Posts RSS Comments RSS 249 Posts and 391 Comments till now

Archive for August, 2009

blog: Getting AD Schema information from Powershell

The other day a friend asked me how I would get Active Directory Schema information using Powershell. I knew of the schema property on the DirectoryServices.ActiveDirectory.Forest class and that is where I started.

Initially I just called the static method GetCurrentForest on the Forest class and then accessed the schema using the property like this. 
  1. $Forest = [DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
  2. $Forest.Schema
This worked find and gave me the Schema object I was after but information I got back was minimal. It only returned Schema Role Owner and the Distinguished Name. I found that if you want to get real data like the classes and properties you needed to call methods on object (DirectoryServices.ActiveDirectory.ActiveDirectorySchema) returned from Schema property.

At this point it is not all that complicated but I thought it would be nice to have functions that would abstract all this.

Below is a couple of functions you may find useful. They work both V1 and V2 of Powershell.

Get-Forest : Gets the Forest Object
- DomainController [optional] - DNS Name of the Host to connect to
- Credential [optional] - Network credentials to use.

Get-ADSchema : Gets the Schema
- DomainController [optional] - DNS Name of the Host to connect to
- Credential [optional] - Network credentials to use.

Get-ADSchemaClass : Gets a specific Schema Class
- Class [optional] - Class Object to get (Default is all)
- DomainController [optional] - DNS Name of the Host to connect to
- Credential [optional] - Network credentials to use.

Get-ADSchemaProperty : Gets a specific Schema Property
- Property [optional] - Property to get (Default is all)
- DomainController [optional] - DNS Name of the Host to connect to
- Credential [optional] - Network credentials to use.

NOTE: These will be included in my "Soon to be available" BSONPOSH module (v2 only.) 
  1. function Get-Forest
  2. {
  3.     Param($DomainController,[Management.Automation.PSCredential]$Credential)
  4.  
  5.     if(!$DomainController)
  6.     {
  7.         [DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
  8.         return
  9.     }
  10.  
  11.     if($Creds)
  12.     {
  13.         $Context = new-object DirectoryServices.ActiveDirectory.DirectoryContext("DirectoryServer",$DomainController,$Creds.UserName,$Creds.GetNetworkCredential().Password)
  14.     }
  15.     else
  16.     {
  17.         $Context = new-object DirectoryServices.ActiveDirectory.DirectoryContext("DirectoryServer",$DomainController)
  18.     }
  19.     [DirectoryServices.ActiveDirectory.Forest]::GetForest($Context)
  20. }
  1. function Get-ADSchema
  2. {
  3.     Param($DomainController,[Management.Automation.PSCredential]$Credential)
  4.     if($DomainController -and !$Credential)
  5.     {
  6.         $Forest = Get-Forest -DNSName $DomainController
  7.     }
  8.     elseif($DomainController -and $Credential)
  9.     {
  10.         $Forest = Get-Forest -DNSName $DomainController -Credential $Credential
  11.     }
  12.     else
  13.     {
  14.         $Forest = Get-Forest
  15.     }
  16.     $Forest.Schema
  17. }
  1. function Get-ADSchemaClass
  2. {
  3.     Param($Class = ".*",$DomainController,[Management.Automation.PSCredential]$Credential)
  4.  
  5.     if($DomainController -and !$Credential)
  6.     {
  7.         $Forest = Get-Forest -DNSName $DomainController
  8.     }
  9.     elseif($DomainController -and $Credential)
  10.     {
  11.         $Forest = Get-Forest -DNSName $DomainController -Credential $Credential
  12.     }
  13.     else
  14.     {
  15.         $Forest = Get-Forest
  16.     }
  17.  
  18.     $Forest.Schema.FindAllClasses() | ?{$_.Name -match "^$Class`$"}
  19. }
  1. function Get-ADSchemaProperty
  2. {
  3.     Param($Property = ".*",$DomainController,[Management.Automation.PSCredential]$Credential)
  4.  
  5.     if($DomainController -and !$Credential)
  6.     {
  7.         $Forest = Get-Forest -DNSName $DomainController
  8.     }
  9.     elseif($DomainController -and $Credential)
  10.     {
  11.         $Forest = Get-Forest -DNSName $DomainController -Credential $Credential
  12.     }
  13.     else
  14.     {
  15.         $Forest = Get-Forest
  16.     }
  17.  
  18.     $Forest.Schema.FindAllProperties() | ?{$_.Name -match "^$Property`$"}
  19.  
  20. }

tshell :: Aug.25.2009 :: Active Directory, All :: No Comments »

Windows 7 RSAT Tools RTM version now available for download

Remote Server Administration Tools for Windows 7

tshell :: Aug.17.2009 :: All :: No Comments »

Windows 2008 R2 RTM availble now on MSDN

Yippeee!

tshell :: Aug.14.2009 :: All :: No Comments »

Powershell V2 RC for Vista/2008

Download here Windows Management Framework Release Candidate
PowerShell 2.0 and WinRM 2.0 Package with Release Notes

tshell :: Aug.14.2009 :: All :: No Comments »

Win7 Released to MSDN/Technet

Go get it… later after I am done downloading :)

tshell :: Aug.06.2009 :: All :: No Comments »