Managing business units

This article describes how to manage business units using PowerShell scripts and C# code. The code samples included in this article can be used in stand-alone scripts and applications as well as in PowerShell scripts executed by business rules, custom commands, and scheduled tasks.

Creating a business unit

To create a business unit, first you need to bind to the container where you want to create it. All container objects support the IADsContainer interface, using which you can create, delete, and enumerate child objects. To create a new business unit, you need to call the Create method of the interface and pass adm-BusinessUnit as the first parameter of the method and the relative distinguished name (RDN) of the new business unit as the second parameter. The object returned by the Create method will support the IAdmBusinessUnit interface, using which you can define membership rules for the business unit. To save a new business unit, call IADs::SetInfo.

The following code sample creates a business unit.

PowerShell
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the 'Business Units' container
$businessUnitsPath = $service.Backend.GetConfigurationContainerPath(
    "BusinessUnits")
$businessUnitsContainer = $service.OpenObject($businessUnitsPath,
    $null, $null, 0)

# Create a new business unit
$unit = $businessUnitsContainer.Create("adm-BusinessUnit", "CN=My Unit")
$unit.Description = "My description"

$rules = $unit.GetMembershipRules()
# [TODO] define membership rules
$unit.SetMembershipRules($rules)

# Save the business unit*
$unit.SetInfo()
C#
using System;
using Interop.Adsi;
using Interop.Adsi.BusinessUnits;
using Softerra.Adaxes.Adsi;
using Softerra.Adaxes.Interop.Adsi.PersistentObjects;
class Program
{
    static void Main(string[] args)
    {
        // Connect to the Adaxes service
        AdmNamespace ns = new AdmNamespace();
        IAdmService service = ns.GetServiceDirectly("localhost");

        // Bind to the 'Business Units' container
        string businessUnitsPath = service.Backend.GetConfigurationContainerPath(
            "BusinessUnits");
        IADsContainer businessUnitsContainer = (IADsContainer)service.OpenObject(
            businessUnitsPath, null, null, 0);

        // Create a new business unit
        IAdmBusinessUnit unit = (IAdmBusinessUnit)businessUnitsContainer.Create(
            "adm-BusinessUnit", "CN=My Unit");
        unit.Description = "My description";

        IAdmBusinessUnitMembershipRules rules = unit.GetMembershipRules();
        // [TODO] define membership rules
        unit.SetMembershipRules(rules);

        // Save the business unit
        unit.SetInfo();
    }
}

If your script is executed by a business rule, custom command or scheduled task, you can use a predefined PowerShell variable $Context to get the ADS path of the business units container and bind to the container.

# Bind to the 'Business Units' container
$businessUnitsPath = $Context.GetWellKnownContainerPath("BusinessUnits")
$businessUnitsContainer = $Context.BindToObject($businessUnitsPath)

# Create a new business unit
$unit = $businessUnitsContainer.Create("adm-BusinessUnit", "CN=My Unit")
$unit.Description = "My description"

$rules = $unit.GetMembershipRules()
# [TODO] define membership rules
$unit.SetMembershipRules($rules)

# Save the business unit
$unit.SetInfo()
 How to create a business unit in a specific container

The following code sample creates a business unit in the container called My Container.

PowerShell
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the 'Business Units' container
$businessUnitsPath = $service.Backend.GetConfigurationContainerPath(
    "BusinessUnits")
# Build the ADS path of the child container 'My Container'
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath"`
    $businessUnitsPath
$myContainerAdsPath = $businessUnitsPathObj.CreateChildPath("CN=My Container")

$myContainer = $service.OpenObject($myContainerAdsPath, $null, $null, 0)

# Create a new business unit
$unit = $myContainer.Create("adm-BusinessUnit", "CN=My Unit")
$unit.Description = "My description"

$rules = $unit.GetMembershipRules()
# [TODO] define membership rules
$unit.SetMembershipRules($rules)

# Save the business unit
$unit.SetInfo()
C#
using System;
using Interop.Adsi;
using Interop.Adsi.BusinessUnits;
using Softerra.Adaxes.Adsi;
using Softerra.Adaxes.Interop.Adsi.PersistentObjects;
class Program
{
    static void Main(string[] args)
    {
        // Connect to the Adaxes service
        AdmNamespace ns = new AdmNamespace();
        IAdmService service = ns.GetServiceDirectly("localhost");

