The script updates the list of members of the target group with managers that currently have direct reports whose property is set to a specific value. To execute the script, create a custom command, scheduled task or business rule configured for the Group object type. The script always fully rewrites membership of the group.
Parameters:
- $propertyName - Specifies the LDAP name of the property that will be checked in accounts of direct reports.
- $propertyValueToSearch - Specifies the value the $propertyName property should be set to for the account manager to be added to the group.
PowerShell
$propertyName = "employeeType" # TODO: modify me
$propertyValueToSearch = "Type" # TODO: modify me
$searcher = New-Object Softerra.Adaxes.Adsi.Search.DirectorySearcher $NULL, $False
$searcher.SearchParameters.Filter = "(&(sAMAccountType=805306368)(manager=*)($propertyName=$propertyValueToSearch))"
$searcher.VirtualRoot = $True
$searcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.SearchParameters.PageSize = 500
$searcher.SetPropertiesToLoad(@("manager"))
try
{
# Execute search
$searchResultIterator = $searcher.ExecuteSearch()
$searchResults = $searchResultIterator.FetchAll()
$managerDNs = New-Object "System.Collections.Generic.HashSet[System.String]"
$searchResults | %%{ [void]$managerDNs.Add($_.Properties["manager"].Value)}
# Update group
$Context.TargetObject.Put("member", @($managerDNs))
$Context.TargetObject.SetInfo()
}
catch
{
# Release resources
if ($searchResultIterator) { $searchResultIterator.Dispose() }
}