Script repository
The script deletes Google Apps groups that do not have corresponding AD groups in your Active Directory. To execute the script, create a scheduled task configured for the Domain object type and add a managed domain to the Activity Scope of the task. The domain will only be used to trigger execution of the scheduled task.
Before using the script, install and configure the GAM Tool on the computer where Adaxes service runs. For details, see GAM Wiki.
Parameters
$gamPath- the path to the GAM executable file.$waitTimeMilliseconds- Specifies the time to wait for GAM response. It is recommended not to set a time exceeding the 10 minutes’ limit applied by Adaxes to scripts executed by business rules, custom commands and scheduled tasks. If a script runs for more time than you specify, it will be completed, but the errors, warnings and other messages will not be added to the Execution log.$groupIdAttribute- the name of the AD property that serves as the group identifier in Google Apps. The script will search Google Apps groups by the specified property.
$gamPath = "C:\Scripts\Gam\gam.exe" # TODO: modify me
$waitTimeMilliseconds = 8 * 60 * 1000 # TODO: modify me
$groupIdAttribute = "sAMAccountName" # TODO: modify me
function StartProcess ($arguments)
{
# Start GAM process.
$processInfo = New-Object System.Diagnostics.ProcessStartInfo
$processInfo.FileName = $gamPath
$processInfo.RedirectStandardOutput = $true
$processInfo.RedirectStandardError = $true
$processInfo.UseShellExecute = $false
$processInfo.CreateNoWindow = $true
$processInfo.Arguments = $arguments
$process = New-Object System.Diagnostics.Process
$process.StartInfo = $processInfo
[void]$process.Start()
$processCompleted = $process.WaitForExit($waitTimeMilliseconds)
if (!$processCompleted)
{
$process.Kill()
Write-Error "The process timeout."
return $null
}
$resultErrors = $process.StandardError.ReadToEnd()
$resultOutput = $process.StandardOutput.ReadToEnd()
return @{
"Output" = $resultOutput.Trim();
"Error" = $resultErrors.Trim();
}
}
# Search group in Google Apps.
$gamResult = StartProcess "print groups id"
$googleGroupIds = @{}
if (-not([System.String]::IsNullOrEmpty($gamResult.Output)))
{
# Parse result
$records = $gamResult.Output.Split("`n")
for ($i = 1; $i -lt $records.Length; $i++)
{
$googleGroupValues = $records[$i].Split(",")
[void]$googleGroupIds.Add($googleGroupValues[1].Trim(), $googleGroupValues[0].Trim())
}
}
else
{
$Context.LogMessage($gamResult.Output, "Warning")
$Context.LogMessage("An error occurred when getting a list of Google groups. Error: " + $gamResult.Error, "Error")
return
}
if ($googleGroupIds.Count -eq 0)
{
return
}
# Search groups in Active Directory.
$searcher = $Context.BindToObject("Adaxes://rootDSE")
$searcher.SearchFilter = "(objectCategory=group)"
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.SetPropertiesToLoad(@($groupIdAttribute))
$searcher.VirtualRoot = $True
try
{
$searchResultIterator = $searcher.ExecuteSearch()
$searchResults = $searchResultIterator.FetchAll()
foreach ($searchResult in $searchResults)
{
$groupId = $searchResult.Properties[$groupIdAttribute].Value
if ([System.String]::IsNullOrEmpty($groupId))
{
continue
}
[void]$googleGroupIds.Remove($groupId)
}
}
finally
{
$searchResultIterator.Dispose()
}
# Delete Google groups.
foreach ($id in $googleGroupIds.Keys)
{
$groupMail = $googleGroupIds[$id]
$operationResult = StartProcess "delete group $groupMail"
if (([System.String]::IsNullOrEmpty($operationResult.Error)) -or ($operationResult.Output.Trim() -eq "Deleting group $groupMail"))
{
continue
}
$Context.LogMessage($operationResult.Output, "Warning")
$Context.LogMessage("An error occurred when deleting a Google group. Error: " + $operationResult.Error, "Error")
}
Comments 0
You must be signed in to comment.