The script adds or removes a membership rule for the target object from a predefined business unit. The script can be executed in a custom command, scheduled task or business rule.
Parameters:
- $unitDN - Specifies the distinguished name (DN) of the business unit whose membership rules will be updated. For information on how to get the DN of an object, see Get the DN of a directory object.
Script 1: Add membership rule
PowerShell
$unitDN = "CN=Unit,CN=Business Units,CN=Configuration Objects,CN=Adaxes Configuration,CN=Adaxes" # TODO: modify me
# Bind to business unit
$unit = $Context.BindToObjectByDN($unitDN)
# Check weather user already is member of business unit
if ($unit.IsMember($Context.TargetObject))
{
return
}
# Add membership rule to business unit
$rules = $unit.GetMembershipRules()
$includeRule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$includeRule.Exclude = $False
$includeRule.Object = $Context.TargetObject
$rules.Add($includeRule)
# Update business unit
$unit.SetMembershipRules($rules)
$unit.SetInfo()Script 2: Remove membership rule
PowerShell
$unitDN = "CN=Unit,CN=Business Units,CN=Configuration Objects,CN=Adaxes Configuration,CN=Adaxes" # TODO: modify me
# Bind to Business Unit
$unit = $Context.BindToObjectByDN($unitDN)
# Check weather user already is member of Business Unit
if (!$unit.IsMember($Context.TargetObject))
{
return
}
# Add membership rule to Business Unit
$rules = $unit.GetMembershipRules()
# Find Membership Rule for the user and remove it
foreach ($rule in $rules)
{
if (!$rule.IsObjectAffected($Context.TargetObject))
{
continue
}
# Save changes
$rules.Remove($rule)
break
}
# Update Business Unit
$unit.SetMembershipRules($rules)
$unit.SetInfo()