        // Bind to the 'Business Units' container
        string businessUnitsPath = service.Backend.GetConfigurationContainerPath(
            "BusinessUnits");
        // Build the ADS path of the child container 'My Container'
        AdsPath businessUnitsPathObj = new AdsPath(businessUnitsPath);
        AdsPath myContainerAdsPath = businessUnitsPathObj.CreateChildPath(
            "CN=My Container");

        IADsContainer myContainer = (IADsContainer)service.OpenObject(
            myContainerAdsPath.ToString(), null, null, 0);

        // Create a new business unit
        IAdmBusinessUnit unit = (IAdmBusinessUnit)myContainer.Create(
            "adm-BusinessUnit", "CN=My Unit");
        unit.Description = "My description";

        IAdmBusinessUnitMembershipRules rules = unit.GetMembershipRules();
        // [TODO] define membership rules
        unit.SetMembershipRules(rules);

        // Save the business unit
        unit.SetInfo();
    }
}

For information on how to create containers for business units, see Creating business unit containers.

Modifying a business unit

To modify an existing business unit, first you need to bind to the directory object representing the business unit. For more information on how to bind to Adaxes-specific objects, see Binding to Adaxes-specific objects.

After you've bound to a business unit object, you can use ADSI interfaces like IAdmBusinessUnit and IADs to modify the Business
Unit.

The following code sample binds to an existing business unit located in container My Container and deletes all membership rules of the business unit.

PowerShell
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Build the ADS path of the business unit
$businessUnitsPath = $service.Backend.GetConfigurationContainerPath(
    "BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
    $businessUnitsPath
$myContainerPathObj = $businessUnitsPathObj.CreateChildPath(
    "CN=My Container")
$unitPath = $myContainerPathObj.CreateChildPath("CN=My Unit")

$unit = $service.OpenObject($unitPath.ToString(),
    $null, $null, 0)

# Delete membership rules
$rules = $unit.GetMembershipRules()
$rules.Clear()
$unit.SetMembershipRules($rules)

# Save the changes
$unit.SetInfo()
C#
using System;
using Interop.Adsi.BusinessUnits;
using Softerra.Adaxes.Adsi;
using Softerra.Adaxes.Interop.Adsi.PersistentObjects;
class Program
{
    static void Main(string[] args)
    {
        AdmNamespace ns = new AdmNamespace();
        IAdmService service = ns.GetServiceDirectly("localhost");

        // Build the ADS path of the business unit
        string businessUnitsPath = service.Backend.GetConfigurationContainerPath(
            "BusinessUnits");
        AdsPath businessUnitsPathObj = new AdsPath(businessUnitsPath);
        AdsPath myContainerPathObj = businessUnitsPathObj.CreateChildPath(
            "CN=My Container");
        AdsPath unitPath = myContainerPathObj.CreateChildPath("CN=My Unit");

        IAdmBusinessUnit unit =
            (IAdmBusinessUnit)service.OpenObject(unitPath.ToString(),
                null, null, 0);

        // Delete membership rules
        IAdmBusinessUnitMembershipRules rules = unit.GetMembershipRules();
        rules.Clear();
        unit.SetMembershipRules(rules);

        // Save the changes
        unit.SetInfo();
    }
}

Defining membership rules

Membership of a business unit is determined by membership rules that allow including objects that correspond to certain search criteria, members of groups, child objects of Organizational Units, etc.

To get the membership rules of a business unit, call the GetMembershipRules method of the IAdmBusinessUnit interface. Membership rules are represented by the IAdmBusinessUnitMembershipRules interface, using which you can create, modify, and enumerate membership rules.

To create a new membership rule, call the Create method of the IAdmBusinessUnitMembershipRules interface and pass the membership rule type as the parameter of the method. For a list of possible membership rule types, see the ADM_BUSINESSUNITMEMBERSHIPTYPE_ENUM enumeration.

The object returned by the Create method will support the IAdmBusinessUnitMembershipRule interface and one of its derivatives specific to the membership rule type.

The table below shows which interfaces are supported by different membership rule types.

