Script Repository

Create LDAP filter to find all groups where subordinates of the user are members

February 18, 2021

The script creates an LDAP filter that allows finding all the groups where subordinates of the user are members and saves the filter to the attribute of the user account. To run the script, create a business rule, custom command or scheduled task configured for the User object type.

For an object to be a subordinate, a user must be specified in the Manager property of the object.


  • $propertyForLDAPFilter - Specifies the LDAP property name of the property that will be used to store the LDAP filter.

Edit Remove
$propertyForLDAPFilter = "adm-CustomAttributeText1" # TODO: modify me

    # Get GUIDs of user subordinates
    $directReportDNs = $Context.TargetObject.GetEx("directReports")
    # Set an empty GUID as the filter
    $Context.TargetObject.Put($propertyForLDAPFilter, "(objectGuid=\00)")

# Build filter
$ldapFilter = New-Object "System.Text.StringBuilder"
foreach ($dn in $directReportDNs)
    $filterPart = [Softerra.Adaxes.Ldap.FilterBuilder]::Create("member", $dn)

# Save the filter
$Context.TargetObject.Put($propertyForLDAPFilter, $ldapFilter.ToString())

Comments ( 2 )
Kristoffer Johansson
Nov 18, 2021
This is an interesting script, but how do I use the ldapstring? I tried to use the %CustomAttributeText% as an ldap string in a report but there were escaped characters that made it useless. Please advice.
Nov 18, 2021

For example, you can use it in a Web interface action to limit the object selection.
Leave a comment

Related Scripts