0 votes

I'm learning how to use the Adaxes powershell commands.

I've tried searching for a group and that fails to find anything but the local domain. I thought if I used the switches and designate an Adaxes server for the service and the proper credentials it would return all items across the domains. This doesn't seem to be happening.

This fails to find the Administrators groups in all domains. It returns just one domain.

Get-AdmGroup -AdaxesService ADAXES01.domain.com -Credential $myCredentials -Identity Administrators

ago by (2.2k points)
edited ago by

1 Answer

0 votes
ago by (182k points)
reshown ago by

Hello,

This behavior is by design. It is not possible to use a cmdlet to perform a search in multiple domains at once. The domain to search in is controlled by the -Server parameter. To search objects in all the domains managed by Adaxes, you need to use the approach like in the following example: https://adaxes.com/sdk/SampleScripts.SearchingGroups. For the search to be performed in all the managed domains, set the VirtualRoot search parameter to True. For details about search parameters, see https://adaxes.com/sdk/IAdmDirectorySearcher.

0

I still don't understand how to use this virtual root. I'm not understanding how I go about "Binding" to this virtual root. None of the examples show this.

The examples always show binding to a specific OU or account. I understand this. How do I bind to the virtual root?

Example from site: `[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace" $admService = $admNS.GetServiceDirectly("localhost")

$searcher = $admService.OpenObject( "Adaxes://OU=People,DC=company,DC=com", $NULL, $NULL, 0)

$searcher.SearchFilter = "(&(objectCategory=person)(objectClass=user)(department=Sales))" $searcher.SearchScope = "ADS_SCOPE_SUBTREE" try { $results = $searcher.ExecuteSearch() foreach ($result in $results.FetchAll()) { Write-Host $result.ADsPath } } finally { $results.Dispose() }`

The above example shows

$searcher = $admService.OpenObject( "Adaxes://OU=People,DC=company,DC=com", $NULL, $NULL, 0)

What would I bind to?

0

I tried

$searcher = $admService.OpenObject("Adaxes://rootDSE", $NULL, $NULL, 0)

But it doesn't work.

0

Ah I finally understand. :)

$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace" $admService = $admNS.GetServiceDirectly("USCPADAXES01")

$searcher = $admService.OpenObject("Adaxes://rootDSE", $NULL, $NULL, 0)

$searcher.SearchFilter = "(&(objectCategory=person)(objectClass=user)(department=Information Systems))" $searcher.SearchScope = "ADS_SCOPE_SUBTREE" $searcher.VirtualRoot = $true try { $results = $searcher.ExecuteSearch() foreach ($result in $results.FetchAll()) { Write-Host $result.ADsPath } } finally { $results.Dispose() }

Thank you.

Related questions

0 votes
1 answer

Hi Guys, Short question. In our organisation we have a buch of the security group that have a specific "class". The class is simple number stored in the ExtensionAttribute1. I'd ... tried to do the something like that with ADSI :cry: Could you please help me?

asked Dec 8, 2014 by axmaster (2.7k points)
0 votes
1 answer

We have some dynamic groups with roughly 1800 members. Get-AdmGroup returns the member property OK for small groups, but for these large groups it returns null ... by calling Get-AdmGroupMember for those groups? Thanks, Randy Lindsey Colorado Springs Utilities

asked Aug 1, 2013 by rlindsey (250 points)
0 votes
1 answer

I'm trying to combine these two scripts to effectively store a user's group memberships in customattributebinary5 and then be able to copy and paste those memberships to a ... ) $Context.LogMessage("Added the user to group '$groupName'", "Information") }

asked Jan 24 by yourpp (2.5k points)
0 votes
1 answer

I need a list of all the URLs that Adaxes creates in IIS on the server Adaxes is installed on.

asked Feb 6 by DaralenManta (250 points)
0 votes
1 answer

Hi, I would like to use the custom commands to deprovision an AD user. Is there a way to automatically remove all groups (besides Domain Users which cannot be removed) from a user? Thanks...

asked May 1, 2014 by decop (250 points)
2,241 questions
2,002 answers
5,483 comments
17,025 users