We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script repository

Update user picture in resource domain

February 16, 2021 Views: 698

The script updates a user picture in the resource domain after it is changed in the primary domain. To use the script, create a business rule triggering After updating a user. The Activity Scope of the rule should include only users located in the primary domain. If secdondary account update fails, an email notification will be sent to the email address of the primary account.

For the script to work, the user must have the same username (LDAP name sAMAccountName) or Full Name (LDAP name cn) in the primary and secondary domains.

Paramerter:

  • $domainDN - Specifies the distinguished name (DN) of the secondary domain to update user picture in. For information on how to get an object DN, see Get the DN of a directory object.
  • $subject - Specifies the subject of the email notification that will be sent to the user in case if secondary account update fails.
  • $text - Specifies the text of the email notification that will be sent to the user in case if secondary account update fails.
Edit Remove
PowerShell
$domainDN = "DC=domain,DC=com" # TODO: modify me
$subject = "Your Picture Update Was Unsuccessful" # TODO: modify me
$text = @"
Dear %fullname%,
Your picture update process was unsuccessful.
"@ # TODO: modify me

# Search user account in the resource domain
try
{
    $searcher = $Context.BindToObjectByDN($domainDN)
    $searcher.SearchFilter = "(&(sAMAccountType=805306368)(|(sAMAccountName=%username%)(cn=%fullname%)))"
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.SizeLimit = 2

    # Execute search
    $searchResultIterator = $searcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()

    if ($searchResults.Length -eq 0)
    {
        $Context.LogMessage("User %fullname% has no account in the secondary domain.", "Warning")
        return
    }
    elseif ($searchResults.Length -gt 1)
    {
        $Context.LogMessage("Found more than one account for user %fullname% in the secondary domain", "Warning")
        return
    }

    # Set the photo
    $user = $Context.BindToObject($searchResults[0].AdsPath)
    try
    {
        $picture = [byte[]]$Context.TargetObject.Get("thumbnailPhoto")
    }
    catch
    {
        # No photo
        $picture = $NULL
    }
    
    $user.Put("thumbnailPhoto", $picture)
    $user.SetInfo()
}
catch
{
    # Send mail
    $Context.SendMail("%mail%", $subject, $text, $NULL)
}
finally
{
    # Release resources
    $searchResultIterator.Dispose()
}
Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers