The script creates an LDAP filter that allows finding all objects managed by the user on which the script is executed and saves it to a certain attribute of the user account. The filter will include both objects managed by the user directly and objects managed via membership in AD groups.
Note: Users are assigned to manage an AD object via the Managed By property of the object.
Parameter:
-
$propertyForFilter - Specifies the LDAP property name of the property that will be used to store the LDAP filter.
To create the LDAP filter for any user on demand, create a custom command that can be executed on User objects and execute it on the users you need. To keep up with changes in your Active Directory, create a scheduled task to update the filters of users on a regular basis.
$propertyForLDAPFilter = "adm-CustomAttributeText1" # TODO: modify me
try
{
# Get GUIDs of all objects managed by the user
$managedObjectGuids = $Context.TargetObject.GetEx("adm-ManagedObjectsGuid")
}
catch
{
# Set an empty GUID as the filter so no objects are returned
$Context.TargetObject.Put($propertyForLDAPFilter, "(objectGuid=\00)")
$Context.TargetObject.SetInfo()
return
}
# Build filter
$ldapFilter = New-Object "System.Text.StringBuilder"
[Void]$ldapFilter.Append("(|")
foreach ($guid in $managedObjectGuids)
{
$filterPart = [Softerra.Adaxes.Ldap.FilterBuilder]::Create("ObjectGuid", $guid)
[Void]$ldapFilter.Append($filterPart)
}
[Void]$ldapFilter.Append(")")
# Save filter to the property specified
$Context.TargetObject.Put($propertyForLDAPFilter, $ldapFilter.ToString())
$Context.TargetObject.SetInfo()The script can be used to build a business unit that will present each user with a list of all their managed objects. For information on how to create such a business unit, see Example 3 under Query Results in Group AD Objects Based on Logged In User.
For the LDAP filter, specify a value reference for the property that you used in $propertyForFilter. For example, if you specified adm-CustomAttributeText1, use the following value reference: %adm-CustomAttributeText1%.
