Script Repository


Add user to Novel eDirectory group

January 11, 2017
2938

The script adds a user's account located in Novel eDirectory to a eDirectory group.

Note: The script uses the $Context variable available on the server side only. This means that it can be executed only by Business Rules, Custom Commands, and Scheduled Tasks. You can use it in your rules, commands and tasks via the Run a program or PowerShell script action.

Parameters:

  • $eDirectoryServer - specifies the eDirectory LDAP server. The server must be specified by its fully qualified domain name (FQDN) followed by the number of the port used to accept LDAP requests (by default, 389);
  • $adminDN - specifies the Distinguished Name (DN) of a eDirectory administrative account. The account must have sufficient permissions to perform the following operations:
    • View the user account and the group in question;
    • Modify the groupMembership and securityEquals attributes of the user account;
    • Modify the member and equivalentToMe attributes of the group;
  • $adminPassword - specifies the password to the account identified by $adminDN;
  • $username - specifies the name of the user in eDirectory. You need to use value references to compose the name based on properties of the AD user account. For example, if you specify %username%, the name of the user account in Novell eDirectory must be the same as the user logon name of the Active Directory user;
  • $groupName - specifies the group name.
Edit Remove
PowerShell
$eDirectoryServer = "edirectory.server.doman.com:389" # TODO: modify me
$adminDN = "cn=admin,o=company" # TODO: modify me
$adminPassword = "secret" # TODO: modify me

$username = "%username%" # TODO: modify me
$groupName = "MyGroup" # TODO: modify me

function SearchObjectInEDirectory($filter, $eDirectoryServer, $adminDN, $adminPassword)
{
    try
    {
        $directoryEntry = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$eDirectoryServer", $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
        $searcher = New-Object System.DirectoryServices.DirectorySearcher($directoryEntry, $filter)
        $searchResults = $searcher.FindAll()
        $Context.LogMessage($searchResults[0].Path, "Information")
        if ($searchResults.Count -eq 0)
        {
            return $NULL
        }
        else
        {
            return ,$searchResults
        }
    }
    catch
    {
        $Context.LogMessage("Could not find an object matching the following filter: '$filter'. Error: " + $_.Exception.Message, "Information")
    }
    finally
    {
        $directoryEntry.Dispose()
        $searcher.Dispose()
    }
}

# Find user
$searchResults = SearchObjectInEDirectory "(&(objectClass=person)(name=$username))" $eDirectoryServer $adminDN $adminPassword
if ($searchResults -eq $NULL)
{
    $Context.LogMessage("User '$username' not found", "Warning")
    return
}
elseif ($searchResults.Count -gt 1)
{
    $Context.LogMessage("Found more than one user with name '$username'", "Warning")
    return
}
else
{
    $userInfo = $searchResults[0]
}

# Find group
$searchResults = SearchObjectInEDirectory "(&(objectClass=group)(name=$groupName))" $eDirectoryServer $adminDN $adminPassword
if ($searchResults -eq $NULL)
{
    $Context.LogMessage("Group '$groupName' not found", "Warning")
    return
}
elseif ($searchResults.Count -gt 1)
{
    $Context.LogMessage("Found more than one group with name '$groupName'", "Warning")
    return
}
else
{
    $groupInfo = $searchResults[0]
}

# Add user to group
$userDN = $userInfo.Path.Replace("LDAP://$eDirectoryServer/", "")
$groupDN = $groupInfo.Path.Replace("LDAP://$eDirectoryServer/", "")
try
{
    # Update user
    $userDirectoryEntry = New-Object System.DirectoryServices.DirectoryEntry($userInfo.Path, $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
    $userDirectoryEntry.Properties["securityEquals"].Add($groupDN)
    $userDirectoryEntry.Properties["groupMembership"].Add($groupDN)
    $userDirectoryEntry.CommitChanges()

    # Update group
    $groupDirectoryEntry = New-Object System.DirectoryServices.DirectoryEntry($groupInfo.Path, $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
    $groupDirectoryEntry.Properties["equivalentToMe"].Add($userDN)
    $groupDirectoryEntry.Properties["member"].Add($userDN)
    $groupDirectoryEntry.CommitChanges()
}
catch
{
    $Context.LogMessage("An error occurred when adding user to eDirectory group. Error: " + $_.Exception.Message, "Warning")
}
finally
{
    $userDirectoryEntry.Dispose()
}

Comments ( 10 )
avatar
Mohi Singh
Dec 09, 2019
Hello can you please help me with a script where I need to add users to a group in e directory in bulk thru a csv file.
avatar
Support
Dec 09, 2019

Hello Mohi,

Please, find the updated script below. It adds users listed in a CSV file to an eDirectory group. In the script:

  • $eDirectoryServer – specifies the eDirectory LDAP server. The server must be specified by its fully qualified domain name (FQDN) followed by the number of the port used to accept LDAP requests (by default, 389);
  • $adminDN – specifies the Distinguished Name (DN) of an eDirectory administrative account. The account must have sufficient permissions to perform the following operations:
    • View the user account and the group in question;
    • Modify the groupMembership and securityEquals attributes of the user account;
    • Modify the member and equivalentToMe attributes of the group;
  • $adminPassword – specifies the password to the account identified by $adminDN;
  • $groupName – specifies the name of the group to which users will be added;
  • $csvFilePath – specifies a path to the CSV file;
  • $userIdentityColumn – specifies the name of the CSV file column that contains the list of user identifiers in eDirectory.
Edit Remove
PowerShell
$eDirectoryServer = "edirectory.server.doman.com:389" # TODO: modify me
$adminDN = "cn=admin,o=company" # TODO: modify me
$adminPassword = "secret" # TODO: modify me

