The script searches Organizational Units with specific names in all domains managed by Adaxes and includes their children in a business unit.
To update members of your business unit on a regular basis, create a scheduled task for the Domain-DNS object type that runs the script.
Parameters:
- $ouNames - Specifies a list of names of Organizational Units whose children will be includes in the business unit.
- $businessUnitName - Specifies the business unit name.
PowerShell
$ouNames = @("Service", "Services") # TODO: modify me
$businessUnitName = "My Business Unit" # TODO: modify me
# Find the Business Unit
$businessUnitsPath = $Context.GetWellKnownContainerPath("BusinessUnits")
$businessUnitSearcher = $Context.BindToObject($businessUnitsPath)
$businessUnitSearcher.SearchFilter = "(&(objectCategory=adm-BusinessUnit)(name=$businessUnitName))"
$businessUnitSearcher.PageSize = 500
$businessUnitSearcher.SearchScope = "ADS_SCOPE_SUBTREE"
$businessUnitSearcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
try
{
$searchResultIterator = $businessUnitSearcher.ExecuteSearch()
$businessUnits = $searchResultIterator.FetchAll()
if ($businessUnits.Length -gt 1)
{
$Context.LogMessage("Found more than one Business Unit with name '$businessUnitName'.", "Error")
return
}
if ($businessUnits.Length -eq 0)
{
$Context.LogMessage("Business Unit '$businessUnitName' does not exist.", "Error")
return
}
# Bind to the Business Unit
$unit = $Context.BindToObject($businessUnits[0].AdsPath)
}
finally
{
# Release resources used by the search
$searchResultIterator.Dispose()
}
# Search OUs with the specified names
$searchFilter = "(&(objectCategory=organizationalUnit)(|"
foreach ($name in $ouNames)
{
$searchFilter += "(name=$name)"
}
$searchFilter += "))"
$ouSeacher = $Context.BindToObject("Adaxes://rootDSE")
$ouSeacher.SearchFilter = $searchFilter
$ouSeacher.PageSize = 500
$ouSeacher.SearchScope = "ADS_SCOPE_SUBTREE"
$ouSeacher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$ouSeacher.SetPropertiesToLoad(@("objectGuid"))
$ouSeacher.VirtualRoot = $True
try
{
$searchResultIterator = $ouSeacher.ExecuteSearch()
$searchResults = $searchResultIterator.FetchAll()
$rules = $unit.GetMembershipRules()
# Create a hash set containing GUIDs of all OUs found
$ouGuids = New-Object "System.Collections.Generic.HashSet[System.String]"
foreach ($searchResult in $searchResults)
{
[void]$ouGuids.Add([Guid]$searchResult.Properties["objectGuid"].Value)
}
# Remove outdated OUs
for ($i = $rules.Count - 1; $i -ge 0; $i--)
{
$rule = $rules.GetObject($i)
if ($rule.Type -ne "ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER")
{
continue
}
if ($rule.Container -eq $NULL)
{
$rules.Remove($rule)
}
try
{
$baseObjectGuid = [Guid]$rule.Container.Get("objectGuid")
}
catch
{
continue
}
$ouGuids.Remove($baseObjectGuid)
}
# Add new OUs
foreach ($guid in $ouGuids)
{
$ou = $Context.BindToObject("Adaxes://<GUID=$guid>")
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER")
$rule.Exclude = $False
$rule.Container = $ou
$rule.Scope = "ADS_SCOPE_SUBTREE"
$rules.Add($rule)
}
$unit.SetMembershipRules($rules)
$unit.SetInfo()
}
finally
{
# Release resources used by the search
$searchResultIterator.Dispose()
}