Script Repository

Add users to unmanaged list based on criteria or LDAP filter

December 05, 2022 Views: 964
Unmanaged Accounts

The script adds all users matching the specified criteria or LDAP filter to the unmanaged list. To execute the script, create a scheduled task configured for the Domain object type and assign it over any of your managed domains.

Parameters:

  • $unmanagedCriteria - Specifies the criteria for adding accounts to the unmanaged list. For details on how to build criteria, see How to build criteria.
  • $filter - Leave this variable as $null to use criteria. To use an LDAP filter instead of criteria, specify a filter that users should match to be added to the unmanaged list. If a filter is specified, any specified criteria will be ignored.
  • $replaceCurrentlyUnmanagedAccounts - Specifies whether to replace the users that are currently unmanaged with those obtained according to the filter or add the users to the existing unmanaged accounts list.
Edit Remove
PowerShell
$unmanagedCriteria = New-AdmCriteria "user" {department -eq "Sales"} # TODO: modify me
$ldapFilter = $null # TODO: modify me
$replaceCurrentlyUnmanagedAccounts = $true # TODO: modify me

# Build criteria
$criteria = New-AdmCriteria "user" {accountDisabled -eq $false -and accountExpires -expired $false}
if ($ldapFilter)
{
    # Use LDAP filter if not empty
    $ldapCriteria = $criteria.CreateAdvanced()
    $ldapCriteria.SetLdapFilter($ldapFfilter)
    $criteria["user"].Add($ldapCriteria)
}
else
{
    # Use criteria
    $criteria = $criteria.MergeWith($unmanagedCriteria, "AND")           
}


# Find users and get their SIDs
$searcher = $Context.TargetObject
$searcher.Criteria = $criteria
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.VirtualRoot = $True

try
{
    $searchResultIterator = $searcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()
    
    $allUnmanagedSids = New-Object "System.Collections.Generic.HashSet[String]"
    foreach ($searchResult in $searchResults)
    {
        $sidBytes = $searchResult.Properties["objectSid"].Value
        $sid = New-Object "Softerra.Adaxes.Adsi.Sid" @($sidBytes, 0)
        [void]$allUnmanagedSids.Add($sid.Value)
    }
}
finally
{
    # Release resources
    if ($searchResultIterator){ $searchResultIterator.Dispose() }
}

# Add users to unmanaged accounts
$configurationSetSettingsPath = $Context.GetWellKnownContainerPath("ConfigurationSetSettings")
$configurationSetSettings = $Context.BindToObject($configurationSetSettingsPath)

if (!$replaceCurrentlyUnmanagedAccounts)
{
    # Fetch user accounts that are already unmanaged
    $currentUnmanagedAccounts = $configurationSetSettings.GetUnmanagedAccounts(@())
    $currentUnmanagedAccounts | %%{[void]$allUnmanagedSids.Add($_.Key)}
}

# Save changes
$configurationSetSettings.SetUnmanagedAccounts(@($allUnmanagedSids))
Comments 0
Leave a comment
Related Scripts

Got questions?

Support Questions & Answers