The script finds a user with a specific property value in a specific OU and sets the user as manager of all other accounts in the OU. To execute the script, create a scheduled task configured for the Domain-DNS object type and add a managed domain to the Activity Scope of the task.
Parameters:
- $propertyName - Specifies the LDAP name of the property whose value wil be checked to determine managers.
- $valueToOuDN - maps values of the property specified in variable $propertyName with distinguished names (DNs) of the corresponding OUs. For information on how to get an object DN, see Get the DN of a directory object.
PowerShell
$propertyName = "title" # TODO: modify me
$valueToOuDN = @{
"Value1" = "OU=Users1,DC=domain,DC=com"
"Value2" = "OU=Users2,DC=domain,DC=com"
} # TODO: modify me
function SearchObjects($filter, $ouDN)
{
$searcher = $Context.BindToObjectByDN($ouDN)
$searcher.SearchFilter = $filter
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
try
{
# Execute search
$searchIterator = $searcher.ExecuteSearch()
$searchResults = $searchIterator.FetchAll()
return ,$searchResults
}
finally
{
# Release resources
if ($searchIterator){ $searchIterator.Dispose() }
}
}
foreach ($value in $valueToOuDN.Keys)
{
# Search manager
$searchResults = SearchObjects "(&(sAMAccountType=805306368)($propertyName=$value))" $valueToOuDN[$value]
if ($searchResults.Length -eq 0)
{
$Context.LogMessage("Manager with value $value not found.", "Warning")
continue
}
elseif ($searchResults.Length -gt 1)
{
$Context.LogMessage("Found more than one manager with the following value $value", "Warning")
continue
}
$managerDN = $searchResults[0].Properties["distinguishedName"].Value
# Search users
$filterManager = [Softerra.Adaxes.Ldap.FilterBuilder]::Create("manager", $managerDN)
$filterDistinguishedName = [Softerra.Adaxes.Ldap.FilterBuilder]::Create("distinguishedName", $managerDN)
$searchResults = SearchObjects "(&(sAMAccountType=805306368)(!$filterManager)(!$filterDistinguishedName))" $valueToOuDN[$value]
foreach ($searchResult in $searchResults)
{
$user = $Context.BindToObjectBySearchResult($searchResult)
$user.Put("manager", $managerDN)
$user.SetInfo()
}
}