Configuring unmanaged user accounts
Unmanaged user accounts are not displayed in Adaxes environment and are ignored during license validation.
The following code sample excludes a user from the list of user accounts managed by Adaxes.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")
Import-Module Adaxes
# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")
# Bind to the 'Configuration Set Settings' container
$configurationSetSettingsPath = $service.Backend.GetConfigurationContainerPath("ConfigurationSetSettings")
$admConfigurationSetSettings = $service.OpenObject($configurationSetSettingsPath, $null, $null, 0)
$userPrincipalName = "jsmith@domain.com"
$newUnmanagedAccount = Get-AdmUser -Filter {userPrincipalName -like $userPrincipalName} `
-SearchScope Subtree -Server domain.com
$sid = $newUnmanagedAccount.Sid.ToString()
# Check whether the user account is unmanaged.
if (!$admConfigurationSetSettings.IsUnmanagedAccount($sid))
{
$currentUnmanagedAccounts = $admConfigurationSetSettings.GetUnmanagedAccounts(@())
# Fetch user accounts that are already unmanaged
$allUnmanagedSids = @()
foreach($userInfo in $currentUnmanagedAccounts)
{
$allUnmanagedSids += $userInfo.Key
}
# Add a new account to Unmanaged Accounts
$allUnmanagedSids += $sid
$admConfigurationSetSettings.SetUnmanagedAccounts(@($allUnmanagedSids))
}
The following code sample excludes all users located in a specific organizational unit from the list of accounts managed by Adaxes.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")
Import-Module Adaxes
$ouDN = "OU=My OU,DC=domain,DC=com"
$replaceCurrentlyUnmanagedAccounts = $false
# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")
# Bind to the 'Configuration Set Settings' container
$configurationSetSettingsPath = $service.Backend.GetConfigurationContainerPath("ConfigurationSetSettings")
$admConfigurationSetSettings = $service.OpenObject($configurationSetSettingsPath, $null, $null, 0)
$allUnmanagedSids = New-Object "System.Collections.Generic.HashSet[String]"
if (!$replaceCurrentlyUnmanagedAccounts)
{
# Fetch user accounts that are already unmanaged
$currentUnmanagedAccounts = $admConfigurationSetSettings.GetUnmanagedAccounts(@())
foreach ($userInfo in $currentUnmanagedAccounts)
{
$allUnmanagedSids.Add($userInfo.Key) | Out-Null
}
}
# Find all users under the given OU
$ouUsers = Get-AdmUser -Filter "*" -SearchBase $ouDN -SearchScope Subtree -Server domain.com
if ($ouUsers -ne $null)
{
foreach ($user in $ouUsers)
{
$allUnmanagedSids.Add($user.Sid.ToString()) | Out-Null
}
}
$admConfigurationSetSettings.SetUnmanagedAccounts(@($allUnmanagedSids))