The script copies group membership from the user specified to the target user.
Using a custom command parameter
The script copies group membership from the user specified in an AD object picker parameter of a custom command to the target user.
Parameters:
- $sourceUserDNParamName - Specifies the name of the parameter used to select the source user with the param- prefix.
- $replaceGroups - If set to $True, the script will replace all the target user group membership with that of the source user. If set to $False, the target user will retain its group membership and will be added to the groups the source user is a member of.
- $groupNamesToSkip - Specifies sAMAccountNames of the groups that should be skipped by the script.
PowerShell
$sourceUserDNParamName = "param-User" # TODO: modify me
$replaceGroups = $False # TODO: modify me
$groupNamesToSkip = @("Group1", "Group2", "Group3*") # TODO: modify me
function SkipGroup($patterns, $sAMAccountName)
{
foreach ($pattern in $patterns)
{
if ($sAMAccountName -like $pattern)
{
return $True
}
}
return $False
}
# Bind to the source user
$sourceUserDN = $Context.GetParameterValue($sourceUserDNParamName)
$sourceUser = $Context.BindToObjectByDN($sourceUserDN)
# Get groups to add
$groupGuidsToAdd = New-Object "System.Collections.Generic.HashSet[System.Guid]"
$sourceUser.GetEx("adm-DirectMemberOfGuid") | %%{[void]$groupGuidsToAdd.Add([Guid]$_)}
# Get current groups
$currentGroupGuids = New-Object "System.Collections.Generic.HashSet[System.Guid]"
$Context.TargetObject.GetEx("adm-DirectMemberOfGuid") | %%{[void]$currentGroupGuids.Add([Guid]$_)}
# Update groups
foreach ($guidBytes in $groupGuidsToAdd)
{
$guid = [Guid]$guidBytes
if ($currentGroupGuids.Remove($guid))
{
continue
}
# Skip special groups
$group = $Context.BindToObjectEx("Adaxes://<GUID=$guid>", $True)
$sAMAccountName = $group.Get("sAMAccountName")
if (($NULL -ne $groupNamesToSkip) -and
(SkipGroup $groupNamesToSkip $sAMAccountName))
{
continue
}
$group.Add($Context.TargetObject.AdsPath)
}
if ($replaceGroups)
{
# Get the primary group ID
$primaryGroupId = $Context.TargetObject.Get("primaryGroupID")
foreach ($guidBytes in $currentGroupGuids)
{
$guid = [Guid]$guidBytes
$group = $Context.BindToObjectEx("Adaxes://<GUID=$guid>", $True)
# Skip the group if it is the user's Primary Group
if ($group.Get("primaryGroupToken") -eq $primaryGroupId)
{
continue
}
$group.Remove($Context.TargetObject.AdsPath)
}
}
Using a DN syntax property
The script copies group membership from the user specified in a DN syntax property (e.g. Assistant) of the target user.
Parameters:
- $sourceUserDNPropertyName - Specifies the LDAP name of the DN syntax property storing the user to copy membership from.
- $replaceGroups - If set to $True, the script will replace all the target user group membership with that of the source user. If set to $False, the target user will retain its group membership and will be added to the groups the source user is a member of.
