We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script repository

Set manager for users in specific OUs

July 01, 2021 Views: 914

The script finds a user with a specific property value in a specific OU and sets the user as manager of all other accounts in the OU. To execute the script, create a scheduled task configured for the Domain-DNS object type and add a managed domain to the Activity Scope of the task.

Parameters:

  • $propertyName - Specifies the LDAP name of the property whose value wil be checked to determine managers.
  • $valueToOuDN - maps values of the property specified in variable $propertyName with distinguished names (DNs) of the corresponding OUs. For information on how to get an object DN, see Get the DN of a directory object.
Edit Remove
PowerShell
$propertyName = "title" # TODO: modify me
$valueToOuDN = @{
    "Value1" = "OU=Users1,DC=domain,DC=com"
    "Value2" = "OU=Users2,DC=domain,DC=com"
} # TODO: modify me

function SearchObjects($filter, $ouDN)
{
    $searcher = $Context.BindToObjectByDN($ouDN)
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    
    try
    {
        # Execute search
        $searchIterator = $searcher.ExecuteSearch()
        $searchResults = $searchIterator.FetchAll()
        
        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchIterator){ $searchIterator.Dispose() }
    }
}

foreach ($value in $valueToOuDN.Keys)
{
    # Search manager
    $searchResults = SearchObjects "(&(sAMAccountType=805306368)($propertyName=$value))" $valueToOuDN[$value]
    if ($searchResults.Length -eq 0)
    {
        $Context.LogMessage("Manager with value $value not found.", "Warning")
        continue
    }
    elseif ($searchResults.Length -gt 1)
    {
        $Context.LogMessage("Found more than one manager with the following value $value", "Warning")
        continue
    }
    $managerDN = $searchResults[0].Properties["distinguishedName"].Value
    
    # Search users
    $filterManager = [Softerra.Adaxes.Ldap.FilterBuilder]::Create("manager", $managerDN)
    $filterDistinguishedName = [Softerra.Adaxes.Ldap.FilterBuilder]::Create("distinguishedName", $managerDN)
    $searchResults = SearchObjects "(&(sAMAccountType=805306368)(!$filterManager)(!$filterDistinguishedName))" $valueToOuDN[$value]
    
    foreach ($searchResult in $searchResults)
    {
        $user = $Context.BindToObjectBySearchResult($searchResult)
        $user.Put("manager", $managerDN)
        $user.SetInfo()
    }
}
Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers