Creating rule-based groups

To make a group rule-based, use the MembershipType property of the IAdmGroup2 interface. You can convert an existing group to rule-based, or create a new group as rule-based right away.

Note that you need to add at least one membership rule and set the membership update schedule before applying the changes.

New group
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service.
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the target container.
$containerDN = "CN=Groups,DC=example,DC=com"
$container = $service.OpenObject("Adaxes://$containerDN", $null, $null, 0)

# Create a rule-based universal distribution group.
[Softerra.Adaxes.Interop.Adsi.ADS_GROUP_TYPE_ENUM]$groupType = "ADS_GROUP_TYPE_UNIVERSAL_GROUP"
$group = $container.Create("group","CN=New Group")
$group.Put("groupType", [int]$groupType)
$group.MembershipType = "ADM_GROUPMEMBERSHIPTYPE_RULEBASED"

# Add a membership rule - include Group owners (Managed by).
$rules = $group.MembershipRules
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_OWNER")
$rule.Exclude = $false
$rules.Add($rule)

# Set the membership update schedule to once every hour.
$recurrencePattern = New-Object "Softerra.Adaxes.Adsi.AdmRecurrencePattern"
$recurrencePattern.RecurrenceType = "ADM_RECURRENCEPATTERNTYPE_HOURLY"
$recurrencePattern.Interval = 1
$group.MembershipUpdateSchedule = $recurrencePattern

# Save the changes and update the members.
$group.MembershipRules = $rules
$group.SetInfo()
$group.UpdateMembershipNow()
Convert group
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service.
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the group and convert it to rule-based.
$groupDN = "CN=My group,OU=Groups,DC=example,DC=onmicrosoft,DC=com"
$group = $service.OpenObject("Adaxes://$groupDN", $null, $null, 0)
$group.MembershipType = "ADM_GROUPMEMBERSHIPTYPE_RULEBASED"

# Add a membership rule - include Group owners (Managed by).
$rules = $group.MembershipRules
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_OWNER")
$rule.Exclude = $false
$rules.Add($rule)

# Set the membership update schedule to once every hour.
$recurrencePattern = New-Object "Softerra.Adaxes.Adsi.AdmRecurrencePattern"
$recurrencePattern.RecurrenceType = "ADM_RECURRENCEPATTERNTYPE_HOURLY"
$recurrencePattern.Interval = 1
$group.MembershipUpdateSchedule = $recurrencePattern

# Save the changes and update the members.
$group.MembershipRules = $rules
$group.SetInfo()
$group.UpdateMembershipNow()

Adding membership rules

Specific objects

The following code sample creates a membership rule that includes the user John Smith.

# The $rules variable refers to a collection of membership rules.

# Create the rule.
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$jsmithDN = "CN=John Smith,CN=Users,DC=example,DC=com"
$jsmith = $service.OpenObject("Adaxes://$jsmithDN", $null, $null, 0)
$rule.Object = $jsmith
$rule.Exclude = $false

# Add the rule to the group.
$rules.Add($rule)

Objects located in OU or container

The following code sample creates a membership rule that includes users located in the Employees organizational unit.

# The $rules variable refers to a collection of membership rules.

# Create the rule.
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER")
$ouDN = "OU=Employees,DC=example,DC=com"
$ou = $service.OpenObject("Adaxes://$ouDN", $null, $null, 0)
$rule.Container = $ou
$rule.Scope = "ADS_SCOPE_SUBTREE"
$rule.Exclude = $false

# Add the rule to the group.
$rules.Add($rule)

Group members

The following code sample creates a membership rule that includes direct and indirect members of the Subcontractors group.

# The $rules variable refers to a collection of membership rules.

# Create the rule.
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_GROUP")
$targetGroupDN = "CN=Subcontractors,OU=Groups,DC=example,DC=onmicrosoft,DC=com"
$targetGroup = $service.OpenObject("Adaxes://$targetGroupDN", $null, $null, 0)
$rule.Group = $targetGroup
$rule.IncludeDirectMembersOnly = $false
$rule.Exclude = $false

# Add the rule to the group.
$rules.Add($rule)

Group owners (Managed by)

The following code sample creates a membership rule that includes all owners of the group.

# The $rules variable refers to a collection of membership rules.

# Create the rule.
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_OWNER")
$rule.Exclude = $false

# Add the rule to the group.
$rules.Add($rule)

Query results

The following code sample creates a membership rule that includes users from the Sales department who are located in the Employees organizational unit.

# The $rules variable refers to a collection of membership rules.

# Create the rule.
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY")
$rule.BaseObjectPath = 
    "Adaxes://example.com/OU=Employees,DC=example,DC=com" # Specify $null to search everywhere
$rule.Exclude = $false
$rule.Scope = "ADS_SCOPE_SUBTREE"

# Set the query criteria.
$criteria = New-AdmCriteria "user" {department -eq "Sales"}
$rule.SetCriteria($criteria)

# Add the rule to the group.
$rules.Add($rule)

Setting the schedule

The following code sample sets the membership update schedule to every 4 hours.

# The $group variable refers to a rule-based group.

$recurrencePattern = New-Object "Softerra.Adaxes.Adsi.AdmRecurrencePattern"
$recurrencePattern.RecurrenceType = "ADM_RECURRENCEPATTERNTYPE_HOURLY"
$recurrencePattern.Interval = 4
$group.MembershipUpdateSchedule = $recurrencePattern

The following code sample sets the membership update schedule to every Monday at 6 AM.

# The $group variable refers to a rule-based group.

$recurrencePattern = New-Object "Softerra.Adaxes.Adsi.AdmRecurrencePattern"
$recurrencePattern.RecurrenceType = "ADM_RECURRENCEPATTERNTYPE_WEEKLY"
$recurrencePattern.DayOfWeekMask = "ADM_DAYSOFWEEK_MONDAY"
$recurrencePattern.PatternStartDateTime = Get-Date -Hour 6 -Minute 0 -Second 0
$group.MembershipUpdateSchedule = $recurrencePattern

For more details about different schedules, see Defining the schedule.

See also

Adding membership rules Specific objects Objects located in OU or container Group members Group owners (Managed by) Query results Setting the schedule
© Softerra 2022. All rights reserved.
Send feedback