Hi Guys,
We use ILM in one of our domains to sync users to our test domain. I have defined a special attribute called extensionattribute6 to defy which user acocunts should be
synchronized to test domain. I have setup a security groups and scheduled a job to do the following every night:
get-qadgroupmember "cn=Access to TESTDOMAIN1,ou=groups,dc=COMPANY,dc=NET" -indirect -sizelimit 9999999 | % {set-qaduser $_.samaccountname -objectAttribute @{"extensionAttribute6"="TESTDOMAIN1"}}
So, if a user account is added to the Access group it would be picked up by the above job and a value of TESTDOMAIN1 would be assigned to it. This eventually
trigers ILM to sync that user into TESTDOMAIN1.
Now, I have setup a TESTDOMAIN2 and need to start synchronizing users into that domain as well. I was wondering if someone would be able to help me with the scripting?
1. Condition A:
get-qadgroupmember "cn=Access to TESTDOMAIN1,ou=groups,dc=COMPANY,dc=NET" -indirect -sizelimit 9999999 | % {set-qaduser $_.samaccountname -objectAttribute @{"extensionAttribute6"="TESTDOMAIN1"}}
2. Condition B:
IF a user account has "extensionAttribute6"="TESTDOMAIN1" THEN set "extensionAttribute6"="TESTDOMAIN1, TESTDOMAIN2"
3. Condition C:
IF a user account has "extensionAttribute6"="TESTDOMAIN2" THEN set "extensionAttribute6"="TESTDOMAIN2, TESTDOMAIN1"
But how to put all these three conditions together??!!