Skip to main content

Articles in this section

See more
Print

How to limit scope of object pickers in web actions

  • Updated

How to limit scope of object pickers in web actions

Summary: When delegating commands like Add to Groups, Membership and Properties > Member Of tab for My AD Users and My AD Groups web queries in Self-service, by default, the delegated person would be able to select Active Directory uses and groups from the whole domain and add or remove them from the groups.

This article describes a workaround on how to limit the search scope for the AD groups picker for the Self-Service > My AD Groups > Membership web action with the specified OUs.

Applies to: Cayosoft Administrator 10.x or later.

Overview

To limit the scope of object pickers you should update the AD Groups picker and Membership web action with the script below. In the script specify the DistinguishedName of the OUs that you need to include in the search:

Copy
{$AllowedOUs=@("OU=OU1,DC=cayotest,DC=net","OU=OU2,DC=cayotest,DC=net");if($CayoWebViewId -eq 'd7107290-0bbc-4700-ab7e-c2af05769422'){ ($AllowedOUs | %{$tokens=@()}{$tokens+="msDS-parentdistname -eq ""$_""" }{[scriptblock]::Create([string]::Join(" -or ",$tokens))}) }else{ $Null }}.InvokeReturnAsIs()

where

d7107290-0bbc-4700-ab7e-c2af05769422 

is the RuleId of the My AD Groups web query.

NOTE: The msDS-partentdistname attribute was added in Server 2012R2. At least one Domain Controller should run 2012 R2. The msDS-parentdistname attribute doesn't support sub-tree search and returns only users directly in the specified OU.

Configuration

  1. In the Cayosoft Administrator Console, navigate to Configuration > Web Portal > Virtual Admin Units > Self-Service > My AD Groups.

  2. Enable  Design Mode. Learn more in: Design Mode.

  3. Copy RuleId and paste it into the script.

  4. Navigate to Configuration > Web Portal > Virtual Admin UnitsObject Pickers > AD Groups.

  5. Open the More Options section and copy/paste the script to the Additional Query Criteria.

  6. Save changes.

  7. Navigate to Configuration > Web Portal > Web Actions > Active Directory > Membership.

  8. Open the More Options section and copy/paste the script to the Additional Query Criteria.

  9. Save changes.

 

© Copyright 2013-2026 Cayosoft Inc. All rights reserved.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.