Script Repository


Add children of containers with specific names to Business Unit

March 15, 2016
1247

The script searches Organizational Units with specific names in all domains managed by Adaxes and includes their children in a Business Unit.

To update members of your Business Unit on a regular basis, create a Scheduled Task for the Domain-DNS object type that runs the script.

Parameters:

  • $ouNames - specifies a list of names of Organizational Units whose children will be includes in the Business Unit.
  • $businessUnitName - specifies the Business Unit name.
Edit Remove
PowerShell
$ouNames = @("Service", "Services") # TODO: modify me
$businessUnitName = "My Business Unit" # TODO: modify me

# Find the Business Unit
$businessUnitsPath = $Context.GetWellKnownContainerPath("BusinessUnits")
$businessUnitSearcher = $Context.BindToObject($businessUnitsPath)
$businessUnitSearcher.SearchFilter = "(&(objectCategory=adm-BusinessUnit)(name=$businessUnitName))"
$businessUnitSearcher.PageSize = 500
$businessUnitSearcher.SearchScope = "ADS_SCOPE_SUBTREE"
$businessUnitSearcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"

try
{
    $searchResultIterator = $businessUnitSearcher.ExecuteSearch()
    $businessUnits = $searchResultIterator.FetchAll()
    
    if ($businessUnits.Length -gt 1)
    {
        $Context.LogMessage("Found more than one Business Unit with name '$businessUnitName'.", "Error")
        return
    }
    if ($businessUnits.Length -eq 0)
    {
        $Context.LogMessage("Business Unit '$businessUnitName' does not exist.", "Error")
        return
    }
    
    # Bind to the Business Unit
    $unit = $Context.BindToObject($businessUnits[0].AdsPath)
}
finally
{
    # Release resources used by the search
    $searchResultIterator.Dispose()
}

# Search OUs with the specified names
$searchFilter = "(&(objectCategory=organizationalUnit)(|"

foreach ($name in $ouNames)
{
    $searchFilter += "(name=$name)"
}

$searchFilter += "))"

$ouSeacher = $Context.BindToObject("Adaxes://rootDSE")
$ouSeacher.SearchFilter = $searchFilter
$ouSeacher.PageSize = 500
$ouSeacher.SearchScope = "ADS_SCOPE_SUBTREE"
$ouSeacher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$ouSeacher.SetPropertiesToLoad(@("objectGuid"))
$ouSeacher.VirtualRoot = $True

try
{
    $searchResultIterator = $ouSeacher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()
    
    $rules = $unit.GetMembershipRules()
    
    # Create a hash set containing GUIDs of all OUs found
    $ouGuids = New-Object "System.Collections.Generic.HashSet[System.String]"
    foreach ($searchResult in $searchResults)
    {
        [void]$ouGuids.Add([Guid]$searchResult.Properties["objectGuid"].Value)
    }
    
    # Remove outdated OUs
    for ($i = $rules.Count - 1; $i -ge 0; $i--)
    {
        $rule = $rules.GetObject($i)
        if ($rule.Type -ne "ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER")
        {
            continue
        }
        
        if ($rule.Container -eq $NULL)
        {
            $rules.Remove($rule)
        }
        
        try
        {
            $baseObjectGuid = [Guid]$rule.Container.Get("objectGuid")    
        }
        catch
        {
            continue
        }
        
        $ouGuids.Remove($baseObjectGuid)
    }
    
    # Add new OUs
    foreach ($guid in $ouGuids)
    {
        $ou = $Context.BindToObject("Adaxes://<GUID=$guid>")
        $rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER")
        $rule.Exclude = $False
        $rule.Container = $ou
        $rule.Scope = "ADS_SCOPE_SUBTREE"
        $rules.Add($rule)
    }
    
    $unit.SetMembershipRules($rules)
    $unit.SetInfo()
}
finally
{
    # Release resources used by the search
    $searchResultIterator.Dispose()
}

Comments ( 0 )
No results found.
Leave a comment