Modifying membership rules

The following code sample shows how to include and exclude a specific directory object from a business unit.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the business unit
$businessUnitsPath = $service.Backend.GetConfigurationContainerPath(
    "BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
    $businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
    "CN=My Unit")
$myBusinessUnit = $service.OpenObject($myBusinessUnitAdsPath, $null, $null, 0)

$rules = $myBusinessUnit.GetMembershipRules()

# Include John Smith
$jsmithDN = "CN=John Smith,CN=Users,DC=company,DC=com"
$jsmith = $service.OpenObject("Adaxes://$jsmithDN", $null, $null, 0)
$includeRule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$includeRule.Exclude = $false
$includeRule.Object = $jsmith
$rules.Add($includeRule)

# Exclude Bob Jones
$bjonesDN = "CN=Bob Jones,CN=Users,DC=company,DC=com"
$bjones = $service.OpenObject("Adaxes://$bjonesDN", $null, $null, 0)
$excludeRule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$excludeRule.Exclude = $true
$excludeRule.Object = $bjones
$rules.Add($excludeRule)

$myBusinessUnit.SetMembershipRules($rules)

$myBusinessUnit.SetInfo()

The following code sample shows how to include and exclude members of a group from a business unit.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the business unit
$businessUnitsPath = $service.Backend.GetConfigurationContainerPath(
    "BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
    $businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
    "CN=My Unit")
$myBusinessUnit = $service.OpenObject($myBusinessUnitAdsPath, $null, $null, 0)

$rules = $myBusinessUnit.GetMembershipRules()

# Include members of the 'My Group' group
$groupDN = "CN=My Group,OU=Groups,DC=company,DC=com"
$group = $service.OpenObject("Adaxes://$groupDN", $null, $null, 0)
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_GROUP")
$rule.Exclude = $false
$rule.Group = $group
$rule.IncludeDirectMembersOnly = $false
$rules.Add($rule)

# Exclude members of the 'My Group 2' group
$groupDN = "CN=My Group 2,OU=Groups,DC=company,DC=com"
$group = $service.OpenObject("Adaxes://$groupDN", $null, $null, 0)
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_GROUP")
$rule.Exclude = $true
$rule.Group = $group
$rule.IncludeDirectMembersOnly = $false
$rules.Add($rule)

$myBusinessUnit.SetMembershipRules($rules)

$myBusinessUnit.SetInfo()

The following code sample shows how to include or exclude objects located in a specific organizational unit from a business unit.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the business unit
$businessUnitsPath = $service.Backend.GetConfigurationContainerPath(
    "BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
    $businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
    "CN=My Unit")
$myBusinessUnit = $service.OpenObject($myBusinessUnitAdsPath, $null, $null, 0)

$rules = $myBusinessUnit.GetMembershipRules()

# Include objects located under the the OU
$ouDN = "OU=My Unit,DC=company,DC=com"
$ou = $service.OpenObject("Adaxes://$ouDN", $null, $null, 0)
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER")
$rule.Exclude = $false
$rule.Container = $ou
$rule.Scope = "ADS_SCOPE_SUBTREE"
$rules.Add($rule)

# Exclude objects located under the 'My Unit 2' OU
$ouDN = "OU=My Unit 2,DC=company,DC=com"
$ou = $service.OpenObject("Adaxes://$ouDN", $null, $null, 0)
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER")
$rule.Exclude = $true
$rule.Container = $ou
$rule.Scope = "ADS_SCOPE_SUBTREE"
$rules.Add($rule)

$myBusinessUnit.SetMembershipRules($rules)

$myBusinessUnit.SetInfo()

The following code sample shows how to include or exclude objects that match certain criteria from a business unit.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the business unit
$businessUnitsPath = $service.Backend.GetConfigurationContainerPath(
    "BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
    $businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
    "CN=My Unit")
$myBusinessUnit = $service.OpenObject($myBusinessUnitAdsPath, $null, $null, 0)

$rules = $myBusinessUnit.GetMembershipRules()

# Include users from the 'Sales' department
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY")
$rule.Exclude = $false
$rule.BaseObjectPath = $null 
$rule.Scope = "ADS_SCOPE_SUBTREE"
$criteria = New-AdmCriteria "user" {department -eq "Sales"}
$rule.SetCriteria($criteria)
$rules.Add($rule)

# Exclude users from the 'IT' department
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY")
$rule.Exclude = $true
$rule.BaseObjectPath = $null 
$rule.Scope = "ADS_SCOPE_SUBTREE"
$criteria = New-AdmCriteria "user" {department -eq "IT"}
$rule.SetCriteria($criteria)
$rules.Add($rule)

$myBusinessUnit.SetMembershipRules($rules)

$myBusinessUnit.SetInfo()

See also

• Managing business units
• Binding to Adaxes-specific objects
• Managing Adaxes-specific objects
• IAdmBusinessUnit
• IAdmBusinessUnitSpecificObjectRule
• IAdmBusinessUnitContainerRule
• IAdmBusinessUnitGroupRule
• IAdmBusinessUnitQueryRule
• Online script repository

---