
close
close
Chance to win $250 in Petri 2023 Audience Survey
In a previous article, we began looking at alternative ways to manage Active Directory (AD) with PowerShell using an ADSI type of accelerator and the WinNT moniker. One advantage is that with WinNT you do not need to know any details about what you are querying. You do not need to know what OU or container and object might reside because it does not matter. Everything via WinNT is relatively flat. You will not have access to the AD properties that you probably want to use. So let’s see what we can do with the LDAP moniker, starting at the domain level.
[ADSI]$domain = "LDAP://DC=globomantics,DC=local"
As before, the LDAP moniker is case-sensitive. All you need to do is specify the distinguished name of the object you want to access. In this case, it is my domain. This object has much more detail.
LDAP Domain Object (Image Credit: Jeff Hicks)
$domain | Select @{Name = "Name";Expression = {$_.Name.value}}, @{Name = "DN";Expression = {$_.DistinguishedName.value}}, @{Name = "Created";Expression = {$_.whencreated.value}}, @{Name = "Modified";Expression = {$_.whenchanged.value}}
Selecting Domain Properties (Image Credit: Jeff Hicks)
Raw Domain Password Properties (Image Credit: Jeff Hicks)
$domain.ConvertLargeIntegerToInt64($domain.minPwdAge.value)
If for some reason you have an older version of PowerShell without this method, you can use this function instead:
Function Convert-ADSLargeInteger { # Take a large value integer and return a 32 bit value [cmdletbinding()] Param( [Parameter(Position = 0, Mandatory)] [object]$adsLargeInteger ) $highPart = $adsLargeInteger.GetType().InvokeMember("HighPart",'GetProperty',$null, $adsLargeInteger, $null) $lowPart = $adsLargeInteger.GetType().InvokeMember("LowPart",'GetProperty', $null, $adsLargeInteger, $null) $bytes = [System.BitConverter]::GetBytes($highPart) $tmp = [System.Byte[]]@(0,0,0,0,0,0,0,0) [System.Array]::Copy($bytes, 0, $tmp, 4, 4) $highPart = [System.BitConverter]::ToInt64($tmp, 0) $bytes = [System.BitConverter]::GetBytes($lowPart) $lowPart = [System.BitConverter]::ToUInt32($bytes, 0) Write-Output ($lowPart + $highPart) }
Do not worry too much about understanding how all of this works. It just does.
Converting large Integers (Image Credit: Jeff Hicks)
$t = ($domain.ConvertLargeIntegerToInt64($domain.minPwdAge.value) /10000000 (new-timespan -seconds $t).ToString() #result: -1.00:00:00
With this concept, I can use PowerShell code to display more meaningful results.
$domain | Select @{Name = "Domain";Expression = {$_.Name.value}}, @{Name = "pwdHistoryLength";Expression = { $_.pwdHistoryLength}}, @{name = "minPwdAge";Expression = { new-timespan -seconds (($_.ConvertLargeIntegerToInt64($_.minPwdAge.value)) /10000000)}}, @{name = "maxPwdAge";Expression = { new-timespan -seconds (($_.ConvertLargeIntegerToInt64($_.minPwdAge.value)) /10000000)}}
Formatted Password Properties (Image Credit: Jeff Hicks)
LDAP Child Objects (Image Credit: Jeff Hicks)
Listing Domain OUs (Image Credit: Jeff Hicks)
[ADSI]$employees = "LDAP://ou=employees,dc=globomantics,dc=local"
An OU ADSI Object (Image Credit: Jeff Hicks)
Getting OU Children (Image Credit: Jeff Hicks)
$employees.children.where({$_.schemaclassname -eq 'user'}) | Select DistinguishedName,sAMAccountName,Name,GivenName,Sn,Title,Description,WhenCreated,WhenChanged
OU User Accounts (Image Credit: Jeff Hicks)
More in PowerShell
Most popular on petri