MIM 2016: Perform AD Functions in FIM/MIM Workflow without importing the AD PS Module – Part II

See PART I for details or history

For MoveADUser use

Function MoveADObject
{
PARAM($FilterString,$NewOU)
END
{
$strFilter = $FilterString
#$strFilter = “((samaccountname=$myAccountName))”
$objDomain=$null
$objSearcher=$null
Try{
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = “Subtree”
$existingObject = $objSearcher.FindAll()
If ($existingObject.count -ne 1)
{
throw (“Error getting the user in AD, User not found or more than one: ” + $strFilter)
}
Else
{
#This works only in PS 3 or greater – $myuser=$existingObject.GetDirectoryEntry()
#use this –
[String]$adspath=$existingobject[0].path
$MyUser=[ADSI](“$ADSPath”)
$MyNewOU = [ADSI](“LDAP://$NewOU”)
$MyUser.PSBase.moveto($MyNewOU)
}
}
Finally{
#Dispose the searcher to prevent memory leak
if ($objDomain -ne $null)
{
$objDomain.Dispose()
}
if ($objSearcher -ne $null)
{
$objSearcher.Dispose()
}
}
}

For DisableADUser use

Function DisableADObject
{
PARAM($FilterString)
END
{
$strFilter = $FilterString
#$strFilter = “((samaccountname=$myAccountName))”
$objDomain=$null
$objSearcher=$null
Try{
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = “Subtree”
$existingObject = $objSearcher.FindAll()
If ($existingObject.count -ne 1)
{
throw (“Error getting the user in AD, User not found or more than one: ” + $strFilter)
}
Else
{
#This works only in PS 3 or greater – $myuser=$existingObject.GetDirectoryEntry()
#use this –
[String]$adspath=$existingobject[0].path
$MyUser=[ADSI](“$ADSPath”)
$MyUser.userAccountControl = 514

$User.psbase.commitchanges()
}
}
Finally{
#Dispose the searcher to prevent memory leak
if ($objDomain -ne $null)
{
$objDomain.Dispose()
}
if ($objSearcher -ne $null)
{
$objSearcher.Dispose()
}
}
}