0 votes

We are using the dynamic dist list script found below. The issue is we also have to be able to provide overrides, which we are achieving through secondary static list we will maintain manually. When the script runs at 5 am EST every day it removes the override DL from the list. Is there a way to keep any overrides when the process runs?

$companyProperty = "adm-CustomAttributeText1" # TODO: modify me
$employeeTypeProperty = "adm-CustomAttributeText4" # TODO: modify me

function SearchObjects($filter, $domainName, $properties)
{
    # Set search parameters
    $searcher = $Context.BindToObject("Adaxes://$domainName")
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    $searcher.SetPropertiesToLoad($properties)

    try
    {
        # Execute search
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()

        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

# Get company for LDAP filter
try
{
    $company = $Context.TargetObject.Get($companyProperty)
}
catch
{
    $Context.LogMessage("Company not specified", "Warning")
    return
}

# Get employee type for LDAP filter
try
{
    $employeeType = $Context.TargetObject.Get($employeeTypeProperty)
}
catch
{
    $employeeType = $NULL
}

# Build filter
$filter = New-Object "System.Text.StringBuilder"
[void]$filter.Append("(&(sAMAccountType=805306368)(company=$company)")
if (-not([System.String]::IsNullOrEmpty($employeeType)))
{
    [void]$filter.Append("(employeeType=$employeeType)")
}
[void]$filter.Append(")")
$domainName = $Context.GetObjectDomain("%distinguishedName%")

# Search users
$searchResults = SearchObjects $filter.ToString() $domainName @("distinguishedName")

# Add users to group
if ($searchResults.Length -eq 0)
{
    $Context.TargetObject.PutEx("ADS_PROPERTY_CLEAR", "member", $NULL)
}
else
{
    [System.Array]$userDNs = $searchResults | %%{$_.Properties["distinguishedName"].Value}
    $Context.TargetObject.PutEx("ADS_PROPERTY_UPDATE", "member", $userDNs)
}

# Save the changes
$Context.TargetObject.SetInfo()
by (3.2k points)
0

Hello,

What exactly do you mean by overrides? Could you describe the desired behaviour in all the possible details?

0

We previously created dynamic lists from powershell commands and if we needed to change or modify we would have to run the powershell again with the new variables. We found the script mentioned and it works perfectly except it removes any group or individual we placed the list when it runs. To future prove having to rerun the script we decided to create an override list. We will place any individual needing access but doesn't fit the initial criteria in the override group but the script runs and removes the group.

Real life example: we create a dynamic distribution list based on value of employee ID and need to add an user with a different employee ID so we add the user to the static override list manually. This works perfectly until the list runs at is update time and removes all memberships and as only those with the correct employee ID. We need the script that runs to ignore the override list when re adding memberships.

1 Answer

0 votes
by (227k points)
selected by
Best answer

Hello,

Thank you for clarifying.

As a solution, we can add another criteria for members of the distribution list based on group membership. In this case, the script will also add all members of the specified group to the distribution list on each run not counting the other criteria for them.

Alternatively, the users that are members of the group, will be ignored when the script updates distribution list members. In this case, you will need to add/remove the users from the distribution list manually.

Specify which solution is best for you and we will provide you with the updated script.

0

We are looking for the second option. In this way we can easily manage the few exceptions we need to without breaking the purpose of making the list dynamic (lots of adds and deletes daily)

0

Hello,

Thank you for clarifying. Find the updated script below.

$companyProperty = "adm-CustomAttributeText1" # TODO: modify me
$employeeTypeProperty = "adm-CustomAttributeText4" # TODO: modify me

function SearchObjects($filter, $domainName, $properties)
{
    # Set search parameters
    $searcher = $Context.BindToObject("Adaxes://$domainName")
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"

    try
    {
        # Execute search
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()

        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

# Get company for LDAP filter
try
{
    $company = $Context.TargetObject.Get($companyProperty)
}
catch
{
    $Context.LogMessage("Company not specified", "Warning")
    return
}

# Get employee type for LDAP filter
try
{
    $employeeType = $Context.TargetObject.Get($employeeTypeProperty)
}
catch
{
    $employeeType = $NULL
}

# Build filter
$filter = New-Object "System.Text.StringBuilder"
[void]$filter.Append("(&(sAMAccountType=805306368)(company=$company)")
if (-not([System.String]::IsNullOrEmpty($employeeType)))
{
    [void]$filter.Append("(employeeType=$employeeType)")
}
[void]$filter.Append(")")
$domainName = $Context.GetObjectDomain("%distinguishedName%")

# Search users
$searchResults = SearchObjects $filter.ToString() $domainName

# Add users to group
foreach ($searchResult in $searchResults)
{
    $Context.TargetObject.Add($searchResult.AdsPath)
}

Related questions

0 votes
1 answer

Good Morning, I was hoping to get some assistance in creating a powershell script that I could run daily that would do the following. 1. Gather a list of all AD ... "Manager" field in a property pattern with found users Any assistance would be great. Thanks!

asked Jun 15, 2018 by jhair (520 points)
0 votes
1 answer

How do I go about getting an export of users that are assigned to a particular dynamic group? The existing export rules don't seem to do the trick. It only pulls info ... the dynamic group, i would like to also report on those that have been licensed for O365

asked Mar 20, 2017 by cubedit (50 points)
0 votes
0 answers

Hello. Is there a way to get a drop down list with custom and dynamic content in Adaxes administration console (or web)? 1. Get list of available number in dailplan from a ... or disable for Lync' from a temp variable populated in #2. How can we address #2?

asked Sep 27, 2016 by Klas (460 points)
0 votes
1 answer

Is it possible to create a drop down that displays options based on the selection in another field? EX: I want to create a job title background that will populate options ... like the Job title drop down to display "Customer service rep, call support, etc".

asked Oct 11, 2021 by copatterson (70 points)
0 votes
1 answer

Will Dynamic forms in Web Interface be included in this release? We are in the midle of deploying the solution and the dynamics web forms will be a game changer for us.

asked Jun 16, 2020 by jurbina (20 points)
2,797 questions
2,530 answers
6,594 comments
57,113 users