What is Included or Excluded Membership Rule Type Interface
Specific Objects ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC IAdmBusinessUnitSpecificObjectRule
Group Members ADM_BUSINESSUNITMEMBERSHIPTYPE_GROUP IAdmBusinessUnitGroupRule
Container Children ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER IAdmBusinessUnitContainerRule
Query Results ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY IAdmBusinessUnitQueryRule

To add a membership rule to the collection of membership rules, call the Add method of the IAdmBusinessUnitMembershipRules interface.

To set a collection of membership rules to a business unit, call the SetMembershipRules method of the business unit object, and then call the SetInfo method to save the changes.

Example 1 – Include user John Smith and exclude user Bob Jones

PowerShell
# The $unit variable refers to a business unit

$rules = $unit.GetMembershipRules()

# Include John Smith
$jsmithDN = "CN=John Smith,CN=Users,DC=company,DC=com"
$jsmith = $service.OpenObject("Adaxes://$jsmithDN", $null, $null, 0)
$includeRule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$includeRule.Exclude = $false
$includeRule.Object = $jsmith
$rules.Add($includeRule)

# Exclude Bob Jones
$bjonesDN = "CN=Bob Jones,CN=Users,DC=company,DC=com"
$bjones = $service.OpenObject("Adaxes://$bjonesDN", $null, $null, 0)
$excludeRule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$excludeRule.Exclude = $true
$excludeRule.Object = $bjones
$rules.Add($excludeRule)

$unit.SetMembershipRules($rules)

# Save the changes
$unit.SetInfo()
C#
// The unit variable refers to a business unit

IAdmBusinessUnitMembershipRules rules = unit.GetMembershipRules();

// Include John Smith
const string jsmithDN = "CN=John Smith,CN=Users,DC=company,DC=com";
IAdmTop jsmith = (IAdmTop)service.OpenObject(
"Adaxes://" + jsmithDN, null, null, 0);

IAdmBusinessUnitSpecificObjectRule includeRule =
    (IAdmBusinessUnitSpecificObjectRule)rules.Create(
        ADM_BUSINESSUNITMEMBERSHIPTYPE_ENUM.ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC);
includeRule.Exclude = false;
includeRule.Object = jsmith;
rules.Add(includeRule);

// Exclude Bob Jones
const string bjonesDN = "CN=Bob Jones,CN=Users,DC=company,DC=com";
IAdmTop bjones = (IAdmTop)service.OpenObject(
"Adaxes://" + bjonesDN, null, null, 0);
IAdmBusinessUnitSpecificObjectRule excludeRule =
    (IAdmBusinessUnitSpecificObjectRule)rules.Create(
        ADM_BUSINESSUNITMEMBERSHIPTYPE_ENUM.ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC);
excludeRule.Exclude = true;
excludeRule.Object = bjones;
rules.Add(excludeRule);

unit.SetMembershipRules(rules);

// Save the changes
unit.SetInfo();

Example 2 – Include members of the My Group group

PowerShell
# The $unit variable refers to a business unit

$rules = $unit.GetMembershipRules()

$groupDN = "CN=My Group,OU=Groups,DC=company,DC=com"
$group = $service.OpenObject("Adaxes://$groupDN", $null, $null, 0)

$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_GROUP")
$rule.Exclude = $false
$rule.Group = $group
$rule.IncludeDirectMembersOnly = $false
$rules.Add($rule)

$unit.SetMembershipRules($rules)

# Save the changes
$unit.SetInfo()
C#
// The unit variable refers to a business unit

IAdmBusinessUnitMembershipRules rules = unit.GetMembershipRules();

const string groupDN = "CN=My Group,OU=Groups,DC=company,DC=com";
IAdmGroup group = (IAdmGroup)service.OpenObject(
"Adaxes://" + groupDN, null, null, 0);

IAdmBusinessUnitGroupRule rule = (IAdmBusinessUnitGroupRule)rules.Create(
    ADM_BUSINESSUNITMEMBERSHIPTYPE_ENUM.ADM_BUSINESSUNITMEMBERSHIPTYPE_GROUP);
rule.Exclude = false;
rule.Group = group;
rule.IncludeDirectMembersOnly = false;
rules.Add(rule);

unit.SetMembershipRules(rules);

// Save the changes
unit.SetInfo();

