Posts RSS Comments RSS 253 Posts and 408 Comments till now

Dealing iADSLargeInteger in Powershell

I have spent some time recently working with attributes in AD that get returned as iADSLargeInteger. This has been problematic as Powershell does not natively support iADSLargeInteger. In my travels I have come across three different ways of getting this information (four if you consider using reflection,) but after much discussion on the NG (news group) and on IRC I think the best option is using System.DirectoryServices.DirectorySearcher.

Lets review the 4 options:

1) Use a thirdparty Snap-in that uses ActiveDS.dll like this one from MoW iADSLargeInteger Snap-in.

2) You can use VBScript Engine in Powershell Like this

function Convert-iADSLargeIntPropertyToInt64{
    param([string]$prop,[string]$ldapPath,[string]$server=([ADSI]"LDAP://rootdse").dnshostname,[switch]$verbose)
    $statement=@"
Set objType = getObject("
"LDAP://$server/$ldapPath"")
Set objProp = objType.Get("
$prop")
result = objProp.HighPart * (2^32) + objProp.LowPart
"
@
    if($verbose)
    {
        Write-Host "+ Running Convert on $server"
        Write-Host "  - Property  : $Prop"
        Write-Host "  - Path      : "$ldapPath`""
        Write-Host "  - Statement : $statement"
    }
    $vbs = new-object -com MSScriptControl.ScriptControl
    $vbs.language = ‘vbscript’
    $vbs.ExecuteStatement($statement)
    [int64]$value = $vbs.Eval("result")
    return $value
}
 

3) Use System.DirectoryServices.DirectorySearcher MDSN Link

function Get-iADSLargeIntFromSearcher{
    param([string]$LdapPath,[string]$attribute = $(throw "Attribute Required"),[string]$server,[switch]$date)
    if($server){$de = [ADSI]"LDAP://$server/$LdapPath"}
    else{$de = [ADSI]"LDAP://$LdapPath"}
    $return = new-object system.DirectoryServices.DirectorySearcher($de)
    $value = ($return.findone()).properties[$attribute.ToLower()]
    if( $date)
    {
        [datetime]::FromFileTime([int64]::Parse($value))
    }
    else
    {
        $value
    }
}

4) I wont go in to much detail using Reflection, but it is still valid option. Get more info HERE. The function below is a MoW version.

function ConvertADSLargeInteger([object]$adsLargeInteger)
{
    $highPart = $adsLargeInteger.GetType().InvokeMember("HighPart",‘GetProperty’, $null, $adsLargeInteger, $null)
    $lowPart  = $adsLargeInteger.GetType().InvokeMember("LowPart",‘GetProperty’, $null, $adsLargeInteger, $null)

    $bytes = [System.BitConverter]::GetBytes($highPart)
    $tmp   = [System.Byte[]]@(0,0,0,0,0,0,0,0)
    [System.Array]::Copy($bytes, 0, $tmp, 4, 4)
    $highPart = [System.BitConverter]::ToInt64($tmp, 0)

    $bytes = [System.BitConverter]::GetBytes($lowPart)
    $lowPart = [System.BitConverter]::ToUInt32($bytes, 0)

    return $lowPart + $highPart
}

Here is a list of attributes that are stored as iADSLargeInteger. I used the function at the bottom to generate this list.
—————–
accountExpires
aCSAggregateTokenRatePerUser
aCSAllocableRSVPBandwidth
pekKeyChangeInterval
aCSMaxAggregatePeakRatePerUser
aCSMaxPeakBandwidth
aCSMaxPeakBandwidthPerFlow
aCSMaxTokenBucketPerFlow
uSNChanged
aCSMaxTokenRatePerFlow
uSNCreated
aCSMaximumSDUSize
uSNDSALastObjRemoved
aCSMinimumDelayVariation
aCSMinimumLatency
uSNLastObjRem
aCSMinimumPolicedSize
uSNSource
aCSNonReservedMaxSDUSize
aCSNonReservedMinPolicedSize
aCSNonReservedPeakRate
aCSNonReservedTokenSize
aCSNonReservedTxLimit
aCSNonReservedTxSize
aCSPermissionBits
mS-SQL-Memory
mS-SQL-Status
mS-SQL-Size
lastBackupRestorationTime
lastContentIndexed
lastLogoff
lastLogon
lastLogonTimestamp
lastSetTime
badPasswordTime
builtinCreationTime
builtinModifiedCount
priorSetTime
msWMI-Int8Default
lockOutObservationWindow
msWMI-Int8Max
lockoutDuration
msWMI-Int8Min
msWMI-Int8ValidValues
lockoutTime
privilegeValue
lSACreationTime
lSAModifiedCount
proxyLifetime
machinePasswordChangeInterval
pwdLastSet
maxPwdAge
maxRenewAge
maxStorage
maxTicketAge
creationTime
rIDAllocationPool
rIDAvailablePool
rIDPreviousAllocationPool
minPwdAge
rIDUsedPool
minTicketAge
modifiedCount
modifiedCountAtLastProm
dhcpFlags
dhcpMaxKey
dhcpUniqueKey
dhcpUpdateTime
msDS-Cached-Membership-Time-Stamp
forceLogoff
timeRefresh
timeVolChange
——————-

function Get-iADSLargeIntegerAttribute{
    param([string]$domain)
    if($domain){$rootDSE = [ADSI]"LDAP://$Domain/rootDSE"}
    else{$rootDSE = [ADSI]"LDAP://rootDSE"}
    $schema  = [ADSI]"LDAP://$($rootDSE.schemaNamingContext)"
    $filter = "(&(objectclass=attributeschema)(attributesyntax=2.5.5.16)(omsyntax=65))"
    $props = ("ldapdisplayname")
    $dsearcher = new-Object System.DirectoryServices.DirectorySearcher($schema,$filter,$props)
    $dsearcher.findall() | %{Write-Output "$($_.Properties['ldapdisplayname'])"}
}
 

UPDated highlighting Code

One Response to “Dealing iADSLargeInteger in Powershell”

  1. on 13 Aug 2007 at 2:27 pm/\/\o\/\/

    Hiya BS,

    for who wants some more backgound about the problem behind, see this newsgrouptread about it :

    http://groups.google.nl/group/microsoft.public.windows.server.scripting/browse_thread/thread/7855548c86c5d015/c43591fcf0347f29?lnk=st&q=%5BMSH%5D+accesing+IADsLargeInteger&rnum=1&hl=nl#c43591fcf0347f29

    Enjoy,
    Greetings /\/\o\/\/

Trackback this post | Feed on Comments to this post

Leave a Reply

You must be logged in to post a comment.