The following script executes a custom command on a user with the same username as the target user, but located in another AD domain. You can use the script in environments where a user has 2 separate user accounts in 2 different domains. In such a case, when a certain event occurs with one of accounts of a user, you can automatically perform certain operations on the other account associated with the same user. For example, when one of the accounts gets deprovisioned, you can also deprovision the other account.
To execute the script as a part of a business rule, custom command, or scheduled task, use the Run a program or PowerShell script action.
Parameters:
- $commandID - Specifies the ID of the custom command that you want the script to execute. For information on how to get the ID of a custom command, see Get the ID of a Custom Command.
- $resourceDomainDN - Specifies the distinguished name (DN) of the domain where the 2nd accounts of users are located.
PowerShell
$commandID = "{9db88ec3-1241-4ab1-9612-c7c982baa49f}" # TODO: modify me
$resourceDomainDN = "DC=domain,DC=com" # TODO: modify me
# Find user with the same username in the resource domain.
$searcher = $Context.BindToObjectByDN($resourceDomainDN)
$searcher.Criteria = New-AdmCriteria "user" -Expression {sAMAccountName -eq "%username%"}
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SizeLimit = 1
try
{
$searchResultIterator = $searcher.ExecuteSearch()
$searchResults = $searchResultIterator.FetchAll()
if ($searchResults.Count -eq 0)
{
$Context.LogMessage("Cannot find a user with username '%username%' in the resource domain", "Warning")
return
}
# Run the custom command on the user.
$user = $Context.BindToObjectEx($searchResults[0].AdsPath, $True)
$user.ExecuteCustomCommand($commandID, $null)
}
finally
{
# Release resources
$searchResultIterator.Dispose()
}