The script copies group membership from the user specified in an AD object picker parameter of a custom command to the target user.
Parameters:
- $sourceUserDNParamName - Specifies the name of the parameter used to select the source user with the param- prefix.
- $replaceGroups - If set to $True, the script will replace all the target user group membership with that of the source user. If set to $False, the target user will retain its group membership and will be added to the groups the source user is a member of.
PowerShell
$sourceUserDNParamName = "param-User" # TODO: modify me
$replaceGroups = $True # TODO: modify me
# Bind to the source user
$sourceUserDN = $Context.GetParameterValue($sourceUserDNParamName)
$sourceUser = $Context.BindToObjectByDN($sourceUserDN)
# Get groups to add
$groupGuidsToAdd = New-Object "System.Collections.Generic.HashSet[System.Guid]"
$sourceUser.GetEx("adm-DirectMemberOfGuid") | %%{[void]$groupGuidsToAdd.Add([Guid]$_)}
# Get current groups
$currentGroupGuids = New-Object "System.Collections.Generic.HashSet[System.Guid]"
$Context.TargetObject.GetEx("adm-DirectMemberOfGuid") | %%{[void]$currentGroupGuids.Add([Guid]$_)}
# Update groups
foreach ($guidBytes in $groupGuidsToAdd)
{
$guid = [Guid]$guidBytes
if ($currentGroupGuids.Remove($guid))
{
continue
}
$group = $Context.BindToObjectEx("Adaxes://<GUID=$guid>", $True)
$group.Add($Context.TargetObject.AdsPath)
}
if ($replaceGroups)
{
# Get the primary group ID
$primaryGroupId = $Context.TargetObject.Get("primaryGroupID")
foreach ($guidBytes in $currentGroupGuids)
{
$guid = [Guid]$guidBytes
$group = $Context.BindToObjectEx("Adaxes://<GUID=$guid>", $True)
# Skip the group if it is the user's Primary Group
if ($group.Get("primaryGroupToken") -eq $primaryGroupId)
{
continue
}
$group.Remove($Context.TargetObject.AdsPath)
}
}