Script Repository


Add users matching search criteria to a specific group

March 26, 2021
166

The script adds users whose value of specific properties all match the values specified in custom command parameters to a group specified in the command parameter. The parameters specifying property values should be of text type. The parameter specifying the groups to add users to should be of AD object picker type. Each time the script fully overwrites membership of the group. For information on how to create custom commands with parameters, have a look at the following tutorial: https://www.adaxes.com/tutorials_ActiveDirectoryManagement_CreateCustomCommand.htm.

Parameters:

  • $companyParameterName - Specifies the name of the parameter used to specify the Company property value with the param- prefix.
  • $titleParameterName - Specifies the name of the parameter used to specify the Job Title property value with the param- prefix.
  • $departmentParameterName - Specifies the name of the parameter used to specify the Department property value with the param- prefix.
  • $generationQualifierParameterName - Specifies the name of the parameter used to specify the Generation Qualifier property value with the param- prefix.
  • $groupDNParameterName - Specifies the name of the parameter used to specify the group to add users to with the param- prefix.
Edit Remove
PowerShell
$companyParameterName = "param-company" # TODO: modify me
$titleParameterName = "param-title" # TODO: modify me
$departmentParameterName = "param-department" # TODO: modify me
$generationQualifierParameterName = "param-generationQualifier" # TODO: modify me
$groupDNParameterName = "param-group" # TODO: modify me

# Get parameter values
$company = $Context.GetParameterValue($companyParameterName)
$title = $Context.GetParameterValue($titleParameterName)
$department = $Context.GetParameterValue($departmentParameterName)
$generationQualifier = $Context.GetParameterValue($generationQualifierParameterName)
$groupDN = $Context.GetParameterValue($groupDNParameterName)

# Search users
$searcher = New-Object Softerra.Adaxes.Adsi.Search.DirectorySearcher $NULL, $False
$searcher.SearchParameters.Filter = "(&(sAMAccountType=805306368)(company=$company)(title=$title)(department=$department)(generationQualifier=$generationQualifier))"
$searcher.VirtualRoot = $True
$searcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.SearchParameters.PageSize = 500

try
{
    # Execute search
    $searchIterator = $searcher.ExecuteSearch()
    $searchResults = $searchIterator.FetchAll()
    
    if ($searchResults.Length -eq 0)
    {
        $memberDNs = $NULL
    }
    else
    {
        $memberDNs = $searchResults | %%{$_.Properties["distinguishedName"].Value}
    }
    
    # Update group
    $group = $Context.BindToObjectByDN($groupDN)
    $group.Put("member", $memberDNs)
    $group.SetInfo()
}
finally
{
    # Release resources
    if ($searchIterator) { $searchIterator.Dispose() }
}

Comments ( 0 )
No results found.
Leave a comment

Related Scripts