We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script Repository

Create LDAP filter to find all groups where subordinates of the user are members

The script creates an LDAP filter that allows finding all the groups where subordinates of the user are members and saves the filter to the attribute of the user account. To run the script, create a business rule, custom command or scheduled task configured for the User object type.

For an object to be a subordinate, a user must be specified in the Manager property of the object.


  • $propertyForLDAPFilter - Specifies the LDAP property name of the property that will be used to store the LDAP filter.

Edit Remove
$propertyForLDAPFilter = "adm-CustomAttributeText1" # TODO: modify me

    # Get GUIDs of user subordinates
    $directReportDNs = $Context.TargetObject.GetEx("directReports")
    # Set an empty GUID as the filter
    $Context.TargetObject.Put($propertyForLDAPFilter, "(objectGuid=\00)")

# Build filter
$ldapFilter = New-Object "System.Text.StringBuilder"
foreach ($dn in $directReportDNs)
    $filterPart = [Softerra.Adaxes.Ldap.FilterBuilder]::Create("member", $dn)

# Save the filter
$Context.TargetObject.Put($propertyForLDAPFilter, $ldapFilter.ToString())

Comments 2
Kristoffer Johansson Nov 18, 2021
This is an interesting script, but how do I use the ldapstring? I tried to use the %CustomAttributeText% as an ldap string in a report but there were escaped characters that made it useless. Please advice.
Support Nov 18, 2021

For example, you can use it in a Web interface action to limit the object selection.
Kristoffer Johansson Nov 29, 2021
Thanks for the clarification! This works great and is my last piece of my onboarding puzzle. Thanks!
Leave a comment

Got questions?

Support Questions & Answers