Using value references in membership rules
The following code sample includes the user's manager and excludes the user themselves from a business unit.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")
# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")
# Bind to the business unit
$businessUnitsPath = $service.Backend.GetConfigurationContainerPath(
"BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
$businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
"CN=My Unit")
$myBusinessUnit = $service.OpenObject($myBusinessUnitAdsPath, $null, $null, 0)
$rules = $myBusinessUnit.GetMembershipRules()
# Include the user's manager
$includeRule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$includeRule.ObjectDnTemplate = "%manager%"
$includeRule.Exclude = $false
$rules.Add($includeRule)
# Exclude the user's account
$excludeRule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_SPECIFIC")
$excludeRule.ObjectDnTemplate = "%distinguishedName%"
$excludeRule.Exclude = $true
$rules.Add($excludeRule)
$myBusinessUnit.SetMembershipRules($rules)
$myBusinessUnit.SetInfo()
The following code sample includes members of the group with the name consisting of the user's department plus 'Managers' (e.g. HRManagers), located in container Users into a business unit.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")
# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")
# Bind to the business unit
$businessUnitsPath = $service.Backend.GetConfigurationContainerPath(
"BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
$businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
"CN=My Unit")
$myBusinessUnit = $service.OpenObject($myBusinessUnitAdsPath, $null, $null, 0)
$rules = $myBusinessUnit.GetMembershipRules()
$groupDnTemplate = "CN=%department%Managers,CN=Users,DC=domain,DC=com"
# Include group members
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_GROUP")
$rule.GroupDnTemplate = $groupDnTemplate
$rule.Exclude = $false
$rule.IncludeDirectMembersOnly = $false
$rules.Add($rule)
$myBusinessUnit.SetMembershipRules($rules)
$myBusinessUnit.SetInfo()
The following code sample includes objects contained in the organizational unit with name My OU located in the user's organizational unit into a business unit.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")
# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")
# Bind to the business unit
$businessUnitsPath = $service.Backend.GetConfigurationContainerPath(
"BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
$businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
"CN=My Unit")
$myBusinessUnit = $service.OpenObject($myBusinessUnitAdsPath, $null, $null, 0)
$rules = $myBusinessUnit.GetMembershipRules()
$ouDnTemplate = "OU=My OU,%adm-ParentDN%"
# Include OU children
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_CONTAINER")
$rule.ContainerDnTemplate = $ouDnTemplate
$rule.Exclude = $false
$rule.Scope = "ADS_SCOPE_SUBTREE"
$rules.Add($rule)
$myBusinessUnit.SetMembershipRules($rules)
$myBusinessUnit.SetInfo()
The following code sample includes user accounts located in the user's organizational unit whose manager is the same as the manager of the user into a business unit.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")
# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")
# Bind to the business unit
$businessUnitsPath = $service.Backend.GetConfigurationContainerPath(
"BusinessUnits")
$businessUnitsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
$businessUnitsPath
$myBusinessUnitAdsPath = $businessUnitsPathObj.CreateChildPath( `
"CN=My Unit")
$myBusinessUnit = $service.OpenObject($myBusinessUnitAdsPath, $null, $null, 0)
$rules = $myBusinessUnit.GetMembershipRules()
# Include users by Query Rule
$rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY")
$rule.BaseObjectDnTemplate = "%adm-ParentDN%"
$rule.Exclude = $false
$rule.Scope = "ADS_SCOPE_SUBTREE"
$criteria = New-AdmCriteria "user" {manager -eq "%manager%"}
$rule.SetCriteria($criteria)
$rules.Add($rule)
$myBusinessUnit.SetMembershipRules($rules)
$myBusinessUnit.SetInfo()
See also
- Defining membership rules using templates
- IAdmBusinessUnit
- IAdmBusinessUnitSpecificObjectRule
- IAdmBusinessUnitContainerRule
- IAdmBusinessUnitGroupRule
- IAdmBusinessUnitQueryRule
- Online script repository