Cybersecurity
DevOps Cloud
IT Operations Cloud
OpenText product name changes coming to the community soon! Learn more.
PowerShell script for getting DRA dynamic groups and their LDAP filters:
#requires -version 3 [CmdletBinding()] param( [Parameter(Mandatory)] [String] $DRAServerName ) $AD_LDS_PORT = 50000 $CurrentDomainDC = [DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() | Select-Object -ExpandProperty DomainControllers | Select-Object -First 1 | Select-Object -ExpandProperty Name if ( $null -eq $CurrentDomainDC ) { return } function Get-DRADynamicGroupLDAPFilter { param( [String] $filterGUID ) ([ADSI] ("LDAP://{0}:{1}/CN={2},CN=MemberFilter,CN=DRADynamicGroup,DC=DRA,DC=COM" -f $DRAServerName,$AD_LDS_PORT,$filterGUID)).Get("dRA-DG-lDAPFilter") } $DynamicGroupRoot = [ADSI] ("LDAP://{0}:{1}/CN=DRADynamicGroup,DC=DRA,DC=COM" -f $DRAServerName,$AD_LDS_PORT) if ( $null -eq $DynamicGroupRoot ) { return } $Searcher = [ADSISearcher] $DynamicGroupRoot $Searcher.Filter = "(&(objectClass=dRA-DYNC-GROUP))" $Searcher.PropertiesToLoad.AddRange(@("cn","dRA-DG-memberFilter")) try { $SearchResults = $Searcher.FindAll() foreach ( $SearchResult in $SearchResults ) { $GroupGUID = $SearchResult.Properties["cn"][0] ` -replace '^{','' -replace '}$','' $Group = [ADSI] ("LDAP://{0}/<GUID={1}>" -f $CurrentDomainDC,$GroupGUID) if ( $null -ne $Group ) { $LDAPFilter = Get-DRADynamicGroupLDAPFilter ` $SearchResult.Properties["dRA-DG-memberFilter"][0] [PSCustomObject] @{ "distinguishedName" = $Group.Get("distinguishedName") "name" = $Group.Get("name") "sAMAccountName" = $Group.Get("sAMAccountName") "LDAPFilter" = $LDAPFilter } } } } finally { $SearchResults.Dispose() }