0 votes

Hi Guys,
Short question. In our organisation we have a buch of the security group that have a specific "class". The class is simple number stored in the ExtensionAttribute1. I'd like to ask is it possible to create scheduled task that get list of the groups in the specific class? Let's say we have class "001" this class have only two groups: legal_department and security_department, result of scheduler should be a text file with a list of the two groups. I can do it using powershell, but I got stuck when I tried to do the something like that with ADSI :cry:
Could you please help me?

by (510 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer


Here's a PowerShell script that generates a list of all groups whose ExtensionAttribute1 equals 001 and sends it by e-mail to a certain recipient. In the script:

  • $class - specifies the group 'class'
  • $to - specifies the recipient of the report
  • $subject - specifies the subject of the e-mail notification with the report
  • $reportHeader - specifies the report header
  • $reportFooter - specifies the report footer

Modify the above as necessary.

The script:

$class = "001" # TODO: modify me
$to = "recipient@domain.com" # TODO: modify me
$subject = "Groups with class '$class'" # TODO: modify me
$reportHeader = "<h2><b>Groups with class '$class'</b></h2>" # TODO: modify me
$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me

$reportHeader += "<ol>"

# Get the default Web Interface address
$webInterfaceAddress = "%adm-WebInterfaceUrl%"
if ([System.String]::IsNullOrEmpty($webInterfaceAddress))
    $Context.LogMessage("Default web interface address not set for Adaxes service. For details, see http://www.adaxes.com/help/?HowDoI.ManageService.RegisterWebInterface.html", "Warning")

# Find all groups with the specified class

# Set search parameters
$searcher = $Context.BindToObject("Adaxes://rootDSE")
$searcher.SearchFilter = "(&(objectCategory=group)(extensionAttribute1=$class))"
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.PageSize = 500
$searcher.VirtualRoot = $True

# Build group list
    $searchResult = $searcher.ExecuteSearch()
    foreach ($groupId in $searchResult.FetchAll())
        $displayName = $Context.GetDisplayNameFromAdsPath($groupId.AdsPath)
        $guid = [Guid]$groupId.Properties["objectGuid"].Value

        $reportHeader += "<li><a href='$webInterfaceAddress`ViewObject.aspx?guid=$guid'>$displayName</a></li>"
$reportHeader += "</ol>"

# Build the report
$report = $reportHeader + $reportFooter

# Send mail
$Context.SendMail($to, $subject, $NULL, $report)

Related questions

0 votes
1 answer

I'm learning how to use the Adaxes powershell commands. I've tried searching for a group and that fails to find anything but the local domain. ... one domain. Get-AdmGroup -AdaxesService ADAXES01.domain.com -Credential $myCredentials -Identity Administrators

asked Jul 29, 2020 by ComputerHabit (790 points)
0 votes
1 answer

I'm working on trying to update a script for updating office addresses on-demand. I'd like to leverage ADSI for this and I see that you can clear all condition sets ... seeing a documentation gap here or I'm running past the method needed for this. Thanks!

asked Jan 30, 2023 by AbbyR (40 points)
0 votes
1 answer

I'm not able to retrieve the Description of a user using ADSI. I'm trying user.Get("description").ToString() on IADsUser I get the error, The 'description' property cannot be found in the cache. Is there a different method I need to use to get Description?

asked Feb 6, 2017 by sdavidson (730 points)
0 votes
1 answer

Hi Guys, I' d like to get user surname. It's easy using PS but if I want to do it using such ADSI script [Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi") # ... ' property cannot be found in the cache." Do you have any idea, why? Best regards.

asked Dec 10, 2014 by axmaster (510 points)
0 votes
1 answer

Hi, I would like to use the custom commands to deprovision an AD user. Is there a way to automatically remove all groups (besides Domain Users which cannot be removed) from a user? Thanks...

asked May 1, 2014 by decop (20 points)
3,293 questions
2,991 answers
544,194 users