We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script repository

Add users to unmanaged list based on criteria or LDAP filter

December 05, 2022 Views: 1111

The script adds all users matching the specified criteria or LDAP filter to the unmanaged list. To execute the script, create a scheduled task configured for the Domain object type and assign it over any of your managed domains.


  • $unmanagedCriteria - Specifies the criteria for adding accounts to the unmanaged list. For details on how to build criteria, see How to build criteria.
  • $filter - Leave this variable as $null to use criteria. To use an LDAP filter instead of criteria, specify a filter that users should match to be added to the unmanaged list. If a filter is specified, any specified criteria will be ignored.
  • $replaceCurrentlyUnmanagedAccounts - Specifies whether to replace the users that are currently unmanaged with those obtained according to the filter or add the users to the existing unmanaged accounts list.
Edit Remove
$unmanagedCriteria = New-AdmCriteria "user" {department -eq "Sales"} # TODO: modify me
$ldapFilter = $null # TODO: modify me
$replaceCurrentlyUnmanagedAccounts = $true # TODO: modify me

# Build criteria
$criteria = New-AdmCriteria "user" {accountDisabled -eq $false -and accountExpires -expired $false}
if ($ldapFilter)
    # Use LDAP filter if not empty
    $ldapCriteria = $criteria.CreateAdvanced()
    # Use criteria
    $criteria = $criteria.MergeWith($unmanagedCriteria, "AND")           

# Find users and get their SIDs
$searcher = $Context.TargetObject
$searcher.Criteria = $criteria
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.VirtualRoot = $True

    $searchResultIterator = $searcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()
    $allUnmanagedSids = New-Object "System.Collections.Generic.HashSet[String]"
    foreach ($searchResult in $searchResults)
        $sidBytes = $searchResult.Properties["objectSid"].Value
        $sid = New-Object "Softerra.Adaxes.Adsi.Sid" @($sidBytes, 0)
    # Release resources
    if ($searchResultIterator){ $searchResultIterator.Dispose() }

# Add users to unmanaged accounts
$configurationSetSettingsPath = $Context.GetWellKnownContainerPath("ConfigurationSetSettings")
$configurationSetSettings = $Context.BindToObject($configurationSetSettingsPath)

if (!$replaceCurrentlyUnmanagedAccounts)
    # Fetch user accounts that are already unmanaged
    $currentUnmanagedAccounts = $configurationSetSettings.GetUnmanagedAccounts(@())
    $currentUnmanagedAccounts | %%{[void]$allUnmanagedSids.Add($_.Key)}

# Save changes
Comments 0
Leave a comment

Got questions?

Support Questions & Answers