We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script Repository

Remove actions with empty groups from custom commands, business rules and scheduled tasks

February 25, 2021 Views: 782

The script removes all the Add to group and Remove from group actions that do not have a group specified from all custom commands, business rules and scheduled tasks. Such situations can happen if the group specified in an action was removed. The script also sends an email notification containing a record like the following for each removed action if at least one action was removed:

Removed action with blank group from Deprovision Custom Command

To run the script, create a scheduled task configured for the Domain-DNS object type and add a managed domain to the Activity Scope of the task.


  • $to - Specifies the email address to which the script will send the notification.
  • $subject - Specifies the subject of the email notification.
Edit Remove
# E-mail settings
$to = "recipient@domain.com" # TODO: modify me
$subject = "Report" # TODO: modify me

function SearchObjects($path, $filter)
    $searcher = $Context.BindToObject($path)
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"

        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()
        return ,$searchResults
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }

# A hashtable with types of configuration objects and their aliases
$configurationObjectInfos = @{
    "BusinessRules" = "adm-BusinessRule", "Business Rule";
    "CustomCommands" = "adm-CustomCommand", "Custom Command";
    "ScheduledTasks" = "adm-ScheduledTask", "Scheduled Task";}

$report = New-Object "System.Text.StringBuilder"
foreach ($alias in $configurationObjectInfos.Keys)
    $configurationContainerPath = $Context.GetWellKnownContainerPath($alias)
    $objectType = $configurationObjectInfos[$alias][0]
    $objectTypeDisplayName = $configurationObjectInfos[$alias][1]
    $searchresults = SearchObjects $configurationContainerPath "(objectCategory=$objectType)"
    # Search actions for the specified string
    foreach ($searchresult in $searchresults)
        # Bind to the business rule, custom command or scheduled task
        $object = $Context.BindToObject($searchresult.AdsPath)
        $objectName = $object.Get("Name")
        # Perform search actions
        for ($i = $object.ConditionedActions.Count - 1; $i -ge 0; $i--)
            # Check actions
            $actionsAndConditionsSet = $object.ConditionedActions.GetObject($i)
            for ($j = $actionsAndConditionsSet.Actions.Count - 1; $j -ge 0; $j--)
                $action = $actionsAndConditionsSet.Actions.GetObject($j)
                if ($action.Class -ne "adm-ChangeGroupMembershipAction")
                $actionObject = $action.GetAction()
                if (![System.String]::IsNullOrEmpty($actionObject.GroupDnTemplate))
                $groupGuid = [Guid]$action.Get("adm-GroupGuid")
                    $group = $Context.BindToObject("Adaxes://<Guid=$groupGuid>")
                    # Remove action
                    [void]$report.AppendLine("Removed action with blank group from $objectName $objectTypeDisplayName")
            if ($actionsAndConditionsSet.Actions.Count -eq 0)
# No actions foound, exit
if ($report.Length -eq 0)

# Send mail
$Context.SendMail($to, $subject, $report.ToString(), $NULL)
Comments 0
Leave a comment

Got questions?

Support Questions & Answers