Skip to content

Modifying membership rules

The following code sample shows how to include and exclude a specific AD object from a Business Unit.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to 'My Unit' Business Unit
$businessUnitsPath = $admService.Backend.GetConfigurationContainerPath(
    "BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
    $businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
    "CN=My Unit")
$myBusinessUnit = $admService.OpenObject($myBusinessUnitAdsPath, $NULL, $NULL, 0)

$rules = $myBusinessUnit.GetMembershipRules()

# Include John Smith
$jsmithDN = "CN=John Smith,CN=Users,DC=company,DC=com"
$jsmith = $admService.OpenObject("Adaxes://$jsmithDN", $NULL, $NULL, 0)
$includeRule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$includeRule.Exclude = $False
$includeRule.Object = $jsmith
$rules.Add($includeRule)

# Exclude Bob Jones
$bjonesDN = "CN=Bob Jones,CN=Users,DC=company,DC=com"
$bjones = $admService.OpenObject("Adaxes://$bjonesDN", $NULL, $NULL, 0)
$excludeRule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$excludeRule.Exclude = $True
$excludeRule.Object = $bjones
$rules.Add($excludeRule)

$myBusinessUnit.SetMembershipRules($rules)

$myBusinessUnit.SetInfo()

The following code sample shows how to include and exclude members ofa group from a Business Unit.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to 'My Unit' Business Unit
$businessUnitsPath = $admService.Backend.GetConfigurationContainerPath(
    "BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
    $businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
    "CN=My Unit")
$myBusinessUnit = $admService.OpenObject($myBusinessUnitAdsPath, $NULL, $NULL, 0)

$rules = $myBusinessUnit.GetMembershipRules()

# Include members of the 'My Group' group
$groupDN = "CN=My Group,OU=Groups,DC=company,DC=com"
$group = $admService.OpenObject("Adaxes://$groupDN", $NULL, $NULL, 0)
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_GROUP")
$rule.Exclude = $False
$rule.Group = $group
$rule.IncludeDirectMembersOnly = $False
$rules.Add($rule)

# Exclude members of the 'My Group 2' group
$groupDN = "CN=My Group 2,OU=Groups,DC=company,DC=com"
$group = $admService.OpenObject("Adaxes://$groupDN", $NULL, $NULL, 0)
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_GROUP")
$rule.Exclude = $True
$rule.Group = $group
$rule.IncludeDirectMembersOnly = $False
$rules.Add($rule)

$myBusinessUnit.SetMembershipRules($rules)

$myBusinessUnit.SetInfo()

The following code sample shows how to include or exclude objects located under a specific Organizational Unit from a Business Unit.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to 'My Unit' Business Unit
$businessUnitsPath = $admService.Backend.GetConfigurationContainerPath(
    "BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
    $businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
    "CN=My Unit")
$myBusinessUnit = $admService.OpenObject($myBusinessUnitAdsPath, $NULL, $NULL, 0)

$rules = $myBusinessUnit.GetMembershipRules()

# Include objects located under the 'My Unit' OU
$ouDN = "OU=My Unit,DC=company,DC=com"
$ou = $admService.OpenObject("Adaxes://$ouDN", $NULL, $NULL, 0)
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER")
$rule.Exclude = $False
$rule.Container = $ou
$rule.Scope = "ADS_SCOPE_SUBTREE"
$rules.Add($rule)

# Exclude objects located under the 'My Unit 2' OU
$ouDN = "OU=My Unit 2,DC=company,DC=com"
$ou = $admService.OpenObject("Adaxes://$ouDN", $NULL, $NULL, 0)
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER")
$rule.Exclude = $True
$rule.Container = $ou
$rule.Scope = "ADS_SCOPE_SUBTREE"
$rules.Add($rule)

$myBusinessUnit.SetMembershipRules($rules)

$myBusinessUnit.SetInfo()

The following code sample shows how to include or exclude AD objects that match certain search criteria from a Business Unit.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to 'My Unit' Business Unit
$businessUnitsPath = $admService.Backend.GetConfigurationContainerPath(
    "BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
    $businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
    "CN=My Unit")
$myBusinessUnit = $admService.OpenObject($myBusinessUnitAdsPath, $NULL, $NULL, 0)

$rules = $myBusinessUnit.GetMembershipRules()

# Include users from the Sales department
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY")
$rule.Exclude = $False
$rule.BaseObjectPath = $NULL 
$rule.Scope = "ADS_SCOPE_SUBTREE"
$rule.Filter = "(&(department=Sales)(objectClass=user)(objectCategory=person))"
$rules.Add($rule)

# Exclude users from the IT department
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY")
$rule.Exclude = $True
$rule.BaseObjectPath = $NULL 
$rule.Scope = "ADS_SCOPE_SUBTREE"
$rule.Filter = "(&(department=IT)(objectClass=user)(objectCategory=person))"
$rules.Add($rule)

$myBusinessUnit.SetMembershipRules($rules)

$myBusinessUnit.SetInfo()

See also