0 votes

Hi all,

I got a script that works, but is kinda finicky:

$memberListProperty = "adm-CustomAttributeTextMultiValue1"
try
{
    $records = $Context.TargetObject.GetEx($memberListProperty)
}
catch
{
    $records = $null
}


$guids = @()
for ($i = 0; $i -lt $records.Length; $i++)
{
    $record = $records[$i]
    $guid = [regex]::Match(($record | Select-String -Pattern "Adaxes\:\/\/<GUID=.+\>").Matches[0].Value, '(?<=GUID=)[^>]+').Value
    $guids += $guid
}

$groupname = $context.TargetObject.Get("distinguishedName")

if ($groupname -like "*onmicrosoft*"){
    $servername = "fraisalan.onmicrosoft.com"
} else {
    $servername = "fraisalan.ch"
}

$members = Get-AdmGroupMember -Identity $groupname -AdaxesService localhost -Server $servername



foreach ($member in $members)
{
    #Get ObjectGUID of Member
    $binded = $Context.BindToObjectByDN($member)
    [Guid]$nguid = $binded.Get("ObjectGUID")

    #Check if it is in the array
    if ($guids -contains $nguid){
        $Context.LogMessage("$member wurde nicht gelöscht, da es über den custom command zeitlich befristet wurde.","Information")
    } elseif ($member -notlike "*GG_RBA_AD-Bellach*"){
        $Context.LogMessage("$member wurde gelöscht.", "Information")
        Remove-AdmgroupMember -Identity $groupname -Members $member -AdaxesService localhost -Confirm:$false -Server $servername
    } else{
        $Context.LogMessage("$member wurde nicht gelöscht, da es sich um eine Gruppe handelt.","Information")
    }
}

The script runs for groups, and it should check if a member was added through a custom comand, or manually to the group. If he was added manually, then we will delete him.

My big problem is that the group can exist both on-prem and in the cloud.

The Adaxes Powershell functions (like Get-AdmGroupMember, or Remove-AdmgroupMember) only work with cloud objects if the server name is specified, otherwise they fail.

How can I build it nicer so that I don't have to hardcode the server name?

So basically I want to replace this part:

$groupname = $context.TargetObject.Get("distinguishedName")

if ($groupname -like "*onmicrosoft*"){
    $servername = "fraisalan.onmicrosoft.com"
} else {
    $servername = "fraisalan.ch"
}

Thank you for your help!

Best regards Benjamin

by (20 points)

1 Answer

0 votes
by (294k points)

Hello Benjamin,

Specifying the -Server parameter is mandatory in this case. However, you do not need to hardcode domain names in the script. You can use the below code to just obtain it for the target object:

$servername = $Context.GetObjectDomain("%distinguishedName%")
0

Hi, thank you for your quick answer. It works! You helped me much.

Best regards Benjamin

Related questions

0 votes
1 answer

I connected my local AD domain as well as my Entra domain in Adaxes, however I am now seeing duplicate user accounts, one under our local AD and the other from ... Connect, and it's confusing determining which user is in which location when making updates.

asked Sep 4 by aswint (50 points)
0 votes
1 answer

Hi team, we see sometimes the following behavior: Changing a user mailbox to shared, is just moving on-prem mailbox of this user to shared. Online mailbox seems not to ... . What will happen with online mailbox? Will Adaxes generate a remote mailbox at all?

asked Oct 13, 2023 by wintec01 (1.5k points)
0 votes
1 answer

Hello, I have a sheduled task running. This task checks if a user is a member of a Licensed Office 365 Group with exchange online. If the user does not have an ... the on prem exchange mailbox and the exchange online mailbox? Thanks if you have an idea!

asked Feb 24, 2023 by fabian.p (380 points)
0 votes
1 answer

Topic question, we are looking into AD Auditing and I would like to know if this solution is on-prem. And I would like to know if there is a built in report to see ... to access folders they do not have permissions to, is this something I can do with Adaxes?

asked Jun 10, 2021 by anthonysmills (20 points)
0 votes
1 answer

My role as a developer require a form submission with Adaxes to get JIT (just in time) access to an client environment, I want to need guidance to form submission with the Adaxes PowerShell module.

asked Nov 19, 2020 by spencer.nicol (20 points)
3,588 questions
3,277 answers
8,303 comments
548,087 users