Script Repository


Add users except users located in particular Organizational Units to Unmanaged Accounts

August 15, 2017
1475

The script adds all users except users located in particular Organizational Units to Unmanaged Accounts.

To keep the list of Unmanaged Accounts in line with changes in your AD, you need to create a Scheduled Task configured for the Domain-DNS object type that runs the script and assign it over any of your AD domains.

Parameter:

  • $managedOuDNs - specifies the Distinguished Names (DNs) of the Organizational Units you want to manage with the help of Adaxes.
Edit Remove
PowerShell
$managedOuDNs = @("OU=My OU 1,DC=domain,DC=com", "OU=My OU 1,DC=domain,DC=com") #TODO: modify me

function GetUserSids($managedOuDNs, $allUnmanagedSids)
{
    $searcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher" $NULL, $False
    $searcher.SearchParameters.Filter = "(sAMAccountType=805306368)"
    $searcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.SearchParameters.PageSize = 500
    $searcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    $searcher.SearchParameters.VirtualRoot = $True
    $searcher.SetPropertiesToLoad(@("objectSid","distinguishedName"))

    try
    {
        $searcherResult = $searcher.ExecuteSearch()
        foreach ($user in $searcherResult.FetchAll())
        {
            $userDN = New-Object "Softerra.Adaxes.LDAP.DN" $user.Properties["distinguishedName"].Value
            $addToUnmanagedAccounts = $True
            foreach ($ouDN in $managedOuDNs)
            {
                if($userDN.IsDescendantOf($ouDN))
                {
                    $addToUnmanagedAccounts = $False
                    break
                }
            }
            
            if (!($addToUnmanagedAccounts))
            {
                continue
            }
     
            $sidBytes = $user.Properties["objectSid"].Value
            $sid = New-Object "Softerra.Adaxes.Adsi.Sid" @($sidBytes, 0)
     
            $allUnmanagedSids.Add($sid.Value) | Out-Null
        }
    }
    finally
    {
        $searcherResult.Dispose()
    }
}

# Create an empty hash set for SIDs of Unmanaged Accounts
$allUnmanagedSids = New-Object "System.Collections.Generic.HashSet[String]"

# Get SIDs of all users who are not located under the managed OUs
GetUserSids $managedOuDNs $allUnmanagedSids

# Bind to the 'Configuration Set Settings' object
$configurationSetSettingsPath = $Context.GetWellKnownContainerPath("ConfigurationSetSettings")
$admConfigurationSetSettings = $Context.BindToObject($configurationSetSettingsPath)

# Update Unmanaged Accounts
$admConfigurationSetSettings.SetUnmanagedAccounts(@($allUnmanagedSids))


Comments ( 0 )
No results found.
Leave a comment