• Products
    • View all products
    • Free trials
  • Solutions
    • All Solutions
    • All Integrations
  • Resources
    • All Resources
    • Learning Hub
  • Trials
  • Support
    • Support Home
    • By Product
      • All Products
      • Active Roles
      • Authentication Services
      • Cloud Access Manager
      • Defender
      • Identity Manager
      • Password Manager
      • Safeguard
      • Starling Identity Analytics & Risk Intelligence
      • Starling Two-Factor Authentication
      • TPAM Appliance
    • Contact Support
      • Overview
      • Customer Service
      • Licensing Assistance
      • Renewal Assistance
      • Technical Support
    • Download Software
    • Knowledge Base
    • My Account
      • My Products
      • My Service Requests
      • My Licenses
      • My Groups
      • My Profile
    • Policies & Procedures
    • Professional Services
    • Technical Documentation
    • One Identity University
    • User Forums
    • Video Tutorials
  • Partners
    • Overview
    • Partner Circle Log In
    • Become a Partner
    • Find a Partner
    • Partner Community
  • Communities
    • Home
    • Blogs
      • Blogs A to Z
      • One Identity Community
      • AD Account Lifecycle Management
      • Cloud
      • Identity Governance & Administration
      • Privileged Access Management
      • syslog-ng Community
    • Forums
      • All Product Forums
      • Active Roles
      • Identity Manager
      • Password Manager
      • Safeguard
      • Unix Access Management
    • Social Networks
      • Facebook
      • LinkedIn
      • Twitter
      • YouTube
One Identity Community
One Identity Community
  • Site
  • User
  • Site
  • Search
  • User
Active Roles Community
Active Roles Community
Wiki Functions for creation of Policy links
  • Forum
  • Ideas
  • Wiki
  • More
  • Cancel
  • New
  • -Active Roles Script Center
    • +Active Roles Script Policy Best Practices
    • Active Roles SDK
    • +C#
    • +JavaScript
    • -PowerShell
      • PowerShell Library Source Code
      • -PowerShell samples
        • Alert on pending approval request expiration
        • Building a Managed Unit Dynamically
        • Calculate user mailbox size
        • Checking the uniqueness of a property
        • Create Dynamic Group in PowerShell
        • Export Domain Users to a .csv file
        • Functions for creation of Policy links
        • Get Active Roles Management Shell Module version (with build number)
        • Home Folder Move with User Moves
        • How to schedule the Active Roles Management shell
        • Populating a custom Virtual Attribute with a readable accountExpires timestamp using an Active Roles Policy Script
        • PowerShell: Update Property Generation and Validation policy with a new possible value list
        • Random Password Generation
        • Renaming a user post-creation
        • Working with the mS-DS-ConsistencyGuid attribute
    • +VBScript

You are currently reviewing an older revision of this page.

  • History View current version

Functions for creation of Policy links

Back to PowerShell samples

This set of functions allow the creation of new policy links and blocking of existing policy links via powershell.

EG to create a new policy link to the policy "My User Check" on the Account OU

CreatePOLink -PolicyObjectIdentity "My User Check" -ObjectToApplyDN "OU=Accounts, dc=mydomain, dc=com"

To block a link or inherited link BlockPOLink -PolicyObjectIdentity "My User Check" -ObjectToApplyDN "OU=Accounts, dc=mydomain, dc=com"

function GetNewGuid {

return [System.Guid]::NewGuid().tostring()

}

  1. Creates a Policy Object Link
  2. Parameters
  3. PolicyObjectIdentity : Name, DN or cn of policy object
  4. ObjectToApplyDN : DN of container
  5. Blocked : True or false .Is it to be created as a blocked policy

Function CreatePOLInk {

param ( [string]$PolicyObjectIdentity,

[string]$ObjectToApplyDN,

[boolean]$Blocked=$false )

# Set the parent container

$APLinksContainerDN="CN=AP Links,CN=Configuration"

# Get a new guid

$APLinkName=GetNewGuid

if ($Blocked){

$APLinkName=$APLInkName + '[Blocked]'

}

# Get the Policy Object Guid

$PolicyObject=get-qadObject $PolicyObjectIdentity -DontUseDefaultIncludedProperties

$APOGuid=$policyObject.Guid.toByteArray()

# Get the Managed Object Guid

$ManagedObject=get-qadObject $ObjectToApplyDN -DontUseDefaultIncludedProperties

$SecObjectGuid=$ManagedObject.Guid.toByteArray()

# Now create the link

$newObj=new-qadobject -parentcontainer $APLInksContainerDN -type 'edsPolicyObjectLink' -name $APlinkName -ObjectAttributes @{"edsaAPOGUID"=$APOGuid;"edsaSecObjectGuid"=$SecObjectGuid;"edsaBlockingLink"=$Blocked}

$NewObj

}

Function BlockPOLink {

param ( [string]$PolicyObjectDN,

[string]$ObjectToApplyDN

)

# Set the parent container

$APLinksContainerDN="CN=AP Links,CN=Configuration"

# Get the Policy Object Guid

$PolicyObject=get-qadObject $PolicyObjectDN -DontUseDefaultIncludedProperties

$APOGuid=$policyObject.Guid.tostring()

write-host ("Policy Object Guid : $APOGuid")

# Get the Managed Object Guid

$ManagedObject=get-qadObject $ObjectToApplyDN -DontUseDefaultIncludedProperties

$SecObjectGuid=$ManagedObject.Guid.tostring()

write-host ("Security Object Guid : $SecObjectGuid")

$ldapFilter="(&(edsaSecObjectGUID=$SecObjectGuid)(edsaAPOGUID=$APOGuid))"

write-host ("Searching for POLink $ldapFilter")

# Get the link for the object

$POLInk=get-qadobject -searchroot $APLinksContainerDN -ldapfilter $ldapFilter

write-host ("Found Link : $POLink")

# Does the link exist ?

# If not then create the blocked link

if ($POLink -eq $null){

write-host ("Creating blocked link : $PolicyObjectDN for container $ObjectToApplyDN")

$POLink=CreatePOLink -PolicyObjectDN $PolicyObjectDN -ObjectToApplyDN $ObjectToApplyDN -Blocked $true

write-host ("Created Link : $POLink")

$Set=set-qadobject -identity $POLink -ObjectAttributes @{"edsaBlockinglink"=$true}

}

else{

$set=set-qadobject -identity $POLink -ObjectAttributes @{"edsaBlockinglink"=$true}

}

}

Back to PowerShell samples

  • Company
    • About Us
    • Buy
    • Careers
    • Contact Us
    • News
  • Resources
    • Blogs
    • Customer Stories
    • Documents
    • Events
    • Videos
  • Support
    • Professional Services
    • Renew Support
    • Technical Support
    • One Identity University
    • Support Service
  • Social Networks
    • Facebook
    • Instagram
    • LinkedIn
    • Twitter
    • YouTube
  • © 2025 One Identity LLC. ALL RIGHTS RESERVED.
  • Legal
  • Terms of Use
  • Privacy
  • Community Feedback & Support
  • Cookie Preference Center