Example 3 – Include child objects of the Organizational Unit called My Unit

PowerShell
# The $unit variable refers to a business unit

$rules = $unit.GetMembershipRules()

$ouDN = "OU=My Unit,DC=company,DC=com"
$ou = $service.OpenObject("Adaxes://$ouDN", $null, $null, 0)

$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER")
$rule.Exclude = $false
$rule.Container = $ou
$rule.Scope = "ADS_SCOPE_SUBTREE"
$rules.Add($rule)

$unit.SetMembershipRules($rules)

# Save the changes
$unit.SetInfo()
C#
IAdmBusinessUnitMembershipRules rules = unit.GetMembershipRules();

const string ouDN = "OU=My Unit,DC=company,DC=com";
IADsContainer ou = (IADsContainer)service.OpenObject(
"Adaxes://" + ouDN, null, null, 0);

IAdmBusinessUnitContainerRule rule = (IAdmBusinessUnitContainerRule)rules.Create(
    ADM_BUSINESSUNITMEMBERSHIPTYPE_ENUM.ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER);
rule.Exclude = false;
rule.Container = ou;
rule.Scope = ADS_SCOPEENUM.ADS_SCOPE_SUBTREE;
rules.Add(rule);

unit.SetMembershipRules(rules);

// Save the changes
unit.SetInfo();

Example 4 – Include all users whose department is set to Sales

PowerShell
# The $unit variable refers to a business unit

$rules = $unit.GetMembershipRules()

$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY")
$rule.Exclude = $false
$rule.BaseObjectPath = $null # search in all managed domains
$rule.Scope = "ADS_SCOPE_SUBTREE"

$criteria = New-AdmCriteria "user" {department -eq "Sales"}
$rule.SetCriteria($criteria)
$rules.Add($rule)

$unit.SetMembershipRules($rules)

# Save the changes
$unit.SetInfo()
C#
// The unit variable refers to a business unit

IAdmBusinessUnitMembershipRules rules = unit.GetMembershipRules();

IAdmBusinessUnitQueryRule rule = (IAdmBusinessUnitQueryRule)rules.Create(
    ADM_BUSINESSUNITMEMBERSHIPTYPE_ENUM.ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY);
rule.BaseObjectPath = null; // search in all managed domains
rule.Exclude = false;
rule.Scope = ADS_SCOPEENUM.ADS_SCOPE_SUBTREE;

Criteria criteria = new();
criteria.AddType("user", new SimpleCriteriaItem()
{
    Property = "department",
    Operator = "eq",
    Values = { "Sales" }
});
rule.SetCriteria(criteria);
rules.Add(rule);

unit.SetMembershipRules(rules);

// Save the changes
unit.SetInfo();

Defining membership rules using templates

By using value references in membership rules, you can create dynamic business units that will have different members for different users. Before building a list of business unit members, Adaxes will replace value references contained in membership rules with corresponding properties of the logged in user account. As a result, membership rule parameters will be different depending on who is logged in.

Value references in business units are processed only when viewing business unit members and in security role assignments.

Example 1 – Include the user's manager and exclude the user itself

PowerShell
# The $unit variable refers to a business unit

$rules = $unit.GetMembershipRules()

# Include the user's manager
$includeRule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$includeRule.ObjectDnTemplate = "%manager%"
$includeRule.Exclude = $false
$rules.Add($includeRule)

# Exclude the user's account
$excludeRule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$excludeRule.ObjectDnTemplate = "%distinguishedName%"
$excludeRule.Exclude = $true
$rules.Add($excludeRule)

$unit.SetMembershipRules($rules)

# Save the changes
$unit.SetInfo()
C#
// The unit variable refers to a business unit

IAdmBusinessUnitMembershipRules rules = unit.GetMembershipRules();

// Include the user's manager
IAdmBusinessUnitSpecificObjectRule includeRule =
    (IAdmBusinessUnitSpecificObjectRule)rules.Create(
        ADM_BUSINESSUNITMEMBERSHIPTYPE_ENUM.ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC);
includeRule.ObjectDnTemplate = "%manager%";
includeRule.Exclude = false;
rules.Add(includeRule);

