Script repository

Check whether the initiator is owner of the target object OU

Updated on: Jan 18, 2026, Views: 2664

Managers and subordinates

The script check whether the initiator is the owner of the OU where the target object is located. The script should be executed in the If PowerShell script returns true condition in a business rule, custom command or scheduled task. If the initiator is the owner of the OU where the target object is located, the script returns true.

# Bind to the OU where the target object is located
$parent = $Context.BindToObject($Context.TargetObject.Parent)

# Get parent OU owner
$Context.ConditionIsMet = $True
try
{
    $ownerDN = $parent.Get("managedBy")
}
catch
{
    $Context.ConditionIsMet = $False
}

# Check whether initiator is the owner
if ($ownerDN -eq "%adm-InitiatorDN%")
{
    return
}

# Check whether owner is a group
$owner = $Context.BindToObjectByDN($ownerDN)

if ($owner.Class -ne "group")
{
    $Context.ConditionIsMet = $False
    return
}

# Get group members
try
{
    $memberGuidsBytes = $owner.GetEx("adm-MembersGuid")
}
catch
{
    $Context.ConditionIsMet = $False
    return
}

# Check whether initiator is a member of the group
$initiatorGuid = [Guid]"%adm-InitiatorGuid%"
foreach ($guidBytes in $memberGuidsBytes)
{
    $guid = [Guid]$guidBytes
    if ($guid -ne $initiatorGuid)
    {
        continue
    }
    
    # Initiator is a member of the group that owns the OU
    return
}

Comments 0

You must be signed in to comment.

    Got questions?

    Support Questions & Answers

    We use cookies to improve your experience.
    By your continued use of this site you accept such use.
    For more details please see our privacy policy and cookies policy.