Script repository
For all the groups owned (Managed By property) by the target user, the script changes the owner to the manager of the user. To execute the script, create a scheduled task configured for the Domain object type and add a managed domain to the Activity Scope of the task. The domain will only be used to trigger execution of the scheduled task.
If the $pipelined variable is set to $true, the update will go through the Adaxes pipeline to create log records, apply business rules, security roles, etc. If set to $false, the update will be performed directly in AD (Adaxes functionality will not be applied).
$pipelined = $True # TODO: modify me
# Get user manager.
try
{
$managerDN = $Context.TargetObject.Get("manager")
}
catch
{
$Context.LogMessage("User %fullname% does not have a manager.", "Warning")
return
}
# Search parameters
$searcher = $Context.TargetObject
$searcher.Criteria = New-AdmCriteria "group"
$searcher.SearchScope = "ADS_SCOPE_BASE"
$searcher.PageSize = 500
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.AttributeScopeQuery = "managedObjects"
try
{
# Execute search
$searchResultIterator = $searcher.ExecuteSearch()
$searchResults = $searchResultIterator.FetchAll()
if ($searchResults.Length -eq 0)
{
$Context.LogMessage("User %fullname% does not own any groups.", "Warning")
return
}
foreach ($searchResult in $searchResults)
{
$group = $Context.BindToObjectBySearchResultEx($searchResult, $pipelined)
$group.Put("managedBy", $managerDN)
$group.SetInfo()
}
}
finally
{
# Release resources
if ($searchResultIterator){ $searchResultIterator.Dispose() }
}
Comments 0
You must be signed in to comment.