Script Repository


Copy group membership from specified user

October 11, 2021
264

The script copies group membership from the user specified to the target user.

Using a custom command parameter

The script copies group membership from the user specified in an AD object picker parameter of a custom command to the target user.

Parameters:

  • $sourceUserDNParamName - Specifies the name of the parameter used to select the source user with the param- prefix.
  • $replaceGroups - If set to $True, the script will replace all the target user group membership with that of the source user. If set to $False, the target user will retain its group membership and will be added to the groups the source user is a member of.
Edit Remove
PowerShell
$sourceUserDNParamName = "param-User" # TODO: modify me
$replaceGroups = $True # TODO: modify me

# Bind to the source user
$sourceUserDN = $Context.GetParameterValue($sourceUserDNParamName)
$sourceUser = $Context.BindToObjectByDN($sourceUserDN)

# Get groups to add
$groupGuidsToAdd = New-Object "System.Collections.Generic.HashSet[System.Guid]"
$sourceUser.GetEx("adm-DirectMemberOfGuid") | %%{[void]$groupGuidsToAdd.Add([Guid]$_)}

# Get current groups
$currentGroupGuids = New-Object "System.Collections.Generic.HashSet[System.Guid]"
$Context.TargetObject.GetEx("adm-DirectMemberOfGuid") | %%{[void]$currentGroupGuids.Add([Guid]$_)}

# Update groups
foreach ($guidBytes in $groupGuidsToAdd)
{
    $guid = [Guid]$guidBytes
    if ($currentGroupGuids.Remove($guid))
    {
        continue
    }
    
    $group = $Context.BindToObjectEx("Adaxes://<GUID=$guid>", $True)
    $group.Add($Context.TargetObject.AdsPath)
}

if ($replaceGroups)
{
    # Get the primary group ID
    $primaryGroupId = $Context.TargetObject.Get("primaryGroupID")
    
    foreach ($guidBytes in $currentGroupGuids)
    {
        $guid = [Guid]$guidBytes
        $group = $Context.BindToObjectEx("Adaxes://<GUID=$guid>", $True)

        # Skip the group if it is the user's Primary Group
        if ($group.Get("primaryGroupToken") -eq $primaryGroupId)
        {
            continue
        }
        
        $group.Remove($Context.TargetObject.AdsPath)
    }
}

Using a DN syntax property

The script copies group membership from the user specified in a DN syntax property (e.g. Assistant) of the target user.

Parameters:

  • $sourceUserDNPropertyName - Specifies the LDAP name of the DN syntax property storing the user to copy membership from.
  • $replaceGroups - If set to $True, the script will replace all the target user group membership with that of the source user. If set to $False, the target user will retain its group membership and will be added to the groups the source user is a member of.
Edit Remove
PowerShell
$sourceUserDNPropertyName = "assistant" # TODO: modify me
$replaceGroups = $True # TODO: modify me

# Bind to the source user
$sourceUserDN = $Context.TargetObject.Get($sourceUserDNPropertyName)
$sourceUser = $Context.BindToObjectByDN($sourceUserDN)

# Get groups to add
$groupGuidsToAdd = New-Object "System.Collections.Generic.HashSet[System.Guid]"
$sourceUser.GetEx("adm-DirectMemberOfGuid") | %%{[void]$groupGuidsToAdd.Add([Guid]$_)}

# Get current groups
$currentGroupGuids = New-Object "System.Collections.Generic.HashSet[System.Guid]"
$Context.TargetObject.GetEx("adm-DirectMemberOfGuid") | %%{[void]$currentGroupGuids.Add([Guid]$_)}

# Update groups
foreach ($guidBytes in $groupGuidsToAdd)
{
    $guid = [Guid]$guidBytes
    if ($currentGroupGuids.Remove($guid))
    {
        continue
    }
    
    $group = $Context.BindToObjectEx("Adaxes://<GUID=$guid>", $True)
    $group.Add($Context.TargetObject.AdsPath)
}

if ($replaceGroups)
{
    # Get the primary group ID
    $primaryGroupId = $Context.TargetObject.Get("primaryGroupID")
    
    foreach ($guidBytes in $currentGroupGuids)
    {
        $guid = [Guid]$guidBytes
        $group = $Context.BindToObjectEx("Adaxes://<GUID=$guid>", $True)

        # Skip the group if it is the user's Primary Group
        if ($group.Get("primaryGroupToken") -eq $primaryGroupId)
        {
            continue
        }
        
        $group.Remove($Context.TargetObject.AdsPath)
    }
}

Comments ( 0 )
No results found.
Leave a comment

Related Scripts