PowerShell
$sourceUserDNPropertyName = "assistant" # TODO: modify me
$replaceGroups = $True # TODO: modify me
# Bind to the source user
$sourceUserDN = $Context.TargetObject.Get($sourceUserDNPropertyName)
$sourceUser = $Context.BindToObjectByDN($sourceUserDN)
# Get groups to add
$groupGuidsToAdd = New-Object "System.Collections.Generic.HashSet[System.Guid]"
$sourceUser.GetEx("adm-DirectMemberOfGuid") | %%{[void]$groupGuidsToAdd.Add([Guid]$_)}
# Get current groups
$currentGroupGuids = New-Object "System.Collections.Generic.HashSet[System.Guid]"
$Context.TargetObject.GetEx("adm-DirectMemberOfGuid") | %%{[void]$currentGroupGuids.Add([Guid]$_)}
# Update groups
foreach ($guidBytes in $groupGuidsToAdd)
{
$guid = [Guid]$guidBytes
if ($currentGroupGuids.Remove($guid))
{
continue
}
$group = $Context.BindToObjectEx("Adaxes://<GUID=$guid>", $True)
$group.Add($Context.TargetObject.AdsPath)
}
if ($replaceGroups)
{
# Get the primary group ID
$primaryGroupId = $Context.TargetObject.Get("primaryGroupID")
foreach ($guidBytes in $currentGroupGuids)
{
$guid = [Guid]$guidBytes
$group = $Context.BindToObjectEx("Adaxes://<GUID=$guid>", $True)
# Skip the group if it is the user's Primary Group
if ($group.Get("primaryGroupToken") -eq $primaryGroupId)
{
continue
}
$group.Remove($Context.TargetObject.AdsPath)
}
}
Only copy Azure AD groups
The script copies group membership only in Azure AD from the user specified in an AD object picker parameter of a custom command to the target user.
Parameters:
- $sourceUserDNParamName - Specifies the name of the parameter used to select the source user with the param- prefix.
- $replaceGroups - If set to $True, the script will replace all the target user group membership with that of the source user. If set to $False, the target user will retain its group membership and will be added to the groups the source user is a member of.
- $groupNamesToSkip - Specifies names of the groups that should be skipped by the script.
PowerShell
$sourceUserDNParamName = "param-User" # TODO: modify me
$replaceGroups = $False # TODO: modify me
$groupNamesToSkip = @("Group1", "Group2", "Group3*") # TODO: modify me
function SkipGroup($patterns, $sAMAccountName)
{
foreach ($pattern in $patterns)
{
if ($sAMAccountName -like $pattern)
{
return $True
}
}
return $False
}
# Bind to the source user
$sourceUserDN = $Context.GetParameterValue($sourceUserDNParamName)
$sourceUser = $Context.BindToObjectByDN($sourceUserDN)
# Get groups to add
$groupGuidsToAdd = New-Object "System.Collections.Generic.HashSet[System.Guid]"
try
{
$sourceGroupGuidsBytes = $sourceUser.GetEx("adm-DirectMemberOfGuid")
}
catch
{
$sourceGroupGuidsBytes = @()
}
$sourceGroupGuidsBytes | %%{[void]$groupGuidsToAdd.Add([Guid]$_)}
# Get current groups
$currentGroupGuids = New-Object "System.Collections.Generic.HashSet[System.Guid]"
try
{
$targetGroupGuidsBytes = $Context.TargetObject.GetEx("adm-DirectMemberOfGuid")
}
catch
{
$targetGroupGuidsBytes = @()
}
$targetGroupGuidsBytes | %%{[void]$currentGroupGuids.Add([Guid]$_)}
# Update groups
foreach ($guidBytes in $groupGuidsToAdd)
{
$guid = [Guid]$guidBytes
if ($currentGroupGuids.Remove($guid))
{
continue
}
# Skip special groups
$group = $Context.BindToObjectEx("Adaxes://<GUID=$guid>", $True)
if ($group.DirectoryType -ne 2)
{
continue
}
$groupName = $group.Get("cn")
if (($NULL -ne $groupNamesToSkip) -and
(SkipGroup $groupNamesToSkip $groupName))
{
continue
}
$group.Add($Context.TargetObject.AdsPath)
}
if ($replaceGroups)
{
foreach ($guidBytes in $currentGroupGuids)
{
$guid = [Guid]$guidBytes
$group = $Context.BindToObjectEx("Adaxes://<GUID=$guid>", $True)
if ($group.DirectoryType -ne 2)
{
continue
}
$group.Remove($Context.TargetObject.AdsPath)
}
}
Please, specify which of the two scripts you need updated.