Script repository
The script adds a user to a specific group if they are owners of at least one group. Group ownership is determined only according to the Managed By property. To execute the script, create a scheduled task configured for the Domain object type and add a managed domain to the Activity Scope of the task. The domain will only be used to trigger execution of the scheduled task.
In the script, the $groupDN variable specifies the distinguished name (DN) of the group to add group owners to. For information on how to get the DN, see Get the DN of a directory object.
$groupDN = "CN=MyGroup,OU=Groups,DC=example,DC=com" # TODO: modify me
function SearchObjects($criteria, $properties)
{
# Search parameters
$searcher = $Context.TargetObject
$searcher.Criteria = $criteria
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.SetPropertiesToLoad($properties)
$searcher.VirtualRoot = $True
try
{
# Execute search
$searchResultIterator = $searcher.ExecuteSearch()
$searchResults = $searchResultIterator.FetchAll()
return ,$searchResults
}
finally
{
# Release resources
if ($searchResultIterator){ $searchResultIterator.Dispose() }
}
}
# Get groups with owners
$groupCriteria = New-AdmCriteria "group" -Expression {directOwners -empty $False}
$groupSearchResults = SearchObjects $groupCriteria @("adm-Owners")
$ownerDNs = [string[]]($groupSearchResults.Values | Select -Unique)
# Get users from group owners
$userCriteria = New-AdmCriteria
$simpleItem = $userCriteria.CreateSimple()
$simpleItem.SetProperty("distinguishedName").SetComparisonOperator("eq").SetValueLogicalOperator("OR").AddValues($ownerDNs)
$userCriteria.AddType("user", $simpleItem)
$userSearchResults = SearchObjects $userCriteria @("distinguishedName")
$userDNs = $userSearchResults.Value
# Update group members
$group = $Context.BindToObjectByDN($groupDN)
$group.Put("member", $memberDNs)
$group.SetInfo()
Comments 0
You must be signed in to comment.