The script updates properties of a user account in the resource domain based on the values of the corresponding account in the primary domain. To execute the script, create a custom command, business rule or scheduled task configured for the User object type.
Parameters:
- $targetDomainDN - Specifies the distinguished name (DN) of the resource domain. For information on how to get an object DN, see http://adaxes.com/sdk/HowDoI.GetDnOfObject/.
- $propertyToSearch - Specifies the LDAP name of an AD property whose value will be used to find the user to update in the resource domain.
- $dnPropertiesToUpdate - Maps LDAP names of the DN syntax properties that should be updated with LDAP names of the corresponding object properties that will be used to find objects in the resource domain.
- $otherPropertiesToUpdate - Specifies LDAP names of non-DN syntax properties to be updated for the user in the resource domain.
PowerShell
$targetDomainDN = "DC=TargetDomain,DC=com" # TODO: modify me
$propertyToSearch = "sAMAccountName" # TODO: modify me
$dnPropertiesToUpdate = @{
"manager" = "sAMAccountName"
} # TODO: modify me
$otherPropertiesToUpdate = @("description", "title", "department", "adm-CustomAttributeTextMultiValue1") # TODO: modify me
function SearchObjects($filter, $containerDN)
{
$searcher = $Context.BindToObject("Adaxes://$containerDN")
$searcher.SearchFilter = $filter
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SizeLimit = 2
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
try
{
# Execute search
$searchResultIterator = $searcher.ExecuteSearch()
$searchResults = $searchResultIterator.FetchAll()
return ,$searchResults
}
finally
{
# Release resources
if ($searchResultIterator){ $searchResultIterator.Dispose() }
}
}
# Get the search property value
try
{
$userID = $Context.TargetObject.Get($propertyToSearch)
}
catch
{
$Context.LogMessage("Property $propertyToSearch is empty.", "Warning")
return
}
# Search user in resource domain
$searchResults = SearchObjects "(&(sAMAccountType=805306368)($propertyToSearch=$userID))" $targetDomainDN
if ($searchResults.Length -eq 0)
{
$Context.LogMessage("No user account founded in the target domain.", "Warning")
return
}
elseif ($searchResults.Length -gt 1)
{
$Context.LogMessage("Found more than one user account in the target domain.", "Warning")
return
}
$targetUser = $Context.BindToObjectBySearchResult($searchResults[0])
# Update DN syntax properties
foreach ($propertyName in $dnPropertiesToUpdate.Keys)
{
try
{
$sourceDNs = $Context.TargetObject.GetEx($propertyName)
}
catch
{
$targetUser.Put($propertyName, $NULL)
continue
}
$targetDNs = New-Object System.Collections.ArrayList
foreach ($dn in $sourceDNs)
{
$object = $Context.BindToObjectByDN($dn)
$objectIDPropertyName = $dnPropertiesToUpdate[$propertyName]
try
{
$objectID = $object.Get($objectIDPropertyName)
}
catch
{
$Context.LogMessage("Object '$dn' has no value for property $objectIDPropertyName", "Warning")
continue
}
$searchResults = SearchObjects "($objectIDPropertyName=$objectID)" $targetDomainDN
if ($searchResults.Length -eq 0)
{
$Context.LogMessage("Object $objectID not found.", "Warning")
continue
}
elseif ($searchResults.Length -gt 1)
{
$Context.LogMessage("Found more than one object with the following id $objectID", "Warning")
continue
}
$targetDNs.Add($searchResults[0].Properties["distinguishedName"].Value)
}
if ($targetDNs.Count -eq 0)
{
continue
}
$targetUser.Put($propertyName, $targetDNs.ToArray())
}
# Update other properties
foreach ($propertyName in $otherPropertiesToUpdate)
{
try
{
$values = $Context.TargetObject.GetEx($propertyName)
}
catch
{
$values = $NULL
}
$targetUser.Put($propertyName, $values)
}
# Save changes
$targetUser.SetInfo()