Adaxes

How to log each group removal in Adaxes script?

0 votes

When using the remove all groups script from your repository. https://www.adaxes.com/script-repository/remove-all-group-memberships-for-a-user-account-s33.htm

I need to have adaxes log each group removal. I have tried $group.Remove($Context.TargetObject.AdsPath) $context.LogMessage("$group was removed from %username%", "Information") And $group.Remove($Context.TargetObject.AdsPath) $context.LogMessage($group+" was removed from %username%", "Information")
What I get in the log is: image.png What am I doing wrong?

by (1.1k points)

1 Answer

+1 vote
by (305k points)

Hello,

You can use the below updated script.

$groupNamesToSkip = @("MyGroup1", "MyGroup2", "Department*") # TODO: modify me

function SkipGroup($patterns, $name)
{
    foreach ($pattern in $patterns)
    {
        if ($name -like $pattern)
        {
            return $True
        }
    }

    return $False
}

# Get all groups user is a direct member of
$groupGuids = $Context.TargetObject.GetEx("adm-DirectMemberOfGuid")

# Get the Primary Group ID
$primaryGroupId = $NULL
if ($Context.TargetObject.DirectoryType -eq 1)
{
    $primaryGroupId = $Context.TargetObject.Get("primaryGroupID")
}

foreach ($groupGuidBytes in $groupGuids)
{
    # Bind to the group
    $groupGuid = New-Object "System.Guid" (,$groupGuidBytes)
    $groupGuid = $groupGuid.ToString("B")
    $groupPath = "Adaxes://<GUID=$groupGuid>"
    $group = $Context.BindToObject($groupPath)

    if ($group.DirectoryType -eq 1)
    {
        # Skip Primary Group
        if ($group.Get("primaryGroupToken") -eq $primaryGroupId)
        {
            continue
        }

        $groupName = $group.Get("sAMAccountName")
    }
    else
    {
        $groupName = $group.Get("name")
    }

    # Skip special groups
    if (($groupNamesToSkip -ne $NULL) -and 
        (SkipGroup $groupNamesToSkip $groupName))
    {
        continue
    }

    # Remove user from the group
    $group.Remove($Context.TargetObject.AdsPath)
    $Context.LogMessage("User %fullname% removed from group $groupName", "Information")
}
0

Thank you works perfectly.

by (1.1k points)

Related questions

0 votes
1 answer
How do I get this to log in Adaxes log

Using this code: $UserAD = $Context.BindToObjectByDN($DNAD) $UserAD.Put("thumbnailPhoto", $photoBytes) $UserAD.SetInfo() I doesn't create a log in adaxes of the photo being updated. ... s something simple but I can't remember or find it in my support emails.

asked 16 hours ago by mightycabal (1.1k points)
0 votes
1 answer
How can I e-mail a list of group members to each groups manager/owner?

I need to send an e-mail to the owner ("managed by") for each group. The e-mail should contain a list of group members. What is the best way to do that?

asked May 9, 2024 by akindy (40 points)
0 votes
1 answer
Script to get the email of each user object in a multi value object custom attribute?

We are using the below snippet to grab the email of a single custom attribute object. Can I get guidance on the best way to modify this to get all the emails of each ... "The user specified in parameter 'MyParameter' has no email address. ", "Information") }

asked Dec 23, 2024 by msheppard (840 points)
0 votes
1 answer
In Adaxes can you apply a powershell script to all users in a specific group?

For instance to execute a powershell script that enable MFA for all member in that group?

asked Jan 27, 2023 by samuel.anim-addo (20 points)
0 votes
1 answer
How to access the Adaxes service account's credentials in a PowerShell script action?

When running a PowerShell script as an action in a custom command, you can set the script to run as a different account and then use the RunAs property in the ... Is there another way to get the Adaxes service account's credentials from within the script?

asked Mar 31, 2022 by KelseaIT (320 points)
3,739 questions
3,417 answers
8,641 comments
550,350 users