Adaxes

Dynamic Dist List issue

0 votes

We are using the dynamic dist list script found below. The issue is we also have to be able to provide overrides, which we are achieving through secondary static list we will maintain manually. When the script runs at 5 am EST every day it removes the override DL from the list. Is there a way to keep any overrides when the process runs?

$companyProperty = "adm-CustomAttributeText1" # TODO: modify me
$employeeTypeProperty = "adm-CustomAttributeText4" # TODO: modify me

function SearchObjects($filter, $domainName, $properties)
{
    # Set search parameters
    $searcher = $Context.BindToObject("Adaxes://$domainName")
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    $searcher.SetPropertiesToLoad($properties)

    try
    {
        # Execute search
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()

        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

# Get company for LDAP filter
try
{
    $company = $Context.TargetObject.Get($companyProperty)
}
catch
{
    $Context.LogMessage("Company not specified", "Warning")
    return
}

# Get employee type for LDAP filter
try
{
    $employeeType = $Context.TargetObject.Get($employeeTypeProperty)
}
catch
{
    $employeeType = $NULL
}

# Build filter
$filter = New-Object "System.Text.StringBuilder"
[void]$filter.Append("(&(sAMAccountType=805306368)(company=$company)")
if (-not([System.String]::IsNullOrEmpty($employeeType)))
{
    [void]$filter.Append("(employeeType=$employeeType)")
}
[void]$filter.Append(")")
$domainName = $Context.GetObjectDomain("%distinguishedName%")

# Search users
$searchResults = SearchObjects $filter.ToString() $domainName @("distinguishedName")

# Add users to group
if ($searchResults.Length -eq 0)
{
    $Context.TargetObject.PutEx("ADS_PROPERTY_CLEAR", "member", $NULL)
}
else
{
    [System.Array]$userDNs = $searchResults | %%{$_.Properties["distinguishedName"].Value}
    $Context.TargetObject.PutEx("ADS_PROPERTY_UPDATE", "member", $userDNs)
}

# Save the changes
$Context.TargetObject.SetInfo()
by (3.2k points)
0

Hello,

What exactly do you mean by overrides? Could you describe the desired behaviour in all the possible details?

by (289k points)
moved by
0

We previously created dynamic lists from powershell commands and if we needed to change or modify we would have to run the powershell again with the new variables. We found the script mentioned and it works perfectly except it removes any group or individual we placed the list when it runs. To future prove having to rerun the script we decided to create an override list. We will place any individual needing access but doesn't fit the initial criteria in the override group but the script runs and removes the group.

Real life example: we create a dynamic distribution list based on value of employee ID and need to add an user with a different employee ID so we add the user to the static override list manually. This works perfectly until the list runs at is update time and removes all memberships and as only those with the correct employee ID. We need the script that runs to ignore the override list when re adding memberships.

by (3.2k points)
moved by

1 Answer

0 votes
by (289k points)
selected by
Best answer

Hello,

Thank you for clarifying.

As a solution, we can add another criteria for members of the distribution list based on group membership. In this case, the script will also add all members of the specified group to the distribution list on each run not counting the other criteria for them.

Alternatively, the users that are members of the group, will be ignored when the script updates distribution list members. In this case, you will need to add/remove the users from the distribution list manually.

Specify which solution is best for you and we will provide you with the updated script.

0

We are looking for the second option. In this way we can easily manage the few exceptions we need to without breaking the purpose of making the list dynamic (lots of adds and deletes daily)

by (3.2k points)
moved by
0

Hello,

Thank you for clarifying. Find the updated script below.

$companyProperty = "adm-CustomAttributeText1" # TODO: modify me
$employeeTypeProperty = "adm-CustomAttributeText4" # TODO: modify me

function SearchObjects($filter, $domainName, $properties)
{
    # Set search parameters
    $searcher = $Context.BindToObject("Adaxes://$domainName")
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"

    try
    {
        # Execute search
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()

        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

# Get company for LDAP filter
try
{
    $company = $Context.TargetObject.Get($companyProperty)
}
catch
{
    $Context.LogMessage("Company not specified", "Warning")
    return
}

# Get employee type for LDAP filter
try
{
    $employeeType = $Context.TargetObject.Get($employeeTypeProperty)
}
catch
{
    $employeeType = $NULL
}

# Build filter
$filter = New-Object "System.Text.StringBuilder"
[void]$filter.Append("(&(sAMAccountType=805306368)(company=$company)")
if (-not([System.String]::IsNullOrEmpty($employeeType)))
{
    [void]$filter.Append("(employeeType=$employeeType)")
}
[void]$filter.Append(")")
$domainName = $Context.GetObjectDomain("%distinguishedName%")

# Search users
$searchResults = SearchObjects $filter.ToString() $domainName

# Add users to group
foreach ($searchResult in $searchResults)
{
    $Context.TargetObject.Add($searchResult.AdsPath)
}
by (289k points)
moved by

Related questions

0 votes
1 answer
Forms and view department dynamic list

In AdaxesConfig>Management>Forms and Views>User form - We want the ability to for Department field, when we click Configure to look similar to Manager (when it is configure is ... . I wanted to add some screenshots but didn't see the option to do it.

asked Feb 17, 2023 by mchaudh (40 points)
0 votes
1 answer
Custom Command Dynamic List Items?

Is it possible to populate Custom Command Drop-Down List and Checkbox List items using PowerShell? If not, is such a feature on the Adaxes roadmap?

asked Dec 12, 2022 by Viajaz (210 points)
0 votes
1 answer
Dynamic Manager List

Good Morning, I was hoping to get some assistance in creating a powershell script that I could run daily that would do the following. 1. Gather a list of all AD ... "Manager" field in a property pattern with found users Any assistance would be great. Thanks!

asked Jun 15, 2018 by jhair (520 points)
0 votes
1 answer
Export member list from dynamic group

How do I go about getting an export of users that are assigned to a particular dynamic group? The existing export rules don't seem to do the trick. It only pulls info ... the dynamic group, i would like to also report on those that have been licensed for O365

asked Mar 20, 2017 by cubedit (60 points)
0 votes
0 answers
custom and dynamic list

Hello. Is there a way to get a drop down list with custom and dynamic content in Adaxes administration console (or web)? 1. Get list of available number in dailplan from a ... or disable for Lync' from a temp variable populated in #2. How can we address #2?

asked Sep 27, 2016 by Klas (460 points)
3,548 questions
3,238 answers
8,232 comments
547,810 users