For all the groups owned (Managed By property) by the target user, the script changes the owner to the manager of the user. The script can be executed in custom commands, business rules and scheduled tasks configured for the User object type.
If the $pipelined variable is set to $True, owner updates will be passed through Adaxes pipeline to apply configured workflows (e.g. trigger corresponding business rules, create a log record in Adaxes for each update).
PowerShell
$pipelined = $True # TODO: modify me
# Get user manager
try
{
$managerDN = $Context.TargetObject.Get("manager")
}
catch
{
$Context.LogMessage("User %fullname% does not have a manager.", "Warning")
return
}
# Build criteria
$criteria = New-AdmCriteria "group"
# Search parameters
$searcher = $Context.TargetObject
$searcher.Criteria = $criteria
$searcher.SearchScope = "ADS_SCOPE_BASE"
$searcher.PageSize = 500
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.AttributeScopeQuery = "managedObjects"
try
{
# Execute search
$searchResultIterator = $searcher.ExecuteSearch()
$searchResults = $searchResultIterator.FetchAll()
if ($searchResults.Length -eq 0)
{
$Context.LogMessage("User %fullname% does not own any groups.", "Warning")
return
}
foreach ($searchResult in $searchResults)
{
$group = $Context.BindToObjectBySearchResultEx($searchResult, $pipelined)
$group.Put("managedBy", $managerDN)
$group.SetInfo()
}
}
finally
{
# Release resources
if ($searchResultIterator){ $searchResultIterator.Dispose() }
}