Script Repository

Add user to a specific group if they are owners of at least one group

March 15, 2019

The script finds all groups that have an owner specified in the Managed By property and adds owners that are users to a specific group. To execute the script on a regular basis, create a Scheduled Task configured for Domain-DNS object type and assign the task over any of your managed domains.


  • $groupDN– specifies the distinguished name (DN) of the group to which group owners will be added.
Edit Remove
$groupDN = "CN=MyGroup,OU=Groups,DC=example,DC=com" # TODO: modify me

function SearchObjects($filter, $properties)
    $searcher = $Context.BindToObject("Adaxes://rootDSE")
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    $searcher.VirtualRoot = $True
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()
        return ,$searchResults
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }

function UpdateGroupMmbers($groupDN, $memberDNs)
    $group = $Context.BindToObjectByDN($groupDN)
    $group.Put("member", $memberDNs)

# Get managed groups
$groupSearchResults = SearchObjects "(&(objectCategory=group)(managedBy=*))" @("managedBy")

if ($groupSearchResults.Length -eq 0)
    # Update group members
    UpdateGroupMmbers $groupDN $NULL

# Get users from group owners
$filter = New-Object System.Text.StringBuilder
$groupSearchResults | %%{[void]$filter.Append([Softerra.Adaxes.Ldap.FilterBuilder]::Create("distinguishedName", $_.Properties["managedBy"].Value))}
$userSearchResults = SearchObjects $filter.ToString() @("distinguishedName")
$userDNs = $userSearchResults | %%{$_.Properties["distinguishedName"].Value}

# Update group members
UpdateGroupMmbers $groupDN $userDNs

Comments ( 0 )
No results found.
Leave a comment