $searchResult = $searchResultIterator.Current
        $group = $Context.BindToObjectBySearchResult($searchResult)

        foreach ($rule in $group.MembershipRules) 
        {
            if ($rule.Type -ne "ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY")
            {
                continue
            }

            $criteria = $rule.GetCriteria()

            if ($criteria.ToJson($NULL) | Select-String -Pattern $criteriaJsonToCompare -SimpleMatch)
            {
                $Context.Items.Add($searchResult)
                break
            }
        }
    }
}
finally
{
    if ($searchResultIterator) 
    { 
        $searchResultIterator.Dispose()
    }
}

If I run the report, I get only one rule based group

This group has the following rule

But, we have also some other rule based groups like with this rule

This group is not found by the report/script.

Is there any chance to find also groups with the rule set of the second one?

My goal is: Find all rule base groups where the condition contains

extensionAttribute5 is Permanent

However we need also to find groups with rule

extensionAttribute5 is Permanent OR X OR Y

Answer 1

Hello,

Thank you for clarifying. The only option is to create each criteria you need to check in the script and compare with that of a group. Same like you do it now for a single criteria.