The script adds all users matching the specified criteria or LDAP filter to the unmanaged list. To execute the script, create a scheduled task configured for the Domain object type and assign it over any of your managed domains.
Parameters:
- $unmanagedCriteria - Specifies the criteria for adding accounts to the unmanaged list. For details on how to build criteria, see How to build criteria.
- $filter - Leave this variable as
$null
to use criteria. To use an LDAP filter instead of criteria, specify a filter that users should match to be added to the unmanaged list. If a filter is specified, any specified criteria will be ignored. - $replaceCurrentlyUnmanagedAccounts - Specifies whether to replace the users that are currently unmanaged with those obtained according to the filter or add the users to the existing unmanaged accounts list.
PowerShell
$unmanagedCriteria = New-AdmCriteria "user" {department -eq "Sales"} # TODO: modify me
$ldapFilter = $null # TODO: modify me
$replaceCurrentlyUnmanagedAccounts = $true # TODO: modify me
# Build criteria
$criteria = New-AdmCriteria "user" {accountDisabled -eq $false -and accountExpires -expired $false}
if ($ldapFilter)
{
# Use LDAP filter if not empty
$ldapCriteria = $criteria.CreateAdvanced()
$ldapCriteria.SetLdapFilter($ldapFfilter)
$criteria["user"].Add($ldapCriteria)
}
else
{
# Use criteria
$criteria = $criteria.MergeWith($unmanagedCriteria, "AND")
}
# Find users and get their SIDs
$searcher = $Context.TargetObject
$searcher.Criteria = $criteria
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.VirtualRoot = $True
try
{
$searchResultIterator = $searcher.ExecuteSearch()
$searchResults = $searchResultIterator.FetchAll()
$allUnmanagedSids = New-Object "System.Collections.Generic.HashSet[String]"
foreach ($searchResult in $searchResults)
{
$sidBytes = $searchResult.Properties["objectSid"].Value
$sid = New-Object "Softerra.Adaxes.Adsi.Sid" @($sidBytes, 0)
[void]$allUnmanagedSids.Add($sid.Value)
}
}
finally
{
# Release resources
if ($searchResultIterator){ $searchResultIterator.Dispose() }
}
# Add users to unmanaged accounts
$configurationSetSettingsPath = $Context.GetWellKnownContainerPath("ConfigurationSetSettings")
$configurationSetSettings = $Context.BindToObject($configurationSetSettingsPath)
if (!$replaceCurrentlyUnmanagedAccounts)
{
# Fetch user accounts that are already unmanaged
$currentUnmanagedAccounts = $configurationSetSettings.GetUnmanagedAccounts(@())
$currentUnmanagedAccounts | %%{[void]$allUnmanagedSids.Add($_.Key)}
}
# Save changes
$configurationSetSettings.SetUnmanagedAccounts(@($allUnmanagedSids))