The script deletes Google Apps groups that do not have corresponding AD groups in your Active Directory.
To clean up the groups on a regular basis, create a scheduled task for Domain-DNS objects that runs the script.
Note: Before using the script, install and configure the GAM Tool on the computer where Adaxes service runs. For details, see GAM Wiki.
Parameters:
- $gamPath - Specifies a path to the GAM executable file.
- $waitTimeMilliseconds - Specifies the time to wait for GAM response. It is recommended not to set a time exceeding the 10 minutes' limit applied by Adaxes to scripts executed by business rules, custom commands and scheduled tasks. If a script runs for more time than you specify, it will be completed, but the errors, warnings and other messages will not be added to the Execution Log.
- $groupIdAttribute - Specifies an AD property that serves as the group identifier in Google Apps. The script will search Google Apps groups by the specified property. For example, if you specify sAMAccountName, group names in Google Apps must correspond to the Group Name (pre-Windows 2000) property of the corresponding AD groups.
PowerShell
$gamPath = "C:\Scripts\Gam\gam.exe" # TODO: modify me
$waitTimeMilliseconds = 8 * 60 * 1000 # TODO: modify me
$groupIdAttribute = "sAMAccountName" # TODO: modify me
function StartProcess ($arguments)
{
# Start GAM process
$processInfo = New-Object System.Diagnostics.ProcessStartInfo
$processInfo.FileName = $gamPath
$processInfo.RedirectStandardOutput = $true
$processInfo.RedirectStandardError = $true
$processInfo.UseShellExecute = $false
$processInfo.CreateNoWindow = $true
$processInfo.Arguments = $arguments
$process = New-Object System.Diagnostics.Process
$process.StartInfo = $processInfo
[void]$process.Start()
$processCompleted = $process.WaitForExit($waitTimeMilliseconds)
if (!$processCompleted)
{
$process.Kill()
Write-Error "The process timeout."
return $null
}
$resultErrors = $process.StandardError.ReadToEnd()
$resultOutput = $process.StandardOutput.ReadToEnd()
return @{
"Output" = $resultOutput.Trim();
"Error" = $resultErrors.Trim();
}
}
# Search group in Google Apps
$gamResult = StartProcess "print groups id"
$googleGroupIds = @{}
if (-not([System.String]::IsNullOrEmpty($gamResult.Output)))
{
# Parse result
$records = $gamResult.Output.Split("`n")
for ($i = 1; $i -lt $records.Length; $i++)
{
$googleGroupValues = $records[$i].Split(",")
[void]$googleGroupIds.Add($googleGroupValues[1].Trim(), $googleGroupValues[0].Trim())
}
}
else
{
$Context.LogMessage($gamResult.Output, "Warning")
$Context.LogMessage("An error occurred when getting a list of Google groups. Error: " + $gamResult.Error, "Error")
return
}
if ($googleGroupIds.Count -eq 0)
{
return # No Google groups
}
# Search groups in Active Directory
$searcher = $Context.BindToObject("Adaxes://rootDSE")
$searcher.SearchFilter = "(objectCategory=group)"
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.SetPropertiesToLoad(@($groupIdAttribute))
$searcher.VirtualRoot = $True
try
{
$searchResultIterator = $searcher.ExecuteSearch()
$searchResults = $searchResultIterator.FetchAll()
foreach ($searchResult in $searchResults)
{
$groupId = $searchResult.Properties[$groupIdAttribute].Value
if ([System.String]::IsNullOrEmpty($groupId))
{
continue
}
[void]$googleGroupIds.Remove($groupId)
}
}
finally
{
$searchResultIterator.Dispose()
}
# Delete Google groups
foreach ($id in $googleGroupIds.Keys)
{
$groupMail = $googleGroupIds[$id]
$operationResult = StartProcess "delete group $groupMail"
if (([System.String]::IsNullOrEmpty($operationResult.Error)) -or ($operationResult.Output.Trim() -eq "Deleting group $groupMail"))
{
continue
}
$Context.LogMessage($operationResult.Output, "Warning")
$Context.LogMessage("An error occurred when deleting a Google group. Error: " + $operationResult.Error, "Error")
}