We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script Repository

Check whether user performing an operation manages the OU where target object is located

January 15, 2016 Views: 1964

The script can be used to check whether an operation is performed by a user who manages the OU where the target object is located. It can be used in the If PowerShell returns true condition. The condition is met, when the user does not manage the OU.

Edit Remove
PowerShell
# Bind to the OU where the target object is located
$parent = $Context.BindToObject($Context.TargetObject.Parent)

# Get parent OU owner
$Context.ConditionIsMet = $True
try
{
    $ownerDN = $parent.Get("managedBy")
}
catch
{
    return
}

# Check whether initiator is the owner
if ($ownerDN -eq "%adm-InitiatorDN%")
{
    $Context.ConditionIsMet = $False
    return
}

# Check whether owner is a group
$owner = $Context.BindToObjectByDN($ownerDN)

if ($owner.Class -ne "Group")
{
    return
}

# Get group members
try
{
    $memberGuidsBytes = $owner.GetEx("adm-MembersGuid")
}
catch
{
    return # The group has no members
}

# Check whether initiator is a member of the group
$initiatorGuid = [Guid]"%adm-InitiatorGuid%"
foreach ($guidBytes in $memberGuidsBytes)
{
    $guid = [Guid]$guidBytes
    if ($guid -ne $initiatorGuid)
    {
        continue
    }
    
    # Initiator is a member of the group that owns the OU
    $Context.ConditionIsMet = $False
    return
}

Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers