Script repository

Set manager for users in specific OUs

July 01, 2021 Views: 914
Managers and Subordinates

The script finds a user with a specific property value in a specific OU and sets the user as manager of all other accounts in the OU. To execute the script, create a scheduled task configured for the Domain-DNS object type and add a managed domain to the Activity Scope of the task.

Parameters:

  • $propertyName - Specifies the LDAP name of the property whose value wil be checked to determine managers.
  • $valueToOuDN - maps values of the property specified in variable $propertyName with distinguished names (DNs) of the corresponding OUs. For information on how to get an object DN, see Get the DN of a directory object.
Edit Remove
PowerShell
$propertyName = "title" # TODO: modify me
$valueToOuDN = @{
    "Value1" = "OU=Users1,DC=domain,DC=com"
    "Value2" = "OU=Users2,DC=domain,DC=com"
} # TODO: modify me

function SearchObjects($filter, $ouDN)
{
    $searcher = $Context.BindToObjectByDN($ouDN)
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    
    try
    {
        # Execute search
        $searchIterator = $searcher.ExecuteSearch()
        $searchResults = $searchIterator.FetchAll()
        
        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchIterator){ $searchIterator.Dispose() }
    }
}

foreach ($value in $valueToOuDN.Keys)
{
    # Search manager
    $searchResults = SearchObjects "(&(sAMAccountType=805306368)($propertyName=$value))" $valueToOuDN[$value]
    if ($searchResults.Length -eq 0)
    {
        $Context.LogMessage("Manager with value $value not found.", "Warning")
        continue
    }
    elseif ($searchResults.Length -gt 1)
    {
        $Context.LogMessage("Found more than one manager with the following value $value", "Warning")
        continue
    }
    $managerDN = $searchResults[0].Properties["distinguishedName"].Value
    
    # Search users
    $filterManager = [Softerra.Adaxes.Ldap.FilterBuilder]::Create("manager", $managerDN)
    $filterDistinguishedName = [Softerra.Adaxes.Ldap.FilterBuilder]::Create("distinguishedName", $managerDN)
    $searchResults = SearchObjects "(&(sAMAccountType=805306368)(!$filterManager)(!$filterDistinguishedName))" $valueToOuDN[$value]
    
    foreach ($searchResult in $searchResults)
    {
        $user = $Context.BindToObjectBySearchResult($searchResult)
        $user.Put("manager", $managerDN)
        $user.SetInfo()
    }
}
Comments 0
Leave a comment
Related Scripts

Got questions?

Support Questions & Answers