Script Repository

Update property values in property pattern with all existing values

February 24, 2021 Views: 916
Miscellaneous

The script replaces allowed property values in a property pattern with all values of a property specified for existing user accounts. To run the script, create a scheduled task configured for the Domain-DNS object type and add a managed domain to the Activity Scope of the task. The domain will not specify the scope of users that will be searched through and will only be used to trigger execution of the scheduled task. The search criteria are specified in the script.

Script 1: Search and update values for the same property

Parameters

  • $patternName - Specifies the name of the property pattern to update.
  • $propertyToUpdate - Specifies the LDAP name of the property for which the list of allowed values will be updated in a property pattern.
  • $isPropertyRequired - Specifies whether the property should be set as required in the property pattern.
Edit Remove
PowerShell
# Pattern settings
$patternName = "User Pattern" # TODO: modify me
$propertyToUpdate = "departmentNumber" # TODO: modify me
$isPropertyRequired = $True # TODO: modify me

function SearchObjects($filter, $propertyToUpdate, $baseObjectPath, $virtualRoot)
{
    $searcher = $Context.BindToObject($baseObjectPath)
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    if ($propertyToUpdate -ne $NULL)
    {
        $searcher.SetPropertiesToLoad(@($propertyToUpdate))
    }
    $searcher.VirtualRoot = $virtualRoot
    
    try
    {
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()
        
        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

# Search Property Pattern
$propertyPatternsPath = $Context.GetWellKnownContainerPath("PropertyPatterns")

# Run function
$searchResults = SearchObjects "(&(objectClass=adm-PropertyPattern)(name=$patternName))" $NULL $propertyPatternsPath $False
if ($searchResults.Length -eq 0)
{
    $Context.LogMessage("Property pattern '$patternName' not found.", "Warning")
    return
}
elseif ($searchResults.Length -gt 1)
{
    $Context.LogMessage("Found more than one Property pattern with the following name '$patternName'", "Warning")
    return
}
$propertyPatternPath = $searchResults[0].AdsPath

# Search users
$searchResults = SearchObjects "(&(sAMAccountType=805306368)($propertyToUpdate=*))" $propertyToUpdate "Adaxes://RootDSE" $True

$values = New-Object "System.Collections.Generic.HashSet[System.String]"
foreach ($searchResult in $searchResults)
{
    [void]$values.Add($searchResult.Properties[$propertyToUpdate].Value)
}

# Update pattern
$pattern = $Context.BindToObject($propertyPatternPath)

foreach ($item in $pattern.Items)
{
    if ($item.PropertyName -ieq $propertyToUpdate)
    {
        $pattern.Items.Remove($item)
        break
    }
}

if ($values.Count -eq 0)
{
    return
}

# Create a new item
$item = $pattern.Items.Create()
$item.PropertyName = $propertyToUpdate
$item.IsPropertyRequired = $isPropertyRequired

$constraints = $item.GetConstraints()
$constraint = $constraints.Create("ADM_PROPERTYCONSTRAINTTYPE_VALUERANGE")
$constraint.AreValuesDenied = $False
$constraint.Values = @($values)
$constraints.Add($constraint)
$item.SetConstraints($constraints)

# Save the changes
$item.SetInfo()
$pattern.Items.Add($item)

Script 2: Search and update values for different properties

Parameters

  • $patternName - Specifies name of the property pattern to update.
  • $propertyToSearch - Specifies the LDAP name of the property whose values will be used to update the allowed values of the property specified in $propertyToUpdate.
  • $propertyToUpdate - Specifies the LDAP name of the property for which the list of allowed values will be updated in a Property Pattern.
  • $isPropertyRequired - Specifies whether the property should be set as required in the property pattern.
Edit Remove
PowerShell
# Pattern settings
$patternName = "User Pattern" # TODO: modify me
$propertyToSearch = "mail" # TODO: modify me
$propertyToUpdate = "adm-CustomAttributeText1" # TODO: modify me
$isPropertyRequired = $True # TODO: modify me

function SearchObjects($filter, $propertyToSearch, $baseObjectPath, $virtualRoot)
{
    $searcher = $Context.BindToObject($baseObjectPath)
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    if ($propertyToUpdate -ne $NULL)
    {
        $searcher.SetPropertiesToLoad(@($propertyToSearch))
    }
    $searcher.VirtualRoot = $virtualRoot
    
    try
    {
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()
        
        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

# Search Property Pattern
$propertyPatternsPath = $Context.GetWellKnownContainerPath("PropertyPatterns")

# Run function
$searchResults = SearchObjects "(&(objectClass=adm-PropertyPattern)(name=$patternName))" $NULL $propertyPatternsPath $False
if ($searchResults.Length -eq 0)
{
    $Context.LogMessage("Property pattern '$patternName' not found.", "Warning")
    return
}
elseif ($searchResults.Length -gt 1)
{
    $Context.LogMessage("Found more than one Property pattern with the following name '$patternName'", "Warning")
    return
}
$propertyPatternPath = $searchResults[0].AdsPath

# Search users
$searchResults = SearchObjects "(&(sAMAccountType=805306368)($propertyToSearch=*))" $propertyToSearch "Adaxes://RootDSE" $True

$values = New-Object "System.Collections.Generic.HashSet[System.String]"
foreach ($searchResult in $searchResults)
{
    [void]$values.Add($searchResult.Properties[$propertyToSearch].Value)
}

# Update pattern
$pattern = $Context.BindToObject($propertyPatternPath)

foreach ($item in $pattern.Items)
{
    if ($item.PropertyName -ieq $propertyToUpdate)
    {
        $pattern.Items.Remove($item)
        break
    }
}

if ($values.Count -eq 0)
{
    return
}

# Create a new item
$item = $pattern.Items.Create()
$item.PropertyName = $propertyToUpdate
$item.IsPropertyRequired = $isPropertyRequired

$constraints = $item.GetConstraints()
$constraint = $constraints.Create("ADM_PROPERTYCONSTRAINTTYPE_VALUERANGE")
$constraint.AreValuesDenied = $False
$constraint.Values = @($values)
$constraints.Add($constraint)
$item.SetConstraints($constraints)

# Save the changes
$item.SetInfo()
$pattern.Items.Add($item)
Comments 0
Leave a comment
Related Scripts

Got questions?

Support Questions & Answers