Adaxes

Unmanaged User Accounts Filter

0 votes

What is the format for entering 'type filter text' in the 'Unmanaged User Accounts' screen to exclude certain user OUs that we don't want to manage in Adaxes?

Thanks!

by (100 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

Actually, the filter field on the Unmanaged User Accounts dialog can be used to search among user who are already added to Unmanaged Accounts.

In the UI, you can only add users one-by-one. To exclude whole OUs, you'll need to use a script. For an example of such a script, have a look at the following article in our SDK: Also, you can take a look at the sample scripts in Adaxes SDK: http://adaxes.com/sdk/?SampleScripts.Co ... ounts.html.

For more details, have a look at Restrict Users Based On OU.

0

Worked great! Thanks!

by (100 points)
0

The script works, however, we continually get a message stating that we are over our license count and that Adaxes will stop functioning in 30 days if not resolved. When I open the properties and wait for the licensing to calculate, the results are that we are using 700+ less accounts that what we have purchased.

Is there a way to prevent the messages or to configure the system to calculate the unmanaged accounts before comparing the licenses vs the managed accounts?

by (100 points)
0

Hello,

When I open the properties and wait for the licensing to calculate

Could you send a screenshot of this and also a screenshot of the warning message that you get to our support e-mail (support[at]adaxes.com)?

by (216k points)
0

Email is on it's way.

Thanks.

by (100 points)
0

Hello,

Sorry for misleading you. The script in the post we've cited in the initial reply contains an error. This script should remedy the issue:

$ouDNs = @("OU=Unmanaged Accounts 1,DC=domain,DC=com","OU=Unmanaged Accounts 2,DC=domain,DC=com") # TODO: modify me

function GetUserSids($ouDNs)
{
    $userSids = New-Object "System.Collections.Generic.HashSet[String]"

    foreach ($ouDN in $ouDNs)
    {
        $ou = $Context.BindToObjectByDN($ouDN)

        $userSearcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher" $NULL, $False
        $userSearcher.SearchParameters.BaseObjectPath = $ou.AdsPath
        $userSearcher.SearchParameters.PageSize = 500
        $userSearcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
        $userSearcher.SearchParameters.Filter = "(sAMAccountType=805306368)"
        $userSearcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
        $userSearcher.SetPropertiesToLoad(@("objectSid"))

        $searcherResult = $userSearcher.ExecuteSearch()
        $users = $searcherResult.FetchAll()
        $searcherResult.Dispose()

        foreach ($userID in $users)
        {
            $sidBytes = $userID.Properties["objectSid"].Value
            $sid = New-Object "Softerra.Adaxes.Adsi.Sid" @($sidBytes, 0)

            $userSids.Add($sid.ToString()) | Out-Null
        }
    }
    return ,$userSids
}

$userSids = GetUserSids $ouDNs

$configurationSetSettingsPath = $Context.GetWellKnownContainerPath("ConfigurationSetSettings")
$admConfigurationSetSettings = $Context.BindToObject($configurationSetSettingsPath)
$admConfigurationSetSettings.SetUnmanagedAccounts(@($userSids))
by (216k points)

Related questions

0 votes
1 answer
When does Adaxes determine license counts (unmanaged/managed accounts issue)

Hi all, Just wondering when Adaxes actually determines the current unmanaged/managed user counts - is it random, scheduled, or a manual thing? Also, does it randomly re-determine ... the script ran successfully every night, so I am not sure here. Cheers all.

asked Sep 22, 2020 by TheLexicon (200 points)
0 votes
1 answer
Disable Unmanaged Admin account when a user is terminated

We have a custom command that executes to separate/terminate a user. Part of the CC determines if the user has an associated Admin account, which is stored as an Unmanaged ... the user account but we need a way to also disable the associated Admin account.

asked Jul 18, 2023 by sandramnc (870 points)
0 votes
1 answer
What is the impact of adding a user to the 'unmanaged' list ?

We just busted our licence limit of 400, but we are only 320 employees. All the extras are either service accounts, external contractors accounts or old user accounts ... is reinstated on the 'managed accounts' list? Thank you for the guidance, Louis

asked Apr 11, 2022 by lw.fa (130 points)
0 votes
1 answer
LDAP filter for web interface - user

What I'm trying to accomplish: user should have access to modify certain accounts where customTextAttribute2="test" (example). When I modify the criteria under "object selection" ... to query custom attributes or do you have to use AD attributes for this?

asked Mar 19 by tromanko (330 points)
0 votes
1 answer
Browsing - Filter options - User criteria - Search users in specific base DN

base dn: OU=Users,DC=domain,DC=com then we have sub OU's like OU=Department,OU=Users,DC=domain,DC=com and OU=Site,OU=Department,Dc=domain,dc=com i would like to filter all the users inside base dn.

asked Feb 21, 2023 by dppankib (20 points)
3,549 questions
3,240 answers
8,232 comments
547,820 users