We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script repository

Users who are members of a certain number of groups

June 24, 2025 Views: 1138

The script generates a report that includes users who are members of a certain number of groups determined by a property value. For information on how to create reports, see Create Report

Parameters:

  • $valueToSearch - Specifies the value that will be used to search groups.
  • $propertyToSearchIn - Specifies the LDAP name of the property, whose values will be used to search groups.
  • $groupCount - Specifies the minimum number of groups a user should be a member of to be included into the report.
Edit Remove
PowerShell
$valueToSearch = "My Value" # TODO: modify me
$propertyToSearchIn = "info" # TODO: modify me
$groupCount = 5 # TODO: modify me

# Search for groups
$groupSearcher = New-Object Softerra.Adaxes.Adsi.Search.DirectorySearcher $NULL, $False
$groupSearcher.VirtualRoot = $True
$groupSearcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
$groupSearcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$groupSearcher.SearchParameters.Criteria = New-AdmCriteria "group" -Expression {$propertyToSearchIn -eq $valueToSearch}
$groupSearcher.SearchParameters.PageSize = 500
$groupSearcher.SetPropertiesToLoad(@("objectGUID"))
try
{
    $searchIterator = $groupSearcher.ExecuteSearch()
    $groupGuids = New-Object "System.Collections.Generic.HashSet[System.Guid]"
    while ($Context.MoveNext($searchIterator))
    {
        $searchResult = $searchIterator.Current
        $guid = [Guid]$searchResult.GetPropertyByName("objectGUID").Values[0]
        [void]$groupGuids.Add($guid)
    }
}
finally
{
    # Release resources
    if ($searchIterator) { $searchIterator.Dispose() }
}

# Search users
$criteria = New-AdmCriteria "user" -Expression {memberOf -empty $False}
$Context.DirectorySearcher.AddCriteria($criteria)

try
{
    $searchIterator = $Context.DirectorySearcher.ExecuteSearch()
    while ($Context.MoveNext($searchIterator))
    {
        $searchResult = $searchIterator.Current
        $userObj = $Context.BindToObjectBySearchResult($searchResult)
        $userGroupGuids = New-Object "System.Collections.Generic.HashSet[System.Guid]"
        $userObj.GetEx("adm-MemberOfGuid") | %%{$userGroupGuids.Add([Guid]$_)}
        $userGroupGuids.IntersectWith($groupGuids)
        
        if ($userGroupGuids.Count -ge $groupCount)
        {
            $Context.Items.Add($searchResult)
        }
    }
}
finally
{
    # Release resources
    if ($searchIterator) { $searchIterator.Dispose() }
}
Comments 2
avatar
Michel Jun 24, 2025
The script throws an error "The property 'Filter' cannot be found on this object" with Adaxes 2025.1
avatar
Support Jun 24, 2025

Hello Michel,

Thank you for pointing out the issue. We updated the script accordingly. Sorry for the inconvenience.
Leave a comment
Loading...

Got questions?

Support Questions & Answers