Skip to content

Configuring unmanaged user accounts

Note

Unmanaged user accounts are not displayed in Adaxes environment and are ignored during license validation.

The following code sample excludes a user from the list of user accounts managed by Adaxes.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi") 
Import-Module Adaxes

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace" 
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to the 'Configuration Set Settings' container
$configurationSetSettingsPath = $admService.Backend.GetConfigurationContainerPath("ConfigurationSetSettings")
$admConfigurationSetSettings = $admService.OpenObject($configurationSetSettingsPath, $NULL, $NULL, 0)

$userPrincipalName = "jsmith@domain.com"
$newUnmanagedAccount = Get-AdmUser -Filter {userPrincipalName -like $userPrincipalName} `
    -SearchScope Subtree  -Server domain.com
$sid = $newUnmanagedAccount.Sid.ToString()

# Check whether the user account is unmanaged.
if (!$admConfigurationSetSettings.IsUnmanagedAccount($sid))
{
    $currentUnmanagedAccounts = $admConfigurationSetSettings.GetUnmanagedAccounts(@())

    # Fetch user accounts that are already unmanaged
    $allUnmanagedSids = @()
    foreach($userInfo in $currentUnmanagedAccounts)
    {
        $allUnmanagedSids += $userInfo.Key
    }
    # Add a new account to Unmanaged Accounts
    $allUnmanagedSids += $sid

    $admConfigurationSetSettings.SetUnmanagedAccounts(@($allUnmanagedSids))
}

The following code sample excludes all users located under a specific Organizational Unit from the list of accounts managed by Adaxes.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi") 
Import-Module Adaxes

$ouDN = "OU=My OU,DC=domain,DC=com"
$replaceCurnentlyUnmanagedAccounts = $False

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to the 'Configuration Set Settings' container
$configurationSetSettingsPath = $admService.Backend.GetConfigurationContainerPath("ConfigurationSetSettings")
$admConfigurationSetSettings = $admService.OpenObject($configurationSetSettingsPath, $NULL, $NULL, 0)

$allUnmanagedSids = New-Object "System.Collections.Generic.HashSet[String]"

if (!$replaceCurnentlyUnmanagedAccounts)
{
    # Fetch user accounts that are already unmanaged
    $currentUnmanagedAccounts = $admConfigurationSetSettings.GetUnmanagedAccounts(@())
    foreach ($userInfo in $currentUnmanagedAccounts)
    {
        $allUnmanagedSids.Add($userInfo.Key) | Out-Null
    }
}

# Find all users under the given OU
$ouUsers = Get-AdmUser -Filter "*" -SearchBase $ouDN -SearchScope Subtree  -Server domain.com
if ($ouUsers -ne $NULL)
{
    foreach ($user in $ouUsers)
    {
        $allUnmanagedSids.Add($user.Sid.ToString()) | Out-Null
    }
}

$admConfigurationSetSettings.SetUnmanagedAccounts(@($allUnmanagedSids))

See also