Adaxes

Using Powershell Module for Cloud and On-Prem

0 votes

Hi all,

I got a script that works, but is kinda finicky:

$memberListProperty = "adm-CustomAttributeTextMultiValue1"
try
{
    $records = $Context.TargetObject.GetEx($memberListProperty)
}
catch
{
    $records = $null
}


$guids = @()
for ($i = 0; $i -lt $records.Length; $i++)
{
    $record = $records[$i]
    $guid = [regex]::Match(($record | Select-String -Pattern "Adaxes\:\/\/<GUID=.+\>").Matches[0].Value, '(?<=GUID=)[^>]+').Value
    $guids += $guid
}

$groupname = $context.TargetObject.Get("distinguishedName")

if ($groupname -like "*onmicrosoft*"){
    $servername = "fraisalan.onmicrosoft.com"
} else {
    $servername = "fraisalan.ch"
}

$members = Get-AdmGroupMember -Identity $groupname -AdaxesService localhost -Server $servername



foreach ($member in $members)
{
    #Get ObjectGUID of Member
    $binded = $Context.BindToObjectByDN($member)
    [Guid]$nguid = $binded.Get("ObjectGUID")

    #Check if it is in the array
    if ($guids -contains $nguid){
        $Context.LogMessage("$member wurde nicht gelöscht, da es über den custom command zeitlich befristet wurde.","Information")
    } elseif ($member -notlike "*GG_RBA_AD-Bellach*"){
        $Context.LogMessage("$member wurde gelöscht.", "Information")
        Remove-AdmgroupMember -Identity $groupname -Members $member -AdaxesService localhost -Confirm:$false -Server $servername
    } else{
        $Context.LogMessage("$member wurde nicht gelöscht, da es sich um eine Gruppe handelt.","Information")
    }
}

The script runs for groups, and it should check if a member was added through a custom comand, or manually to the group. If he was added manually, then we will delete him.

My big problem is that the group can exist both on-prem and in the cloud.

The Adaxes Powershell functions (like Get-AdmGroupMember, or Remove-AdmgroupMember) only work with cloud objects if the server name is specified, otherwise they fail.

How can I build it nicer so that I don't have to hardcode the server name?

So basically I want to replace this part: 

$groupname = $context.TargetObject.Get("distinguishedName")

if ($groupname -like "*onmicrosoft*"){
    $servername = "fraisalan.onmicrosoft.com"
} else {
    $servername = "fraisalan.ch"
}

Thank you for your help!

Best regards Benjamin

by (20 points)

1 Answer

0 votes
by (295k points)

Hello Benjamin,

Specifying the -Server parameter is mandatory in this case. However, you do not need to hardcode domain names in the script. You can use the below code to just obtain it for the target object:

$servername = $Context.GetObjectDomain("%distinguishedName%")
0

Hi, thank you for your quick answer. It works! You helped me much.

Best regards Benjamin

by (20 points)

Related questions

0 votes
1 answer
Use the Adaxes PowerShell SDK Module for JIT Form Submission

My role as a developer require a form submission with Adaxes to get JIT (just in time) access to an client environment, I want to need guidance to form submission with the Adaxes PowerShell module.

asked Nov 19, 2020 by spencer.nicol (20 points)
0 votes
1 answer
Module powershell for Adaxes

is it possible to register new domain with Active Directory Module Cmdlets ? and is it possible to modify/configure password policies with Active Directory Module Cmdlet ? Thx.

asked Apr 22, 2013 by mmichard (360 points)
0 votes
1 answer
Adaxes support removing on-prem exchange while still having on-prem AD and Entra Id Connect Sync

I am trying to get a better understanding of how all this works, so forgive me if some of these questions don't make sense. We are trying to remove our final Exchange On ... to the cloud, then I would need to keep our last on-prem exchange server running?

asked Jan 9 by emeisner (120 points)
0 votes
1 answer
Duplicate user accounts after connecting Entra domain and on-prem domain.

I connected my local AD domain as well as my Entra domain in Adaxes, however I am now seeing duplicate user accounts, one under our local AD and the other from ... Connect, and it's confusing determining which user is in which location when making updates.

asked Sep 4, 2024 by aswint (50 points)
0 votes
1 answer
Exchange Online and On-Prem mailboxes

Hi team, we see sometimes the following behavior: Changing a user mailbox to shared, is just moving on-prem mailbox of this user to shared. Online mailbox seems not to ... . What will happen with online mailbox? Will Adaxes generate a remote mailbox at all?

asked Oct 13, 2023 by wintec01 (1.6k points)
3,605 questions
3,292 answers
8,342 comments
548,448 users