Script Repository


Set UPN suffix based on Organizational Unit

March 02, 2016
1465

The script sets a UPN suffix for a user based on the Organizational Unit where the user is located. If multiple UPN suffixes are defined, the 1st one in the list is used.

Possible UPN suffixes are specified via the UPN-Suffixes (LDAP name: uPNSuffixes) attribute of an Organizational Unit.

You can add the script in Adaxes Business Rules, Custom Commands and Scheduled Tasks using the Run a program or PowerShell script action. For example, you can create a Business Rule that run it immediately after creating a user.

Edit Remove
PowerShell
# Bind to the container where the user is located
$parent = $Context.BindToObject($Context.TargetObject.Parent)

function GetUpnSuffix ($containerDN)
{
    # Check container DN
    $dn = New-Object "Softerra.Adaxes.Ldap.DN" $containerDN
    if ($dn -eq "%adm-DomainDN%")
    {
        return $NULL # The user was created in the root of the domain
    }
    
    # Bind to the parent
    $parent = $Context.BindToObjectByDN($dn)
    
    # Get UPN suffix from parent
    try
    {
        $upnSuffixes = $parent.GetEx("uPNSuffixes")
        return $upnSuffixes[0]
    }
    catch
    {
        # Try getting UPN suffix from upper-level containers
        $upnSuffix = GetUpnSuffix $dn.Parent
    }
    return $upnSuffix
}

# Get UPN suffix
$path = New-Object "Softerra.Adaxes.Adsi.AdsPath" $Context.TargetObject.Parent
$upnSuffix = GetUpnSuffix $path.DN

if ([System.String]::IsNullOrEmpty($upnSuffix))
{
    return # Cannot get UPN suffix from all parents
}

# Get User Principal Name
$userPrincipalName = "%userPrincipalName%"
if ([System.String]::IsNullOrEmpty($userPrincipalName))
{
    $Context.LogMessage("Cannot assign a UPN suffix because the user does not have a User Principal Name", "Error")
    return
}

# Build new User Principal Name
$userPrincipalName = $userPrincipalName.SubString(0, $userPrincipalName.IndexOf("@")) + "@" + $upnSuffix.Trim("@")

# Update User Principal Name
$Context.TargetObject.Put("userPrincipalName", $userPrincipalName)
$Context.TargetObject.SetInfo()

Comments ( 0 )
No results found.
Leave a comment