Skip to content

Using value references in membership rules

The following code sample includes the user’s manager and excludes the user themselves from a Business Unit.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to 'My Unit' Business Unit
$businessUnitsPath = $admService.Backend.GetConfigurationContainerPath(
    "BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
    $businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
    "CN=My Unit")
$myBusinessUnit = $admService.OpenObject($myBusinessUnitAdsPath, $NULL, $NULL, 0)

$rules = $myBusinessUnit.GetMembershipRules()

# Include the user's manager
$includeRule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$includeRule.ObjectDnTemplate = "%manager%"
$includeRule.Exclude = $False
$rules.Add($includeRule)

# Exclude the user's account
$excludeRule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$excludeRule.ObjectDnTemplate = "%distinguishedName%"
$excludeRule.Exclude = $True
$rules.Add($excludeRule)

$myBusinessUnit.SetMembershipRules($rules)

$myBusinessUnit.SetInfo()

The following code sample includes members of the group with the name consisting of the user’s department plus ‘Managers’ (e.g. HRManagers), located in container Users into a Business Unit.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to 'My Unit' Business Unit
$businessUnitsPath = $admService.Backend.GetConfigurationContainerPath(
    "BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
    $businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
    "CN=My Unit")
$myBusinessUnit = $admService.OpenObject($myBusinessUnitAdsPath, $NULL, $NULL, 0)

$rules = $myBusinessUnit.GetMembershipRules()

$groupDnTemplate = "CN=%department%Managers,CN=Users,DC=domain,DC=com"

# Include group members
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_GROUP")
$rule.GroupDnTemplate = $groupDnTemplate
$rule.Exclude = $False
$rule.IncludeDirectMembersOnly = $False
$rules.Add($rule)

$myBusinessUnit.SetMembershipRules($rules)

$myBusinessUnit.SetInfo()

The following code sample includes objects contained in the Organizational Unit with name My OU located in the user’s Organizational Unit into a Business Unit.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to 'My Unit' Business Unit
$businessUnitsPath = $admService.Backend.GetConfigurationContainerPath(
    "BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
    $businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
    "CN=My Unit")
$myBusinessUnit = $admService.OpenObject($myBusinessUnitAdsPath, $NULL, $NULL, 0)

$rules = $myBusinessUnit.GetMembershipRules()

$ouDnTemplate = "OU=My OU,%adm-ParentDN%"

# Include OU children
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER")
$rule.ContainerDnTemplate = $ouDnTemplate
$rule.Exclude = $False
$rule.Scope = "ADS_SCOPE_SUBTREE"
$rules.Add($rule)

$myBusinessUnit.SetMembershipRules($rules)

$myBusinessUnit.SetInfo()

The following code sample includes user accounts located in the user’s Organizational Unit whose manager is the same as the manager of the user into a Business Unit.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to 'My Unit' Business Unit
$businessUnitsPath = $admService.Backend.GetConfigurationContainerPath(
    "BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
    $businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
    "CN=My Unit")

$myBusinessUnit = $admService.OpenObject($myBusinessUnitAdsPath, $NULL, $NULL, 0)

$rules = $myBusinessUnit.GetMembershipRules()

# Include users by Query Rule
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY")
$rule.BaseObjectDnTemplate = "%adm-ParentDN%"
$rule.Exclude = $False
$rule.Scope = "ADS_SCOPE_SUBTREE"
$rule.Filter = "(&(manager=%manager%)(objectClass=user)(objectCategory=person))"
$rules.Add($rule)

$myBusinessUnit.SetMembershipRules($rules)

$myBusinessUnit.SetInfo()

See also