$groupName = "MyGroup" # TODO: modify me
$csvFilePath = "\\server\share\import.csv" # TODO: modify me
$userIdentityColumn = "userName" # TODO: modify me

function SearchObjectInEDirectory($filter, $eDirectoryServer, $adminDN, $adminPassword)
{
    try
    {
        $directoryEntry = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$eDirectoryServer", $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
        $searcher = New-Object System.DirectoryServices.DirectorySearcher($directoryEntry, $filter)
        $searchResults = $searcher.FindAll()
        $Context.LogMessage($searchResults[0].Path, "Information")
        if ($searchResults.Count -eq 0)
        {
            return $NULL
        }
        else
        {
            return ,$searchResults
        }
    }
    catch
    {
        $Context.LogMessage("Could not find an object matching the following filter: '$filter'. Error: " + $_.Exception.Message, "Information")
    }
    finally
    {
        # Release resources
	$directoryEntry.Dispose()
        $searcher.Dispose()
    }
}

# Check whether CSV file exists
if (!(Test-Path -Path $csvFilePath))
{
	$Context.LogMessage("File '$csvFilePath' was not found.", "Warning")
	return
}

$records = Import-Csv -Path $csvFilePath

# Find group
$searchResults = SearchObjectInEDirectory "(&(objectClass=group)(name=$groupName))" $eDirectoryServer $adminDN $adminPassword
if ($searchResults -eq $NULL)
{
    $Context.LogMessage("Group '$groupName' not found", "Warning")
    return
}
elseif ($searchResults.Count -gt 1)
{
    $Context.LogMessage("Found more than one group with name '$groupName'", "Warning")
    return
}
else
{
    $groupInfo = $searchResults[0]
}

# Find user
foreach ($record in $records)
{
	$userName = $record.$userIdentityColumn
	$searchResults = SearchObjectInEDirectory "(&(objectClass=person)(name=$userName))" $eDirectoryServer $adminDN $adminPassword
	if ($searchResults -eq $NULL)
	{
		$Context.LogMessage("User '$userName' not found", "Warning")
		continue
	}
	elseif ($searchResults.Count -gt 1)
	{
		$Context.LogMessage("Found more than one user with name '$userName'", "Warning")
		continue
	}
	else
	{
		$userInfo = $searchResults[0]
	}

	# Add user to group
	$userDN = $userInfo.Path.Replace("LDAP://$eDirectoryServer/", "")
	$groupDN = $groupInfo.Path.Replace("LDAP://$eDirectoryServer/", "")
	try
	{
		# Update user
		$userDirectoryEntry = New-Object System.DirectoryServices.DirectoryEntry($userInfo.Path, $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
		$userDirectoryEntry.Properties["securityEquals"].Add($groupDN)
		$userDirectoryEntry.Properties["groupMembership"].Add($groupDN)
		$userDirectoryEntry.CommitChanges()

		# Update group
		$groupDirectoryEntry = New-Object System.DirectoryServices.DirectoryEntry($groupInfo.Path, $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
		$groupDirectoryEntry.Properties["equivalentToMe"].Add($userDN)
		$groupDirectoryEntry.Properties["member"].Add($userDN)
		$groupDirectoryEntry.CommitChanges()
	}
	catch
	{
		$Context.LogMessage("An error occurred when adding user to eDirectory group. Error: " + $_.Exception.Message, "Warning")
	}
	finally
	{
		$userDirectoryEntry.Dispose()
	}
}
avatar
Pablo bar
Feb 01, 2020
Thankyou for this one. Can I get a bulk user creation in Campus Lan
avatar
Support
Feb 03, 2020

Hello Pablo,

Have a look at the following script from our repository:https://www.adaxes.com/script-repository/import-new-and-updated-users-from-csv-file-s246.htm. If that is not what you need, please, describe the desired workflow in all the possible details? A live example would be very helpful.

avatar
Pablo
Feb 01, 2020
I need a script that add bulk user to a multiple groups, handled in a single csv. Like in csv there would be two columns one for username, other for groups name they should be added. Kindly help with this scenario
avatar
Support
Feb 03, 2020

Hello Pablo,

Have a look at the following script from our repository: https://www.adaxes.com/script-repository/add-users-to-novel-edirectory-groups-from-csv-s567.htm.

avatar
Paul Morrison
Jul 10, 2020
Hey There,

Any chance you have a script that will parse and return all LDAP attributes in eDirectory via Powershell?
Thanks!
avatar
Support
Jul 13, 2020

Hello Paul,

Unfortunately, we do not have such a script in our repository.

avatar
Nekk
Jul 20, 2020
Hello,

Can i get a script to delete "Shared mailbox" from Active directory in bulk
avatar
Support
Jul 21, 2020

Hello,

Sorry for the confusion, but we are not sure what exactly you need the script to do. Could you, please, describe the desired bahaviour in all the possible details with live examples?

Leave a comment