0 votes

I'm learning how to use the Adaxes powershell commands.

I've tried searching for a group and that fails to find anything but the local domain. I thought if I used the switches and designate an Adaxes server for the service and the proper credentials it would return all items across the domains. This doesn't seem to be happening.

This fails to find the Administrators groups in all domains. It returns just one domain.

Get-AdmGroup -AdaxesService ADAXES01.domain.com -Credential $myCredentials -Identity Administrators

by (790 points)
edited by

1 Answer

0 votes
by (294k points)
reshown by

Hello,

This behavior is by design. It is not possible to use a cmdlet to perform a search in multiple domains at once. The domain to search in is controlled by the -Server parameter. To search objects in all the domains managed by Adaxes, you need to use the approach like in the following example: https://adaxes.com/sdk/SampleScripts.SearchingGroups. For the search to be performed in all the managed domains, set the VirtualRoot search parameter to True. For details about search parameters, see https://adaxes.com/sdk/IAdmDirectorySearcher.

0

I still don't understand how to use this virtual root. I'm not understanding how I go about "Binding" to this virtual root. None of the examples show this.

The examples always show binding to a specific OU or account. I understand this. How do I bind to the virtual root?

Example from site: `[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace" $admService = $admNS.GetServiceDirectly("localhost")

$searcher = $admService.OpenObject( "Adaxes://OU=People,DC=company,DC=com", $NULL, $NULL, 0)

$searcher.SearchFilter = "(&(objectCategory=person)(objectClass=user)(department=Sales))" $searcher.SearchScope = "ADS_SCOPE_SUBTREE" try { $results = $searcher.ExecuteSearch() foreach ($result in $results.FetchAll()) { Write-Host $result.ADsPath } } finally { $results.Dispose() }`

The above example shows

$searcher = $admService.OpenObject( "Adaxes://OU=People,DC=company,DC=com", $NULL, $NULL, 0)

What would I bind to?

0

I tried

$searcher = $admService.OpenObject("Adaxes://rootDSE", $NULL, $NULL, 0)

But it doesn't work.

0

Ah I finally understand. :)

$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace" $admService = $admNS.GetServiceDirectly("USCPADAXES01")

$searcher = $admService.OpenObject("Adaxes://rootDSE", $NULL, $NULL, 0)

$searcher.SearchFilter = "(&(objectCategory=person)(objectClass=user)(department=Information Systems))" $searcher.SearchScope = "ADS_SCOPE_SUBTREE" $searcher.VirtualRoot = $true try { $results = $searcher.ExecuteSearch() foreach ($result in $results.FetchAll()) { Write-Host $result.ADsPath } } finally { $results.Dispose() }

Thank you.

Related questions

0 votes
1 answer

Hi Guys, Short question. In our organisation we have a buch of the security group that have a specific "class". The class is simple number stored in the ExtensionAttribute1. I'd ... tried to do the something like that with ADSI :cry: Could you please help me?

asked Dec 8, 2014 by axmaster (510 points)
0 votes
1 answer

We have some dynamic groups with roughly 1800 members. Get-AdmGroup returns the member property OK for small groups, but for these large groups it returns null ... by calling Get-AdmGroupMember for those groups? Thanks, Randy Lindsey Colorado Springs Utilities

asked Aug 1, 2013 by rlindsey (20 points)
0 votes
1 answer

I'm trying to set the adm-ManagedByList attribute on a few hundred groups via powershell, and found that it's only working for groups in our root domain, but fails for all ... is actually located ##'. Am I missing something here or is this a bug? Thanks Felix

asked Sep 19 by felix (150 points)
0 votes
0 answers

It would be great if we could run a report on an OU and get the following information: Computer Name Local Accounts Whether or not the account is an administrator ... this is less important. Thanks in advance. Your support team is great and appreciated.

asked Sep 8, 2021 by mikek (80 points)
0 votes
1 answer

How can I create a script that does these things For internal audit. objective Even removing all groups of a disconnected user, we will still know which groups the ... in the created group (audit)-sAMAccountName-access add the (user)-sAMAccountName in members

asked Jul 2, 2022 by alancardoso (40 points)
3,589 questions
3,278 answers
8,303 comments
548,131 users