Script Repository

Set manager for users in specific OUs

July 01, 2021

The script finds a user with a specific property value in a specific OU and sets the user as manager of all other accounts in the OU. To execute the script, create a scheduled task configured for the Domain-DNS object type and add a managed domain to the Activity Scope of the task.


  • $propertyName - Specifies the LDAP name of the property whose value wil be checked to determine managers.
  • $valueToOuDN - maps values of the property specified in variable $propertyName with distinguished names (DNs) of the corresponding OUs. For information on how to get an object DN, see Get the DN of a directory object.
Edit Remove
$propertyName = "title" # TODO: modify me
$valueToOuDN = @{
    "Value1" = "OU=Users1,DC=domain,DC=com"
    "Value2" = "OU=Users2,DC=domain,DC=com"
} # TODO: modify me

function SearchObjects($filter, $ouDN)
    $searcher = $Context.BindToObjectByDN($ouDN)
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
        # Execute search
        $searchIterator = $searcher.ExecuteSearch()
        $searchResults = $searchIterator.FetchAll()
        return ,$searchResults
        # Release resources
        if ($searchIterator){ $searchIterator.Dispose() }

foreach ($value in $valueToOuDN.Keys)
    # Search manager
    $searchResults = SearchObjects "(&(sAMAccountType=805306368)($propertyName=$value))" $valueToOuDN[$value]
    if ($searchResults.Length -eq 0)
        $Context.LogMessage("Manager with value $value not found.", "Warning")
    elseif ($searchResults.Length -gt 1)
        $Context.LogMessage("Found more than one manager with the following value $value", "Warning")
    $managerDN = $searchResults[0].Properties["distinguishedName"].Value
    # Search users
    $filterManager = [Softerra.Adaxes.Ldap.FilterBuilder]::Create("manager", $managerDN)
    $filterDistinguishedName = [Softerra.Adaxes.Ldap.FilterBuilder]::Create("distinguishedName", $managerDN)
    $searchResults = SearchObjects "(&(sAMAccountType=805306368)(!$filterManager)(!$filterDistinguishedName))" $valueToOuDN[$value]
    foreach ($searchResult in $searchResults)
        $user = $Context.BindToObjectBySearchResult($searchResult)
        $user.Put("manager", $managerDN)

Comments ( 0 )
No results found.
Leave a comment