We are using the dynamic dist list script found below. The issue is we also have to be able to provide overrides, which we are achieving through secondary static list we will maintain manually. When the script runs at 5 am EST every day it removes the override DL from the list. Is there a way to keep any overrides when the process runs?

$companyProperty = "adm-CustomAttributeText1" # TODO: modify me
$employeeTypeProperty = "adm-CustomAttributeText4" # TODO: modify me

function SearchObjects($filter, $domainName, $properties)
    # Set search parameters
    $searcher = $Context.BindToObject("Adaxes://$domainName")
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"

        # Execute search
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()

        return ,$searchResults
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }

# Get company for LDAP filter
    $company = $Context.TargetObject.Get($companyProperty)
    $Context.LogMessage("Company not specified", "Warning")

# Get employee type for LDAP filter
    $employeeType = $Context.TargetObject.Get($employeeTypeProperty)
    $employeeType = $NULL

# Build filter
$filter = New-Object "System.Text.StringBuilder"
if (-not([System.String]::IsNullOrEmpty($employeeType)))
$domainName = $Context.GetObjectDomain("%distinguishedName%")

# Search users
$searchResults = SearchObjects $filter.ToString() $domainName @("distinguishedName")

# Add users to group
if ($searchResults.Length -eq 0)
    $Context.TargetObject.PutEx("ADS_PROPERTY_CLEAR", "member", $NULL)
    [System.Array]$userDNs = $searchResults | %%{$_.Properties["distinguishedName"].Value}
    $Context.TargetObject.PutEx("ADS_PROPERTY_UPDATE", "member", $userDNs)

# Save the changes
What exactly do you mean by overrides? Could you describe the desired behaviour in all the possible details?


We previously created dynamic lists from powershell commands and if we needed to change or modify we would have to run the powershell again with the new variables. We found the script mentioned and it works perfectly except it removes any group or individual we placed the list when it runs. To future prove having to rerun the script we decided to create an override list. We will place any individual needing access but doesn't fit the initial criteria in the override group but the script runs and removes the group.

Real life example: we create a dynamic distribution list based on value of employee ID and need to add an user with a different employee ID so we add the user to the static override list manually. This works perfectly until the list runs at is update time and removes all memberships and as only those with the correct employee ID. We need the script that runs to ignore the override list when re adding memberships.

1 Answer

Thank you for clarifying.

As a solution, we can add another criteria for members of the distribution list based on group membership. In this case, the script will also add all members of the specified group to the distribution list on each run not counting the other criteria for them.

Alternatively, the users that are members of the group, will be ignored when the script updates distribution list members. In this case, you will need to add/remove the users from the distribution list manually.

Specify which solution is best for you and we will provide you with the updated script.


We are looking for the second option. In this way we can easily manage the few exceptions we need to without breaking the purpose of making the list dynamic (lots of adds and deletes daily)



Thank you for clarifying. Find the updated script below.

$companyProperty = "adm-CustomAttributeText1" # TODO: modify me
$employeeTypeProperty = "adm-CustomAttributeText4" # TODO: modify me

function SearchObjects($filter, $domainName, $properties)
    # Set search parameters
    $searcher = $Context.BindToObject("Adaxes://$domainName")
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"

        # Execute search
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()

        return ,$searchResults
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }

# Get company for LDAP filter
    $company = $Context.TargetObject.Get($companyProperty)
    $Context.LogMessage("Company not specified", "Warning")

# Get employee type for LDAP filter
    $employeeType = $Context.TargetObject.Get($employeeTypeProperty)
    $employeeType = $NULL

# Build filter
$filter = New-Object "System.Text.StringBuilder"
if (-not([System.String]::IsNullOrEmpty($employeeType)))
$domainName = $Context.GetObjectDomain("%distinguishedName%")

# Search users
$searchResults = SearchObjects $filter.ToString() $domainName

# Add users to group
foreach ($searchResult in $searchResults)