// Exclude the user's account
IAdmBusinessUnitSpecificObjectRule excludeRule =
    (IAdmBusinessUnitSpecificObjectRule)rules.Create(
        ADM_BUSINESSUNITMEMBERSHIPTYPE_ENUM.ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC);
excludeRule.ObjectDnTemplate = "%distinguishedName%";
excludeRule.Exclude = true;
rules.Add(excludeRule);

unit.SetMembershipRules(rules);

// Save the changes
unit.SetInfo();

Example 2 – Include members of group Managers located in the Organizational Unit with the same name as the user's company name

PowerShell
# The $unit variable refers to a business unit

$rules = $unit.GetMembershipRules()

$groupDnTemplate = "CN=Managers,OU=%company%,DC=domain,DC=com"

$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_GROUP")
$rule.GroupDnTemplate = $groupDnTemplate
$rule.Exclude = $false
$rule.IncludeDirectMembersOnly = $false
$rules.Add($rule)

$unit.SetMembershipRules($rules)

# Save the changes
$unit.SetInfo()
C#
// The unit variable refers to a business unit

IAdmBusinessUnitMembershipRules rules = unit.GetMembershipRules();

const string groupDnTemplate = "CN=Managers,OU=%company%,DC=domain,DC=com";

IAdmBusinessUnitGroupRule rule = (IAdmBusinessUnitGroupRule)rules.Create(
    ADM_BUSINESSUNITMEMBERSHIPTYPE_ENUM.ADM_BUSINESSUNITMEMBERSHIPTYPE_GROUP);
rule.GroupDnTemplate = groupDnTemplate;
rule.Exclude = false;
rule.IncludeDirectMembersOnly = false;
rules.Add(rule);

unit.SetMembershipRules(rules);

// Save the changes
unit.SetInfo();

Example 3 – Include objects located in the user's Organizational Unit

PowerShell
# The $unit variable refers to a business unit

$rules = $unit.GetMembershipRules()

$ouDnTemplate = "%adm-ParentDN%"

$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER")
$rule.ContainerDnTemplate = $ouDnTemplate
$rule.Exclude = $false
$rule.Scope = "ADS_SCOPE_SUBTREE"
$rules.Add($rule)

$unit.SetMembershipRules($rules)

# Save the changes
$unit.SetInfo()
C#
// The unit variable refers to a business unit

IAdmBusinessUnitMembershipRules rules = unit.GetMembershipRules();

const string ouDnTemplate = "%adm-ParentDN%";

IAdmBusinessUnitContainerRule rule = (IAdmBusinessUnitContainerRule)rules.Create(
    ADM_BUSINESSUNITMEMBERSHIPTYPE_ENUM.ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER);
rule.ContainerDnTemplate = ouDnTemplate;
rule.Exclude = false;
rule.Scope = ADS_SCOPEENUM.ADS_SCOPE_SUBTREE;
rules.Add(rule);

unit.SetMembershipRules(rules);

// Save the changes
unit.SetInfo();

Example 4 – Include users whose department is the same as the department of the logged in user and located in the user's domain

PowerShell
# The $unit variable refers to a business unit

$rules = $unit.GetMembershipRules()

$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY")
$rule.BaseObjectDnTemplate = "%adm-DomainDN%"
$rule.Exclude = $false
$rule.Scope = "ADS_SCOPE_SUBTREE"

$criteria = New-AdmCriteria "user" {department -eq "%department%"}
$rule.SetCriteria($criteria)
$rules.Add($rule)

$unit.SetMembershipRules($rules)

# Save the changes
$unit.SetInfo()
C#
// The unit variable refers to a business unit

IAdmBusinessUnitMembershipRules rules = unit.GetMembershipRules();

IAdmBusinessUnitQueryRule rule = (IAdmBusinessUnitQueryRule)rules.Create(
    ADM_BUSINESSUNITMEMBERSHIPTYPE_ENUM.ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY);
rule.BaseObjectDnTemplate = "%adm-DomainDN%";
rule.Exclude = false;
rule.Scope = ADS_SCOPEENUM.ADS_SCOPE_SUBTREE;

Criteria criteria = new();
criteria.AddType("user", new SimpleCriteriaItem()
{
    Property = "department",
    Operator = "eq",
    Values = { "%department%" }
});
rule.SetCriteria(criteria);
rules.Add(rule);

unit.SetMembershipRules(rules);

// Save the changes
unit.SetInfo();

Getting business unit members

To get the members of a business unit, you need to bind to the business unit object and call the IAdmBusinessUnit::Members method of the object. Business unit members are represented by the IAdmBusinessUnitMembers interface.

