Script repository

Add users to unmanaged list based on criteria or LDAP filter

Updated on: Jan 18, 2026, Views: 2126

Unmanaged accounts

The script adds all users matching the specified criteria or LDAP filter to the unmanaged list. To execute the script, create a scheduled task configured for the Domain object type and add a managed domain to the Activity Scope of the task. The domain will only be used to trigger execution of the scheduled task.

Parameters

  • $unmanagedCriteria - the criteria for adding accounts to the unmanaged list. For details on possible approaches, see How to build criteria.
  • $ldapFilter - leave this variable as $null to use criteria. To use an LDAP filter instead of criteria, specify a filter that users should match to be added to the unmanaged list. If a filter is specified, the $unmanagedCriteria variable is ignored.
  • $replaceCurrentlyUnmanagedAccounts - If set to $true the accounts gathered by the script will fully replace the current unmanaged list. If set to $false the accounts gathered by the script will be added to the existing list.
$unmanagedCriteria = New-AdmCriteria "user" {department -eq "Sales"} # TODO: modify me
$ldapFilter = $null # TODO: modify me
$replaceCurrentlyUnmanagedAccounts = $true # TODO: modify me

# Build criteria
$criteria = New-AdmCriteria "user" {accountDisabled -eq $false -and accountExpires -expired $false}
if ($ldapFilter)
{
    # Use LDAP filter if not empty.
    $ldapCriteria = $criteria.CreateAdvanced()
    $ldapCriteria.SetLdapFilter($ldapFfilter)
    $criteria["user"].Add($ldapCriteria)
}
else
{
    # Use predefined criteria.
    $criteria = $criteria.MergeWith($unmanagedCriteria, "AND")           
}


# Find users and get their SIDs.
$searcher = $Context.TargetObject
$searcher.Criteria = $criteria
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.VirtualRoot = $True

try
{
    # Execute search
    $searchResultIterator = $searcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()
    
    $allUnmanagedSids = New-Object "System.Collections.Generic.HashSet[String]"
    foreach ($searchResult in $searchResults)
    {
        $sidBytes = $searchResult.Properties["objectSid"].Value
        $sid = New-Object "Softerra.Adaxes.Adsi.Sid" @($sidBytes, 0)
        [void]$allUnmanagedSids.Add($sid.Value)
    }
}
finally
{
    # Release resources
    if ($searchResultIterator){ $searchResultIterator.Dispose() }
}

# Add users to unmanaged accounts.
$configurationSetSettingsPath = $Context.GetWellKnownContainerPath("ConfigurationSetSettings")
$configurationSetSettings = $Context.BindToObject($configurationSetSettingsPath)

if (!$replaceCurrentlyUnmanagedAccounts)
{
    # Fetch user accounts that are already unmanaged.
    $currentUnmanagedAccounts = $configurationSetSettings.GetUnmanagedAccounts(@())
    $currentUnmanagedAccounts | %%{[void]$allUnmanagedSids.Add($_.Key)}
}

# Save changes
$configurationSetSettings.SetUnmanagedAccounts(@($allUnmanagedSids))

Comments 0

You must be signed in to comment.

    Got questions?

    Support Questions & Answers

    We use cookies to improve your experience.
    By your continued use of this site you accept such use.
    For more details please see our privacy policy and cookies policy.