Script repository
The script updates properties of a user account in the resource domain with the values of the corresponding property values of the target user. To execute the script, create a business rule, custom command or scheduled task configured for the User object type.
Parameters
$targetDomainDN- the distinguished name (DN) of the resource domain. For information on how to get an object DN, see Get the DN of a directory object.$propertyToSearch- the name of the property whose value will be used to find the user to update in the resource domain.$dnPropertiesToUpdate- maps names of the DN-syntax properties that should be updated with names of the corresponding object properties that will be used to find objects in the resource domain.$otherPropertiesToUpdate- the names of non-DN syntax properties to be updated for the user in the resource domain.
$targetDomainDN = "DC=resourceDomain,DC=com" # TODO: modify me
$propertyToSearch = "sAMAccountName" # TODO: modify me
$dnPropertiesToUpdate = @{
"manager" = "sAMAccountName"
} # TODO: modify me
$otherPropertiesToUpdate = @("description", "title", "department", "adm-CustomAttributeTextMultiValue1") # TODO: modify me
function SearchObjects($criteria, $containerDN)
{
$searcher = $Context.BindToObject("Adaxes://$containerDN")
$searcher.Criteria = $criteria
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SizeLimit = 2
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
try
{
# Execute search
$searchResultIterator = $searcher.ExecuteSearch()
$searchResults = $searchResultIterator.FetchAll()
return ,$searchResults
}
finally
{
# Release resources
if ($searchResultIterator){ $searchResultIterator.Dispose() }
}
}
# Get the search property value
try
{
$userID = $Context.TargetObject.Get($propertyToSearch)
}
catch
{
$Context.LogMessage("Property $propertyToSearch is empty.", "Warning")
return
}
# Search user in resource domain
$criteria = New-AdmCriteria "user" -Expression {$propertyToSearch -eq $userID}
$searchResults = SearchObjects $criteria $targetDomainDN
if ($searchResults.Length -eq 0)
{
$Context.LogMessage("No user account founded in the target domain.", "Warning")
return
}
elseif ($searchResults.Length -gt 1)
{
$Context.LogMessage("Found more than one user account in the target domain.", "Warning")
return
}
$targetUser = $Context.BindToObjectBySearchResult($searchResults[0])
# Update DN syntax properties
foreach ($propertyName in $dnPropertiesToUpdate.Keys)
{
try
{
$sourceDNs = $Context.TargetObject.GetEx($propertyName)
}
catch
{
$targetUser.Put($propertyName, $NULL)
continue
}
$targetDNs = New-Object System.Collections.ArrayList
foreach ($dn in $sourceDNs)
{
$object = $Context.BindToObjectByDN($dn)
$objectIDPropertyName = $dnPropertiesToUpdate[$propertyName]
try
{
$objectID = $object.Get($objectIDPropertyName)
}
catch
{
$Context.LogMessage("Object '$dn' has no value for property $objectIDPropertyName", "Warning")
continue
}
$additionalCriteria = New-AdmCriteria "*" -Expression {$objectIDPropertyName -eq $objectID}
$searchResults = SearchObjects $additionalCriteria $targetDomainDN
if ($searchResults.Length -eq 0)
{
$Context.LogMessage("Object $objectID not found.", "Warning")
continue
}
elseif ($searchResults.Length -gt 1)
{
$Context.LogMessage("Found more than one object with the following id $objectID", "Warning")
continue
}
$targetDNs.Add($searchResults[0].Properties["distinguishedName"].Value)
}
if ($targetDNs.Count -eq 0)
{
continue
}
$targetUser.Put($propertyName, $targetDNs.ToArray())
}
# Update other properties
foreach ($propertyName in $otherPropertiesToUpdate)
{
try
{
$values = $Context.TargetObject.GetEx($propertyName)
}
catch
{
$values = $NULL
}
$targetUser.Put($propertyName, $values)
}
# Save changes
$targetUser.SetInfo()
Comments 0
You must be signed in to comment.