0 votes

Hello

Back when we first started using Adaxes you created a couple of great scripts which worked together really well, the first one copied one users group membership and put in in a custom attribute of the user running the command (as a holding area), the second copied the groups back from this holding area to the second user who needs added to these group. This script overwrites the group membership of the second user which is what we needed at the time.

Would it be possible to have a script which pasted these groups as an addition to what groups the second user is already a member of?

Thank you.

by (700 points)
0

Hello,

Yes, sure. We've asked our script guys to come up with such a script. We'll update this topic as soon as they have a script for you.

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

Here you are:

# Get an array of  group GUIDs
try
{
    $sourceGroupGuids = $Context.Initiator.UserAdsObject.Get("adm-CustomAttributeBinary1")
}
catch
{
    $Context.Cancel("Failed to get group GUIDs.")
    return
}

# Calculate the number of GUIDs
$totalBytes = $sourceGroupGuids.Length
# Make sure that the total number of  bytes is a divisible of 16
$remainder = 0
[System.Math]::DivRem($totalBytes, 16, [ref] $remainder)
if ($remainder -ne 0)
{
    $Context.Cancel("Unexpected data length!")
    return
}
$groupsToAdd = New-Object "System.Collections.Generic.HashSet[System.Guid]"

for ($i = 0; $i -lt ($totalBytes / 16); $i++)
{
    $bytes = [System.Guid]::Empty.ToByteArray()
    [System.Array]::Copy($sourceGroupGuids, $i * 16, $bytes, 0, 16)
    $guid = New-Object "System.Guid" (,$bytes)
    $groupsToAdd.Add($guid)
}

# Get GUIDs of the groups the user is a member of
$memberOfGuids = $Context.TargetObject.GetEx("adm-DirectMemberOfGuid")

# Adjust the list of groups to add the user to
foreach($memberOfGuidBytes in $memberOfGuids)
{
    $guid = New-Object "System.Guid" (,$memberOfGuidBytes)
    if (-not($groupsToAdd.Contains($guid)))
    {
        continue
    }

    $groupsToAdd.Remove($guid) # already a member of the group
}

# Add to groups
$failedToAdd = ""
$successfullyAdded = ""
foreach($groupGuid in $groupsToAdd)
{
    $groupGuid = $groupGuid.ToString("B")
    $groupPath = "Adaxes://<GUID=$groupGuid>"
    $groupName = $Context.GetDisplayNameFromAdsPath($groupPath)
    try
    {
        $group = $Context.BindToObjectEx($groupPath, $True)
        $group.Add($Context.TargetObject.AdsPath)
    }
    catch
    {
        $failedToAdd += "$groupName; "
        continue
    }

    $successfullyAdded += "$groupName; "
}

if ($successfullyAdded.Length -ne 0)
{
    $Context.LogMessage("The user was added to the following groups: $successfullyAdded", "Information") # TODO: modify me
}
if ($failedToAdd.Length -ne 0)
{
    $Context.LogMessage("The user was not added to the following groups because you do not have sufficient permissions: $failedToAdd", "Information") # TODO: modify me
}
0

Thanks so much, very quick response and it worked perfectly!

Related questions

0 votes
1 answer

Hi, Group memberships are kept when using "User Copy" function. Is it possible to do the same thing between two existing users ? (custom commands or else) Thanks for your response, Yoann

asked Oct 4, 2012 by yoann.hamon (180 points)
0 votes
1 answer

goal is to copy groups from one user to another during the crete user process. I created a variable on the create user form to input the UPN of the ... primaryGroupToken") -eq $primaryGroupId) { continue } $group.Remove($Context.TargetObject.AdsPath) } }

asked Nov 30, 2021 by Derek.Axe (480 points)
0 votes
1 answer

We have several contractors that come and go, it would be helpful to have a custom command that will copy only the member of groups from one user to another. We have done this previously with ... ; write-warning "I'm sorry, Jay. I'm afraid I can't do that." }

asked Jan 9, 2017 by willy-wally (3.2k points)
0 votes
1 answer

I have a scheduled task that runs a Powershell script against an AD group, "Group 1". I need to get all of the members of Group 1, and add them to Group 2. The ... identity in the error message start with 'user;'? What is the correct way to accomplish this?

asked Aug 27, 2019 by ngb (290 points)
0 votes
1 answer

We have a potentially complicated sitaution and so far I have no found a solution. Any suggestions will be greatly appreciated. We have specific security groups that ... or see any user details other than the memberships for these specific security groups.

asked Jan 2, 2023 by WannabeGuru (20 points)
3,526 questions
3,217 answers
8,197 comments
547,625 users