Adaxes

Using Powershell Module for Cloud and On-Prem

0 votes

Hi all,

I got a script that works, but is kinda finicky:

$memberListProperty = "adm-CustomAttributeTextMultiValue1"
try
{
    $records = $Context.TargetObject.GetEx($memberListProperty)
}
catch
{
    $records = $null
}


$guids = @()
for ($i = 0; $i -lt $records.Length; $i++)
{
    $record = $records[$i]
    $guid = [regex]::Match(($record | Select-String -Pattern "Adaxes\:\/\/<GUID=.+\>").Matches[0].Value, '(?<=GUID=)[^>]+').Value
    $guids += $guid
}

$groupname = $context.TargetObject.Get("distinguishedName")

if ($groupname -like "*onmicrosoft*"){
    $servername = "fraisalan.onmicrosoft.com"
} else {
    $servername = "fraisalan.ch"
}

$members = Get-AdmGroupMember -Identity $groupname -AdaxesService localhost -Server $servername



foreach ($member in $members)
{
    #Get ObjectGUID of Member
    $binded = $Context.BindToObjectByDN($member)
    [Guid]$nguid = $binded.Get("ObjectGUID")

    #Check if it is in the array
    if ($guids -contains $nguid){
        $Context.LogMessage("$member wurde nicht gelöscht, da es über den custom command zeitlich befristet wurde.","Information")
    } elseif ($member -notlike "*GG_RBA_AD-Bellach*"){
        $Context.LogMessage("$member wurde gelöscht.", "Information")
        Remove-AdmgroupMember -Identity $groupname -Members $member -AdaxesService localhost -Confirm:$false -Server $servername
    } else{
        $Context.LogMessage("$member wurde nicht gelöscht, da es sich um eine Gruppe handelt.","Information")
    }
}

The script runs for groups, and it should check if a member was added through a custom comand, or manually to the group. If he was added manually, then we will delete him.

My big problem is that the group can exist both on-prem and in the cloud.

The Adaxes Powershell functions (like Get-AdmGroupMember, or Remove-AdmgroupMember) only work with cloud objects if the server name is specified, otherwise they fail.

How can I build it nicer so that I don't have to hardcode the server name?

So basically I want to replace this part: 

$groupname = $context.TargetObject.Get("distinguishedName")

if ($groupname -like "*onmicrosoft*"){
    $servername = "fraisalan.onmicrosoft.com"
} else {
    $servername = "fraisalan.ch"
}

Thank you for your help!

Best regards Benjamin

by (20 points)

1 Answer

0 votes
by (289k points)

Hello Benjamin,

Specifying the -Server parameter is mandatory in this case. However, you do not need to hardcode domain names in the script. You can use the below code to just obtain it for the target object:

$servername = $Context.GetObjectDomain("%distinguishedName%")
0

Hi, thank you for your quick answer. It works! You helped me much.

Best regards Benjamin

by (20 points)

Related questions

0 votes
1 answer
Duplicate user accounts after connecting Entra domain and on-prem domain.

I connected my local AD domain as well as my Entra domain in Adaxes, however I am now seeing duplicate user accounts, one under our local AD and the other from ... Connect, and it's confusing determining which user is in which location when making updates.

asked Sep 4 by aswint (50 points)
0 votes
1 answer
Exchange Online and On-Prem mailboxes

Hi team, we see sometimes the following behavior: Changing a user mailbox to shared, is just moving on-prem mailbox of this user to shared. Online mailbox seems not to ... . What will happen with online mailbox? Will Adaxes generate a remote mailbox at all?

asked Oct 13, 2023 by wintec01 (1.5k points)
0 votes
1 answer
Script create remote mailbox and on prem mailbox

Hello, I have a sheduled task running. This task checks if a user is a member of a Licensed Office 365 Group with exchange online. If the user does not have an ... the on prem exchange mailbox and the exchange online mailbox? Thanks if you have an idea!

asked Feb 24, 2023 by fabian.p (380 points)
0 votes
1 answer
Is it on-prem? And is there a default report to see all changes and after-hour changes.

Topic question, we are looking into AD Auditing and I would like to know if this solution is on-prem. And I would like to know if there is a built in report to see ... to access folders they do not have permissions to, is this something I can do with Adaxes?

asked Jun 10, 2021 by anthonysmills (20 points)
0 votes
1 answer
Use the Adaxes PowerShell SDK Module for JIT Form Submission

My role as a developer require a form submission with Adaxes to get JIT (just in time) access to an client environment, I want to need guidance to form submission with the Adaxes PowerShell module.

asked Nov 19, 2020 by spencer.nicol (20 points)
3,544 questions
3,235 answers
8,229 comments
547,809 users