Configuring unmanaged user accounts

Unmanaged user accounts are not displayed in Adaxes environment and are ignored during license validation.

The following code sample excludes a user from the list of user accounts managed by Adaxes.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi") 
Import-Module Adaxes

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace" 
$service = $ns.GetServiceDirectly("localhost")

# Bind to the 'Configuration Set Settings' container
$configurationSetSettingsPath = $service.Backend.GetConfigurationContainerPath("ConfigurationSetSettings")
$admConfigurationSetSettings = $service.OpenObject($configurationSetSettingsPath, $null, $null, 0)

$userPrincipalName = "jsmith@domain.com"
$newUnmanagedAccount = Get-AdmUser -Filter {userPrincipalName -like $userPrincipalName} `
    -SearchScope Subtree  -Server domain.com
$sid = $newUnmanagedAccount.Sid.ToString()

# Check whether the user account is unmanaged.
if (!$admConfigurationSetSettings.IsUnmanagedAccount($sid))
{
    $currentUnmanagedAccounts = $admConfigurationSetSettings.GetUnmanagedAccounts(@())
    
    # Fetch user accounts that are already unmanaged
    $allUnmanagedSids = @()
    foreach($userInfo in $currentUnmanagedAccounts)
    {
        $allUnmanagedSids += $userInfo.Key
    }
    # Add a new account to Unmanaged Accounts
    $allUnmanagedSids += $sid
    
    $admConfigurationSetSettings.SetUnmanagedAccounts(@($allUnmanagedSids))
}

The following code sample excludes all users located in a specific organizational unit from the list of accounts managed by Adaxes.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi") 
Import-Module Adaxes

$ouDN = "OU=My OU,DC=domain,DC=com"
$replaceCurrentlyUnmanagedAccounts = $false

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the 'Configuration Set Settings' container
$configurationSetSettingsPath = $service.Backend.GetConfigurationContainerPath("ConfigurationSetSettings")
$admConfigurationSetSettings = $service.OpenObject($configurationSetSettingsPath, $null, $null, 0)
     
$allUnmanagedSids = New-Object "System.Collections.Generic.HashSet[String]"

if (!$replaceCurrentlyUnmanagedAccounts)
{
    # Fetch user accounts that are already unmanaged
    $currentUnmanagedAccounts = $admConfigurationSetSettings.GetUnmanagedAccounts(@())
    foreach ($userInfo in $currentUnmanagedAccounts)
    {
        $allUnmanagedSids.Add($userInfo.Key) | Out-Null
    }
}

# Find all users under the given OU
$ouUsers = Get-AdmUser -Filter "*" -SearchBase $ouDN -SearchScope Subtree  -Server domain.com
if ($ouUsers -ne $null)
{
    foreach ($user in $ouUsers)
    {
        $allUnmanagedSids.Add($user.Sid.ToString()) | Out-Null
    }
}

$admConfigurationSetSettings.SetUnmanagedAccounts(@($allUnmanagedSids))

See also