The script finds a computer whose username contains the username of the target user and adds to a group mathcing the user department. In the script, the $departmentInfos variable matches department names with names of the corresponding groups. To run the script, use a busienss rule, custom command or scheduled task configured for the User object type.
PowerShell
$departmentInfos = @{
"Sales" = "Comp_Sales"
"IT" = "Comp_IT"
} # TODO: modify me. Example $departmentInfos = @{"<department name>" = "<group_name>"}
function GetObjectPath($filter, $domainName)
{
$searcher = $Context.BindToObject("Adaxes://$domainName/rootDSE")
$searcher.SearchFilter = $filter
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SizeLimit = 1
try
{
$searchResultIterator = $searcher.ExecuteSearch()
$searchResults = $searchResultIterator.FetchAll()
if ($searchResults.Length -eq 0)
{
return $NULL
}
return $searchResults[0].AdsPath
}
finally
{
# Release resources
if ($searchResultIterator){ $searchResultIterator.Dispose() }
}
}
# Get the computer path
$domainName = $Context.GetObjectDomain("%distinguishedName%")
$computerPath = GetObjectPath "(&(objectCategory=computer)(sAMAccountName=*%username%*))" $domainName
if ($computerPath -eq $NULL)
{
$Context.LogMessage("A user's computer could not be found", "Warning")
return
}
# Search group matching the user department
$groupName = $departmentInfos["%department%"]
if ($groupName -eq $NULL)
{
$Context.LogMessage("No group specifieded for department %department%.", "Warning")
return
}
$groupPath = GetObjectPath "(&(objectCategory=group)(sAMAccountName=$groupName))" $domainName
if ($groupPath -eq $NULL)
{
$Context.LogMessage("Group $groupName does not exist.", "Warning")
return
}
# Add the computer to group
$group = $Context.BindToObject($groupPath)
$group.Add($computerPath)