The script adds a user's account located in Novel eDirectory to a eDirectory group.
Note: The script uses the $Context variable available on the server side only. This means that it can be executed only by business rules, custom commands, and scheduled tasks. You can use it in your rules, commands and tasks via the Run a program or PowerShell script action.
Parameters:
- $eDirectoryServer - Specifies the eDirectory LDAP server. The server must be specified by its fully qualified domain name (FQDN) followed by the number of the port used to accept LDAP requests (by default, 389).
- $adminDN - Specifies the Distinguished Name (DN) of a eDirectory administrative account. The account must have sufficient permissions to perform the following operations:
- View the user account and the group in question.
- Modify the groupMembership and securityEquals attributes of the user account.
- Modify the member and equivalentToMe attributes of the group.
- $adminPassword - Specifies the password to the account identified by $adminDN.
- $username - Specifies the name of the user in eDirectory. You need to use value references to compose the name based on properties of the AD user account. For example, if you specify %username%, the name of the user account in Novell eDirectory must be the same as the user logon name of the Active Directory user.
- $groupName - Specifies the group name.
PowerShell
$eDirectoryServer = "edirectory.server.doman.com:389" # TODO: modify me
$adminDN = "cn=admin,o=company" # TODO: modify me
$adminPassword = "secret" # TODO: modify me
$username = "%username%" # TODO: modify me
$groupName = "MyGroup" # TODO: modify me
function SearchObjectInEDirectory($filter, $eDirectoryServer, $adminDN, $adminPassword)
{
try
{
$directoryEntry = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$eDirectoryServer", $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
$searcher = New-Object System.DirectoryServices.DirectorySearcher($directoryEntry, $filter)
$searchResults = $searcher.FindAll()
$Context.LogMessage($searchResults[0].Path, "Information")
if ($searchResults.Count -eq 0)
{
return $NULL
}
else
{
return ,$searchResults
}
}
catch
{
$Context.LogMessage("Could not find an object matching the following filter: '$filter'. Error: " + $_.Exception.Message, "Information")
}
finally
{
$directoryEntry.Dispose()
$searcher.Dispose()
}
}
# Find user
$searchResults = SearchObjectInEDirectory "(&(objectClass=person)(name=$username))" $eDirectoryServer $adminDN $adminPassword
if ($searchResults -eq $NULL)
{
$Context.LogMessage("User '$username' not found", "Warning")
return
}
elseif ($searchResults.Count -gt 1)
{
$Context.LogMessage("Found more than one user with name '$username'", "Warning")
return
}
else
{
$userInfo = $searchResults[0]
}
# Find group
$searchResults = SearchObjectInEDirectory "(&(objectClass=group)(name=$groupName))" $eDirectoryServer $adminDN $adminPassword
if ($searchResults -eq $NULL)
{
$Context.LogMessage("Group '$groupName' not found", "Warning")
return
}
elseif ($searchResults.Count -gt 1)
{
$Context.LogMessage("Found more than one group with name '$groupName'", "Warning")
return
}
else
{
$groupInfo = $searchResults[0]
}
# Add user to group
$userDN = $userInfo.Path.Replace("LDAP://$eDirectoryServer/", "")
$groupDN = $groupInfo.Path.Replace("LDAP://$eDirectoryServer/", "")
try
{
# Update user
$userDirectoryEntry = New-Object System.DirectoryServices.DirectoryEntry($userInfo.Path, $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
$userDirectoryEntry.Properties["securityEquals"].Add($groupDN)
$userDirectoryEntry.Properties["groupMembership"].Add($groupDN)
$userDirectoryEntry.CommitChanges()
# Update group
$groupDirectoryEntry = New-Object System.DirectoryServices.DirectoryEntry($groupInfo.Path, $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
$groupDirectoryEntry.Properties["equivalentToMe"].Add($userDN)
$groupDirectoryEntry.Properties["member"].Add($userDN)
$groupDirectoryEntry.CommitChanges()
}
catch
{
$Context.LogMessage("An error occurred when adding user to eDirectory group. Error: " + $_.Exception.Message, "Warning")
}
finally
{
$userDirectoryEntry.Dispose()
}
Hello Mohi,
Please, find the updated script below. It adds users listed in a CSV file to an eDirectory group. In the script:
Hello Pablo,
Have a look at the following script from our repository:https://www.adaxes.com/script-repository/import-new-and-updated-users-from-csv-file-s246.htm. If that is not what you need, please, describe the desired workflow in all the possible details? A live example would be very helpful.
Hello Pablo,
Have a look at the following script from our repository: https://www.adaxes.com/script-repository/add-users-to-novel-edirectory-groups-from-csv-s567.htm.
Any chance you have a script that will parse and return all LDAP attributes in eDirectory via Powershell?
Thanks!
Hello Paul,
Unfortunately, we do not have such a script in our repository.
Can i get a script to delete "Shared mailbox" from Active directory in bulk
Hello,
Sorry for the confusion, but we are not sure what exactly you need the script to do. Could you, please, describe the desired bahaviour in all the possible details with live examples?