Script repository
The script removes invalid membership rules (e.g. related to deleted AD objects) a business unit. To execute the script, create a scheduled task configured for the Domain object type and add a managed domain to the Activity Scope of the task. The domain will only be used to trigger execution of the scheduled task.
In the script, the $unitPath variable specifies the ADS path of the business unit to check. To get the path:
- Launch Adaxes Administration console.
- Expand the service node.
- Expand the Business Units node.
- Right-click the business unit you need.
- In the context menu, open the submenu of the Copy item.
- Click Copy ADS Path. The ADS Path of the business unit will be copied to the clipboard.
$unitPath = "Adaxes://adaxesserver.example.com:12345/CN=My Unit,CN=Business Units,CN=Configuration Objects,CN=Adaxes Configuration,CN=Adaxes" # TODO: modify me
$unit = $Context.BindToObject($unitPath)
$rules = $unit.GetMembershipRules()
$rulesToRemove = @()
# Find membership rules with references to non-existing objects.
foreach ($rule in $rules)
{
$ruleType = $rule.Type
switch ($ruleType)
{
"ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY"
{
if (-not([System.String]::IsNullOrEmpty($rule.BaseObjectPath)))
{
try
{
$baseObject = $Context.BindToObject($rule.BaseObjectPath)
}
catch
{
$rulesToRemove += $rule
}
}
}
"ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER"
{
if ([System.String]::IsNullOrEmpty($rule.ContainerDnTemplate) -and
($rule.Container -eq $NULL))
{
$rulesToRemove += $rule
}
}
"ADM_BUSINESSUNITMEMBERSHIPTYPE_GROUP"
{
if ([System.String]::IsNullOrEmpty($rule.GroupDnTemplate) -and
($rule.Group -eq $NULL))
{
$rulesToRemove += $rule
}
}
"ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC"
{
if ([System.String]::IsNullOrEmpty($rule.ObjectDnTemplate) -and
($rule.Object -eq $NULL))
{
$rulesToRemove += $rule
}
}
}
}
# Remove invalid membership rules.
foreach ($invalidRule in $rulesToRemove)
{
$rules.Remove($invalidRule)
}
$unit.SetMembershipRules($rules)
# Save changes
$unit.SetInfo()
Comments 0
You must be signed in to comment.