Add children of containers with specific names to Business Unit

The script searches Organizational Units with specific names in all domains managed by Adaxes and includes their children in a business unit.

To update members of your business unit on a regular basis, create a scheduled task for the Domain-DNS object type that runs the script.

Parameters:

$ouNames - Specifies a list of names of Organizational Units whose children will be includes in the business unit.
$businessUnitName - Specifies the business unit name.

Edit Remove

PowerShell

$ouNames = @("Service", "Services") # TODO: modify me
$businessUnitName = "My Business Unit" # TODO: modify me

# Find the Business Unit
$businessUnitsPath = $Context.GetWellKnownContainerPath("BusinessUnits")
$businessUnitSearcher = $Context.BindToObject($businessUnitsPath)
$businessUnitSearcher.SearchFilter = "(&(objectCategory=adm-BusinessUnit)(name=$businessUnitName))"
$businessUnitSearcher.PageSize = 500
$businessUnitSearcher.SearchScope = "ADS_SCOPE_SUBTREE"
$businessUnitSearcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"

try
{
    $searchResultIterator = $businessUnitSearcher.ExecuteSearch()
    $businessUnits = $searchResultIterator.FetchAll()
    
    if ($businessUnits.Length -gt 1)
    {
        $Context.LogMessage("Found more than one Business Unit with name '$businessUnitName'.", "Error")
        return
    }
    if ($businessUnits.Length -eq 0)
    {
        $Context.LogMessage("Business Unit '$businessUnitName' does not exist.", "Error")
        return
    }
    
    # Bind to the Business Unit
    $unit = $Context.BindToObject($businessUnits[0].AdsPath)
}
finally
{
    # Release resources used by the search
    $searchResultIterator.Dispose()
}

# Search OUs with the specified names
$searchFilter = "(&(objectCategory=organizationalUnit)(|"

foreach ($name in $ouNames)
{
    $searchFilter += "(name=$name)"
}

$searchFilter += "))"

$ouSeacher = $Context.BindToObject("Adaxes://rootDSE")
$ouSeacher.SearchFilter = $searchFilter
$ouSeacher.PageSize = 500
$ouSeacher.SearchScope = "ADS_SCOPE_SUBTREE"
$ouSeacher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$ouSeacher.SetPropertiesToLoad(@("objectGuid"))
$ouSeacher.VirtualRoot = $True

try
{
    $searchResultIterator = $ouSeacher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()
    
    $rules = $unit.GetMembershipRules()
    
    # Create a hash set containing GUIDs of all OUs found
    $ouGuids = New-Object "System.Collections.Generic.HashSet[System.String]"
    foreach ($searchResult in $searchResults)
    {
        [void]$ouGuids.Add([Guid]$searchResult.Properties["objectGuid"].Value)
    }
    
    # Remove outdated OUs
    for ($i = $rules.Count - 1; $i -ge 0; $i--)
    {
        $rule = $rules.GetObject($i)
        if ($rule.Type -ne "ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER")
        {
            continue
        }
        
        if ($rule.Container -eq $NULL)
        {
            $rules.Remove($rule)
        }
        
        try
        {
            $baseObjectGuid = [Guid]$rule.Container.Get("objectGuid")    
        }
        catch
        {
            continue
        }
        
        $ouGuids.Remove($baseObjectGuid)
    }
    
    # Add new OUs
    foreach ($guid in $ouGuids)
    {
        $ou = $Context.BindToObject("Adaxes://<GUID=$guid>")
        $rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER")
        $rule.Exclude = $False
        $rule.Container = $ou
        $rule.Scope = "ADS_SCOPE_SUBTREE"
        $rules.Add($rule)
    }
    
    $unit.SetMembershipRules($rules)
    $unit.SetInfo()
}
finally
{
    # Release resources used by the search
    $searchResultIterator.Dispose()
}

Script Repository

Parameters: