Script repository

Add user to Novel eDirectory group

Updated on: Jan 18, 2026, Views: 11329

Group membership

The script adds a user to a eDirectory group that is associated with the user property value and removes from groups associated with other values of the property. To execute the script, create a business rule, custom command or scheduled task configured for the User object type.

Parameters

  • $eDirectoryServer - the eDirectory LDAP server. The server must be specified by its fully qualified domain name (FQDN) followed by the number of the port used to accept LDAP requests (by default, 389).
  • $adminDN - the distinguished name (DN) of a eDirectory administrative account. The account must have sufficient permissions to perform the following operations:
    • View the user account and the group in question.
    • Modify the groupMembership and securityEquals attributes of the user account.
    • Modify the member and equivalentToMe attributes of the group.
  • $adminPassword - the password to the account identified by $adminDN.
  • $username - the name of the user in eDirectory.
  • $groupName - the group name.
$eDirectoryServer = "edirectory.server.doman.com:389" # TODO: modify me
$adminDN = "cn=admin,o=company" # TODO: modify me
$adminPassword = "secret" # TODO: modify me

$username = "%username%" # TODO: modify me
$groupName = "MyGroup" # TODO: modify me

function SearchObjectInEDirectory($filter, $eDirectoryServer, $adminDN, $adminPassword)
{
    try
    {
        $directoryEntry = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$eDirectoryServer", $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
        $searcher = New-Object System.DirectoryServices.DirectorySearcher($directoryEntry, $filter)
        $searchResults = $searcher.FindAll()
        $Context.LogMessage($searchResults[0].Path, "Information")
        if ($searchResults.Count -eq 0)
        {
            return $NULL
        }
        else
        {
            return ,$searchResults
        }
    }
    catch
    {
        $Context.LogMessage("Could not find an object matching the following filter: '$filter'. Error: " + $_.Exception.Message, "Information")
    }
    finally
    {
        $directoryEntry.Dispose()
        $searcher.Dispose()
    }
}

# Find user
$searchResults = SearchObjectInEDirectory "(&(objectClass=person)(name=$username))" $eDirectoryServer $adminDN $adminPassword
if ($searchResults -eq $NULL)
{
    $Context.LogMessage("User '$username' not found", "Warning")
    return
}
elseif ($searchResults.Count -gt 1)
{
    $Context.LogMessage("Found more than one user with name '$username'", "Warning")
    return
}
else
{
    $userInfo = $searchResults[0]
}

# Find group
$searchResults = SearchObjectInEDirectory "(&(objectClass=group)(name=$groupName))" $eDirectoryServer $adminDN $adminPassword
if ($searchResults -eq $NULL)
{
    $Context.LogMessage("Group '$groupName' not found", "Warning")
    return
}
elseif ($searchResults.Count -gt 1)
{
    $Context.LogMessage("Found more than one group with name '$groupName'", "Warning")
    return
}
else
{
    $groupInfo = $searchResults[0]
}

# Add user to group
$userDN = $userInfo.Path.Replace("LDAP://$eDirectoryServer/", "")
$groupDN = $groupInfo.Path.Replace("LDAP://$eDirectoryServer/", "")
try
{
    # Update user
    $userDirectoryEntry = New-Object System.DirectoryServices.DirectoryEntry($userInfo.Path, $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
    $userDirectoryEntry.Properties["securityEquals"].Add($groupDN)
    $userDirectoryEntry.Properties["groupMembership"].Add($groupDN)
    $userDirectoryEntry.CommitChanges()

    # Update group
    $groupDirectoryEntry = New-Object System.DirectoryServices.DirectoryEntry($groupInfo.Path, $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
    $groupDirectoryEntry.Properties["equivalentToMe"].Add($userDN)
    $groupDirectoryEntry.Properties["member"].Add($userDN)
    $groupDirectoryEntry.CommitChanges()
}
catch
{
    $Context.LogMessage("An error occurred when adding user to eDirectory group. Error: " + $_.Exception.Message, "Warning")
}
finally
{
    $userDirectoryEntry.Dispose()
}

Comments 10

You must be signed in to comment.

  • Nekk

    Nekk

    Hello can you please help me with a script where I need to add users to a group in e directory in bulk thru a csv file.

    • Support

      Support

      Hello Mohi,

      Please, find the updated script below. It adds users listed in a CSV file to an eDirectory group. In the script:

      • $eDirectoryServer – specifies the eDirectory LDAP server. The server must be specified by its fully qualified domain name (FQDN) followed by the number of the port used to accept LDAP requests (by default, 389);

      • $adminDN – specifies the Distinguished Name (DN) of an eDirectory administrative account. The account must have sufficient permissions to perform the following operations:

        • View the user account and the group in question;

        • Modify the groupMembership and securityEquals attributes of the user account;

        • Modify the member and equivalentToMe attributes of the group;

      • $adminPassword – specifies the password to the account identified by $adminDN;

      • $groupName – specifies the name of the group to which users will be added;

      • $csvFilePath – specifies a path to the CSV file;

      • $userIdentityColumn – specifies the name of the CSV file column that contains the list of user identifiers in eDirectory.

      $eDirectoryServer = "edirectory.server.doman.com:389" # TODO: modify me
$adminDN = "cn=admin,o=company" # TODO: modify me
$adminPassword = "secret" # TODO: modify me

$groupName = "MyGroup" # TODO: modify me
$csvFilePath = "\\server\share\import.csv" # TODO: modify me
$userIdentityColumn = "userName" # TODO: modify me

function SearchObjectInEDirectory($filter, $eDirectoryServer, $adminDN, $adminPassword)
{
    try
    {
        $directoryEntry = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$eDirectoryServer", $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
        $searcher = New-Object System.DirectoryServices.DirectorySearcher($directoryEntry, $filter)
        $searchResults = $searcher.FindAll()
        $Context.LogMessage($searchResults[0].Path, "Information")
        if ($searchResults.Count -eq 0)
        {
            return $NULL
        }
        else
        {
            return ,$searchResults
        }
    }
    catch
    {
        $Context.LogMessage("Could not find an object matching the following filter: '$filter'. Error: " + $_.Exception.Message, "Information")
    }
    finally
    {
        # Release resources
	$directoryEntry.Dispose()
        $searcher.Dispose()
    }
}

# Check whether CSV file exists
if (!(Test-Path -Path $csvFilePath))
{
	$Context.LogMessage("File '$csvFilePath' was not found.", "Warning")
	return
}

$records = Import-Csv -Path $csvFilePath

# Find group
$searchResults = SearchObjectInEDirectory "(&(objectClass=group)(name=$groupName))" $eDirectoryServer $adminDN $adminPassword
if ($searchResults -eq $NULL)
{
    $Context.LogMessage("Group '$groupName' not found", "Warning")
    return
}
elseif ($searchResults.Count -gt 1)
{
    $Context.LogMessage("Found more than one group with name '$groupName'", "Warning")
    return
}
else
{
    $groupInfo = $searchResults[0]
}

# Find user
foreach ($record in $records)
{
	$userName = $record.$userIdentityColumn
	$searchResults = SearchObjectInEDirectory "(&(objectClass=person)(name=$userName))" $eDirectoryServer $adminDN $adminPassword
	if ($searchResults -eq $NULL)
	{
		$Context.LogMessage("User '$userName' not found", "Warning")
		continue
	}
	elseif ($searchResults.Count -gt 1)
	{
		$Context.LogMessage("Found more than one user with name '$userName'", "Warning")
		continue
	}
	else
	{
		$userInfo = $searchResults[0]
	}

	# Add user to group
	$userDN = $userInfo.Path.Replace("LDAP://$eDirectoryServer/", "")
	$groupDN = $groupInfo.Path.Replace("LDAP://$eDirectoryServer/", "")
	try
	{
		# Update user
		$userDirectoryEntry = New-Object System.DirectoryServices.DirectoryEntry($userInfo.Path, $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
		$userDirectoryEntry.Properties["securityEquals"].Add($groupDN)
		$userDirectoryEntry.Properties["groupMembership"].Add($groupDN)
		$userDirectoryEntry.CommitChanges()

		# Update group
		$groupDirectoryEntry = New-Object System.DirectoryServices.DirectoryEntry($groupInfo.Path, $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
		$groupDirectoryEntry.Properties["equivalentToMe"].Add($userDN)
		$groupDirectoryEntry.Properties["member"].Add($userDN)
		$groupDirectoryEntry.CommitChanges()
	}
	catch
	{
		$Context.LogMessage("An error occurred when adding user to eDirectory group. Error: " + $_.Exception.Message, "Warning")
	}
	finally
	{
		$userDirectoryEntry.Dispose()
	}
}
  • Nekk

    Nekk

    I need a script that add bulk user to a multiple groups, handled in a single csv. Like in csv there would be two columns one for username, other for groups name they should be added. Kindly help with this scenario

  • Paul Morrison

    Paul Morrison

    Hey There,

    Any chance you have a script that will parse and return all LDAP attributes in eDirectory via Powershell?
    Thanks!

    • Support

      Support

      Hello Paul,

      Unfortunately, we do not have such a script in our repository.

  • Nekk

    Nekk

    Hello,

    Can i get a script to delete "Shared mailbox" from Active directory in bulk

    • Support

      Support

      Hello,

      Sorry for the confusion, but we are not sure what exactly you need the script to do. Could you, please, describe the desired bahaviour in all the possible details with live examples?

Got questions?

Support Questions & Answers

We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.