To get a specific member, call the IAdmBusinessUnitMembers::GetObject method. The interfaces supported by the ADSI object representing a member will depend on the object type of the member. To get the type of a directory object, use the Class property of the IADs interface. All object types support the IADs and IAdmTop interfaces. User objects support the IADsUser interface, group objects support the IADsGroup interface. For more information, see Interfaces supported by directory objects.

The following code sample outputs information about users that are members of a business unit.

PowerShell
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$unitName = "My Unit"
$containerName = "My Container" # Set to $null if the business unit
                                # is located in the root container
# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Build the ADS path of the business unit
$businessUnitsPath = $service.Backend.GetConfigurationContainerPath(
"BusinessUnits")
$pathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
$businessUnitsPath
if ($containerName -ne $null)
{
    $pathObj = $pathObj.CreateChildPath("CN=$containerName")
}
$pathObj = $pathObj.CreateChildPath("CN=$unitName")

# Bind to the business unit
$unit = $service.OpenObject($pathObj.ToString(), $null, $null, 0)

$members = $unit.Members()
for ($i = 0; $i -lt $members.Count; $i++)
{
    $member = $members.GetObject($i)
    if (-not($member.Class -ieq "user"))
    {
        continue # we output user accounts only
    }

    $name = $member.Get("name")
    $username = $member.Get("userPrincipalName")
    $dn = $member.Get("distinguishedName")
    if ($member.AccountDisabled)
    {
        $status = "disabled"
    }
    else
    {
        $status =  "enabled"
    }

    $expirationDate = $member.AccountExpirationDate.ToShortDateString()

    $info = @"
        Name: $name
        Username: $username
        DN: $dn
        Account Status: $status
        Expiration Date: $expirationDate
    "@
    Write-Host $info
}
C#
using System;
using Interop.Adsi;
using Interop.Adsi.BusinessUnits;
using Softerra.Adaxes.Adsi;
using Softerra.Adaxes.Interop.Adsi.PersistentObjects;
class Program
{
static void Main(string[] args)
{
    const string unitName = "My Unit";
    const string containerName = "My Container"; // Set to null if the
                                                // business unit is located
                                                // in the root container
    // Connect to the Adaxes service
    AdmNamespace ns = new AdmNamespace();
    IAdmService service = ns.GetServiceDirectly("localhost");

    // Build the ADS path of the business unit
    string businessUnitsPath = service.Backend.GetConfigurationContainerPath(
        "BusinessUnits");
    AdsPath pathObj = new AdsPath(businessUnitsPath);
    if (!string.IsNullOrEmpty(containerName))
    {
        pathObj = pathObj.CreateChildPath("CN=" + containerName);
    }
    pathObj = pathObj.CreateChildPath("CN=" + unitName);

    // Bind to the business unit
    IAdmBusinessUnit unit =
        (IAdmBusinessUnit)service.OpenObject(pathObj.ToString(),
            null, null, 0);

    IAdmBusinessUnitMembers members = unit.Members();
    for (int i = 0; i < members.Count; i++)
    {
        IADs member = members.GetObject(i);
        if (!StringComparer.OrdinalIgnoreCase.Equals(member.Class, "user"))
        {
            continue; // we output user accounts only
        }

        IADsUser user = (IADsUser)member;

        string name = (string)user.Get("name");
        string username = (string)user.Get("userPrincipalName");
        string dn = (string)user.Get("distinguishedName");
        string status = user.AccountDisabled ? "disabled" : "enabled";
        string expirationDate = user.AccountExpirationDate.ToShortDateString();

        string info = string.Format(
            "Name: {0}\n" +
            "Username: {1}\n" +
            "DN: {2}\n" +
            "Account Status: {3}\n" +
            "Expiration Date: {4}\n",
            name, username, dn, status, expirationDate);
        Console.WriteLine(info);
    }
}
}

To determine whether a user is a member of a business unit, use the IAdmBusinessUnit::IsMember method.

See also

© Softerra 2022. All rights reserved.
Send feedback