Modifying membership rules
The following code sample shows how to include and exclude a specific AD object from a business unit.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")
# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")
# Bind to the business unit
$businessUnitsPath = $admService.Backend.GetConfigurationContainerPath(
"BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
$businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
"CN=My Unit")
$myBusinessUnit = $admService.OpenObject($myBusinessUnitAdsPath, $NULL, $NULL, 0)
$rules = $myBusinessUnit.GetMembershipRules()
# Include John Smith
$jsmithDN = "CN=John Smith,CN=Users,DC=company,DC=com"
$jsmith = $admService.OpenObject("Adaxes://$jsmithDN", $NULL, $NULL, 0)
$includeRule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$includeRule.Exclude = $False
$includeRule.Object = $jsmith
$rules.Add($includeRule)
# Exclude Bob Jones
$bjonesDN = "CN=Bob Jones,CN=Users,DC=company,DC=com"
$bjones = $admService.OpenObject("Adaxes://$bjonesDN", $NULL, $NULL, 0)
$excludeRule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$excludeRule.Exclude = $True
$excludeRule.Object = $bjones
$rules.Add($excludeRule)
$myBusinessUnit.SetMembershipRules($rules)
$myBusinessUnit.SetInfo()
The following code sample shows how to include and exclude members ofa group from a business unit.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")
# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")
# Bind to the business unit
$businessUnitsPath = $admService.Backend.GetConfigurationContainerPath(
"BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
$businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
"CN=My Unit")
$myBusinessUnit = $admService.OpenObject($myBusinessUnitAdsPath, $NULL, $NULL, 0)
$rules = $myBusinessUnit.GetMembershipRules()
# Include members of the 'My Group' group
$groupDN = "CN=My Group,OU=Groups,DC=company,DC=com"
$group = $admService.OpenObject("Adaxes://$groupDN", $NULL, $NULL, 0)
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_GROUP")
$rule.Exclude = $False
$rule.Group = $group
$rule.IncludeDirectMembersOnly = $False
$rules.Add($rule)
# Exclude members of the 'My Group 2' group
$groupDN = "CN=My Group 2,OU=Groups,DC=company,DC=com"
$group = $admService.OpenObject("Adaxes://$groupDN", $NULL, $NULL, 0)
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_GROUP")
$rule.Exclude = $True
$rule.Group = $group
$rule.IncludeDirectMembersOnly = $False
$rules.Add($rule)
$myBusinessUnit.SetMembershipRules($rules)
$myBusinessUnit.SetInfo()
The following code sample shows how to include or exclude objects located under a specific Organizational Unit from a business unit.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")
# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")
# Bind to the business unit
$businessUnitsPath = $admService.Backend.GetConfigurationContainerPath(
"BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
$businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
"CN=My Unit")
$myBusinessUnit = $admService.OpenObject($myBusinessUnitAdsPath, $NULL, $NULL, 0)
$rules = $myBusinessUnit.GetMembershipRules()
# Include objects located under the the OU
$ouDN = "OU=My Unit,DC=company,DC=com"
$ou = $admService.OpenObject("Adaxes://$ouDN", $NULL, $NULL, 0)
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER")
$rule.Exclude = $False
$rule.Container = $ou
$rule.Scope = "ADS_SCOPE_SUBTREE"
$rules.Add($rule)
# Exclude objects located under the 'My Unit 2' OU
$ouDN = "OU=My Unit 2,DC=company,DC=com"
$ou = $admService.OpenObject("Adaxes://$ouDN", $NULL, $NULL, 0)
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER")
$rule.Exclude = $True
$rule.Container = $ou
$rule.Scope = "ADS_SCOPE_SUBTREE"
$rules.Add($rule)
$myBusinessUnit.SetMembershipRules($rules)
$myBusinessUnit.SetInfo()
The following code sample shows how to include or exclude AD objects that match certain search criteria from a business unit.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")
# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")
# Bind to the business unit
$businessUnitsPath = $admService.Backend.GetConfigurationContainerPath(
"BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
$businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
"CN=My Unit")
$myBusinessUnit = $admService.OpenObject($myBusinessUnitAdsPath, $NULL, $NULL, 0)
$rules = $myBusinessUnit.GetMembershipRules()
# Include users from the Sales department
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY")
$rule.Exclude = $False
$rule.BaseObjectPath = $NULL
$rule.Scope = "ADS_SCOPE_SUBTREE"
$rule.Filter = "(&(department=Sales)(objectClass=user)(objectCategory=person))"
$rules.Add($rule)
# Exclude users from the IT department
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY")
$rule.Exclude = $True
$rule.BaseObjectPath = $NULL
$rule.Scope = "ADS_SCOPE_SUBTREE"
$rule.Filter = "(&(department=IT)(objectClass=user)(objectCategory=person))"
$rules.Add($rule)
$myBusinessUnit.SetMembershipRules($rules)
$myBusinessUnit.SetInfo()
See also
- Managing business units
- Binding to Adaxes-specific objects
- Managing Adaxes-specific objects
- IAdmBusinessUnit
- IAdmBusinessUnitSpecificObjectRule
- IAdmBusinessUnitSpecificObjectRule2
- IAdmBusinessUnitContainerRule
- IAdmBusinessUnitContainerRule2
- IAdmBusinessUnitGroupRule
- IAdmBusinessUnitGroupRule2
- IAdmBusinessUnitQueryRule
- IAdmBusinessUnitQueryRule2
- Online script repository