OpenText product name changes coming to the community soon! Learn more.

Wikis - Page

Get DRA dynamic groups and LDAP filters

0 Likes

PowerShell script for getting DRA dynamic groups and their LDAP filters:

#requires -version 3

[CmdletBinding()]
param(
  [Parameter(Mandatory)]
  [String]
  $DRAServerName
)

$AD_LDS_PORT = 50000

$CurrentDomainDC = [DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() |
  Select-Object -ExpandProperty DomainControllers |
  Select-Object -First 1 |
  Select-Object -ExpandProperty Name
if ( $null -eq $CurrentDomainDC ) {
  return
}  

function Get-DRADynamicGroupLDAPFilter {
  param(
    [String]
    $filterGUID
  )
  ([ADSI] ("LDAP://{0}:{1}/CN={2},CN=MemberFilter,CN=DRADynamicGroup,DC=DRA,DC=COM" -f
    $DRAServerName,$AD_LDS_PORT,$filterGUID)).Get("dRA-DG-lDAPFilter")
}

$DynamicGroupRoot = [ADSI] ("LDAP://{0}:{1}/CN=DRADynamicGroup,DC=DRA,DC=COM" -f
  $DRAServerName,$AD_LDS_PORT)
if ( $null -eq $DynamicGroupRoot ) {
  return
}
$Searcher = [ADSISearcher] $DynamicGroupRoot
$Searcher.Filter = "(&(objectClass=dRA-DYNC-GROUP))"
$Searcher.PropertiesToLoad.AddRange(@("cn","dRA-DG-memberFilter"))
try {
  $SearchResults = $Searcher.FindAll()
  foreach ( $SearchResult in $SearchResults ) {
    $GroupGUID = $SearchResult.Properties["cn"][0] `
      -replace '^{','' -replace '}$',''
    $Group = [ADSI] ("LDAP://{0}/<GUID={1}>" -f
      $CurrentDomainDC,$GroupGUID)
    if ( $null -ne $Group ) {
      $LDAPFilter = Get-DRADynamicGroupLDAPFilter `
        $SearchResult.Properties["dRA-DG-memberFilter"][0]
      [PSCustomObject] @{
        "distinguishedName" = $Group.Get("distinguishedName")
        "name"              = $Group.Get("name")
        "sAMAccountName"    = $Group.Get("sAMAccountName")
        "LDAPFilter"        = $LDAPFilter
      }
    }
  }
}
finally {
  $SearchResults.Dispose()
}

Labels:

How To-Best Practice
Support Tips/Knowledge Docs
Comment List
Related
Recommended