The script finds all groups that have an owner specified in the Managed By property and adds owners that are users to a specific group. To execute the script on a regular basis, create a scheduled task configured for Domain-DNS object type and assign the task over any of your managed domains.
Parameters:
- $groupDN – Specifies the distinguished name (DN) of the group to which group owners will be added.
PowerShell
$groupDN = "CN=MyGroup,OU=Groups,DC=example,DC=com" # TODO: modify me
function SearchObjects($filter, $properties)
{
$searcher = $Context.BindToObject("Adaxes://rootDSE")
$searcher.SearchFilter = $filter
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.SetPropertiesToLoad($properties)
$searcher.VirtualRoot = $True
try
{
$searchResultIterator = $searcher.ExecuteSearch()
$searchResults = $searchResultIterator.FetchAll()
return ,$searchResults
}
finally
{
# Release resources
if ($searchResultIterator){ $searchResultIterator.Dispose() }
}
}
function UpdateGroupMmbers($groupDN, $memberDNs)
{
$group = $Context.BindToObjectByDN($groupDN)
$group.Put("member", $memberDNs)
$group.SetInfo()
}
# Get managed groups
$groupSearchResults = SearchObjects "(&(objectCategory=group)(managedBy=*))" @("managedBy")
if ($groupSearchResults.Length -eq 0)
{
# Update group members
UpdateGroupMmbers $groupDN $NULL
return
}
# Get users from group owners
$filter = New-Object System.Text.StringBuilder
[void]$filter.Append("(&(sAMAccountType=805306368)(|")
$groupSearchResults | %%{[void]$filter.Append([Softerra.Adaxes.Ldap.FilterBuilder]::Create("distinguishedName", $_.Properties["managedBy"].Value))}
[void]$filter.Append("))")
$userSearchResults = SearchObjects $filter.ToString() @("distinguishedName")
$userDNs = $userSearchResults | %%{$_.Properties["distinguishedName"].Value}
# Update group members
UpdateGroupMmbers $groupDN $userDNs